PDA

View Full Version : New option in post moderation



The Wise Monkey
09-24-2008, 06:08 PM
Hey Rob,

Just to give a big thumbs-up to the "Delete as Spam" option when deleting a post - makes our lives a lot easier.

Thanks for adding it in! :D

Rob
09-24-2008, 06:29 PM
Oh, nice! Must be a new feature that came when I upgraded the bulletin board to version 3.7.3. Cool!

RickyTick
09-24-2008, 07:28 PM
I've used it too. Works great. Only problem is that we need to use it.

RickyTick
10-13-2008, 02:19 PM
Hey Rob. The amount of spam and porn lately seems to be on the increase. I'm deleting trash almost every day.

Rob
10-13-2008, 04:11 PM
I've noticed, too. I noticed about a week ago that in a single day 30 new users joined the message board. That's a very unrealistic figure.

When that happened, I checked the e-mail addresses of users that very recently joined against "known spammer" lists and found that nearly all of them were spammers.

Now I've learned that there are tons of 'bots out there, probing constantly to gain access to message boards in general, including this one. My guess is that VBulletin, being a highly regarded and widespread message board, is one that bots have been customized to attack successfully. For example, the image verification required of new users is not an effective defense against bots.

To protect the quality of the message board, new users are no longer allowed to register using a freebie e-mail services, such as yahoo, gmail and many others. That's regrettable, but the only practical option. Most people have access to e-mail other than a freebie service.

It seems to me that this defense has proven very effective (but not 100 percent effective). For the last week, the number of spam posts has been much less. I've deleted hundreds of users that are known bot spammers, and there have been few new bot spammers able to create new accounts.

The Wise Monkey
10-14-2008, 06:06 AM
That's a shame - I think I have a non-free account, but I'm not 100%.

Is there not an option that requires an admin to approve a user account before it is activated? This should give an extra layer of security to the sign up process.

Rob
10-14-2008, 09:49 AM
Existing users that registered with free-mail accounts are grandfathered in, so they are still ok and don’t need to do anything. It’s easy to tell legitimate users because they post and because the posts look legitimate – as opposed to thinly veiled advertisements or posts obviously intended to mention search engine keywords. Human spammers post very few messages. But human spammers are a very small percentage of the spammers.

It’s not effective to ban users because the e-mail account that was used to create the account was disposable. Spammers hit-and-run, posting their spam in one session and never coming back. It’s necessary to cut them off at the source by banning the e-mail domain.

There are ways to manually approve users, which would eliminate bots and thus the vast majority of the spammers. The problem is it would be labor intensive, would introduce a delay between a user registering and being able to post, and would be an inconvenience for all new users and not just the ones using free e-mail domains. So for now the strategy is to disallow spammer-friendly domains. It’s possible that a legitimate user may not be able to register, which is unfortunate. However, it is the most practical solution to a very serious problem. If users want to be part of a helpful, safe, robust community then it’s not unreasonable they recognize the realities of the day and do their part by using a safe e-mail domain.

What’s interesting – and fortunate – is that frequently the bot creating the user account is a separate action from the bot posting spam messages. The delay can be hours, weeks or even months between the action of creating a spam account and then later posting spam messages. This is enough of a delay that in most cases I can examine a newly registered user’s data to determine if it was a bot. Nearly always the e-mail domain used to register the account gets added to the disallowed list. By deleting the user and disallowing the domain, the bot cannot return and register again or use a previously existing user to post spam.

The users that have been deleted are ones that are obviously spammers. For example, there are clues such as zero posted messages, user names that start “abc”, “asdf”, or “tuvw”, garbage data in the user profile, country of origin, free e-mail domain, and many others. Other bulletin boards maintain a list of known spammers, so a cross-check can be done against these lists when in doubt.

RickyTick
10-14-2008, 12:56 PM
On my Clan's Forum, we require anyone wanting to register to be activated by the board admin, but its very labor intensive for the admin, and may take several hours to a couple of days to get it done.

I don't know what an easy solution would be. I log on here several times a day, so I don't mind cleaning it up when its needed.

The Wise Monkey
10-14-2008, 01:37 PM
Ok, I agree with that, but I wouldn't say that gmail, hotmail and yahoo were spammer friendly domains.