Preventing board spammers

340bf64ac6abda6e40f7e860279823cb
0
_oisyn 101 Jul 28, 2009 at 12:22

We’ve all seen the spammers kicking old threads every once in a while. Usually the devmaster staff is able to remove the post in a reasonable timeframe, but I was wondering if anything can be done to prevent it from happening altogether.

Before going further, I would like point out that whether we _should_ do anything to prevent spamming is another question altogether. I don’t see that much spamming here to the level that it is unworkable, and the time taken to implement any anti-spamming scheme might outweigh the actual discomfort that the spammers are giving us. Yet, I think anti spamming techniques are an interesting subject, which is one of the reasons why I’m opening this topic. So please, keep an open mind :P.

When analysing some of the spam messages, I noticed some things.
- The threads posted to are mostly not recent. The IDs seem particularly random. This makes it look automated.
- The posts are made in quick succession, with about 2 or 3 posts per minute.
- The posts are obviously not related to the thread, nor even to game development in general, and always contain one or more links to other sites. Although this information probably can’t be used without being able to semantically parse forum posts, which is completely different topic of research :P

Now, even though the posting itself seems automated, I wonder whether that also applies to creating the actual account. The registration procedure contains a captcha (although that doesn’t necessarily mean it can’t be “broken”), and the recent spammers seem to have taken the liberty to enter at least *some* data in the optional personal info fiels.

Of course, I have no data on the actual time spent on the different pages before registering, during registering and during posting, but I doubt that much of the spammer(bot)s have actually read some topics before creating an account or posting to it. So maybe we can come up with a scheme to keep the spammers at bay, with minimum impact on genuine users. And I don’t think I need to stress that minimum impact on genuine users is a very important factor.

For example:
- You can only register an account after having spent 10 minutes on devmaster browsing at least one topic.
- For the first few posts, you can only post to a topic after having spent a few (say, 4) minutes in that topic.
- For the first few posts, you are not allowed to kick multiple threads older than a month.
- For the first few posts, or perhaps in general, limit the number of posts per timeframe that a user may post, unless that post is in a thread where the user already recently posted

These rules should be easy enough to implement, and accompanied with friendly error messages it would not bother the occasional new user who is a little too enthousiastic in his posting much. Of course, such rules can be easily bypassed. The question is whether it is feasible for the spammers to actually bypass them. We’re not a very big community, and most spam posts are not really targeted at typical devmaster audience. Probably the only reason we get spammed in the first place is because devmaster is using a popular bulletin board system.

Any thoughts?

7 Replies

Please log in or register to post a reply.

8676d29610e6c98d6dd2d9c38528cd9c
0
alphadog 101 Jul 28, 2009 at 14:33

My first question would be if spammer bots actually follow the same process as “normal humans”, or is it because the board is popular, they know how to exploit it programatically?

The old thread condition is tricky. For example, lots of people keep reviving Nick’s thread on rasterization. Also, measuring time spent on the site is also possibly inaccurate.

A simple “one post per five minutes” condition on members with less than 50 posts total would be good. Although I wonder if an automated system would simply gauge and wait…

Another solution would be to empower established, frequent-posting members with the ability to flag spam, hidden by default from all members but can be user-bypassed, and to be deleted or re-activated by admins later. Basically, crowdsourcing the control. Something like Stack Overflow’s mechanism, which, admittedly, I’ve seen abused once.

While the spam level is low, I find that I usually still don’t visit the forum until spam has been deleted, which can take up to quite a few hours. I use the “New Posts” search to figure out what has changed and what to read, but spam makes it unworkable…

PS: I’ve seen this asked repeatedly. The fact that DevMaster Masters never do anything about it means chances of success is painfully low…

A8433b04cb41dd57113740b779f61acb
0
Reedbeta 168 Jul 28, 2009 at 17:43

I usually check the boards and delete any spam first thing in the morning. Of course, I’m on the West Coast, so by the time I get to work in the morning, it’s already lunchtime for East Coasters and beer time for Europeans… :P

Anyway, if time taken to delete spam is an issue, I wonder if we could just elevate a few more regular users to mod status. I seem to be the only active mod at the moment.

Any code changes to the site are basically limited by how much time the main admin can spend on it, which does unfortunately mean that stuff happens slowly.

340bf64ac6abda6e40f7e860279823cb
0
_oisyn 101 Jul 28, 2009 at 21:01

@alphadog

The old thread condition is tricky. For example, lots of people keep reviving Nick’s thread on rasterization.

I was talking about multiple threads. It’s fine as a beginning poster to kick an old thread, but just not more than one. Or maybe two. In quick succession at least

Also, measuring time spent on the site is also possibly inaccurate.

Actually you don’t have to literally measure the time the user is actually reading the site. It’s basically just the time between requests in a single session. Tracking sessions is easy enough, and if a user has disabled cookies he can’t log in in the first place.
@Reedbeta

Anyway, if time taken to delete spam is an issue, I wonder if we could just elevate a few more regular users to mod status. I seem to be the only active mod at the moment.

Well I’d like to volunteer as a European user frequently checking the board a few times a day between 10am and 6pm local time (GMT+1, which means 1am - 9am pacific time). The mere right to hide posts from public would be enough I guess (I have never seen spammers return, so banning users wouldn’t be necessary)

A8433b04cb41dd57113740b779f61acb
0
Reedbeta 168 Jul 28, 2009 at 21:41

Okay, .oisyn, I’ve promoted you to moderator. You should have a few more buttons. Let me know if you have any problems (I’m not completely sure which permissions you’ll have, but you should be able to delete spam easily enough).

3c5be51fdeec526e1f232d6b68cc0954
0
Sol_HSA 119 Jul 29, 2009 at 07:55

A pretty simple avoidance scheme used elsewhere(tm) is that the first few messages have to be ok’d by a moderator before they become visible. After 3-5 successful posts, the user becomes ‘normal’.

3c5be51fdeec526e1f232d6b68cc0954
0
Sol_HSA 119 Jul 29, 2009 at 07:56

Another one that would work perfectly, but only for really popular boards: $1 registration fee.

8676d29610e6c98d6dd2d9c38528cd9c
0
alphadog 101 Jul 29, 2009 at 12:31

If you need an EST mod, I’ll throw my hat in. I’m not on every day, but pretty often…