Making the case for anti-spam feature even for posting



  • The fact that a very busy human spammer or (more likely) an automated spammer has been active on this site since early this morning is a good reason why NodeBB needs an anti-spam feature not just during registration, but also for posting.

    We just have to find a way to make it less annoying for human posters.


  • Admin

    While I do agree with you, currently the problem is a borked user delete... didn't actually delete the user as I thought it would ><


  • GNU/Linux Admin

    Latest version (when committed) should ensure that a since-deleted user will not be able to post.



  • @psychobunny

    Well at least thanks to that spammer, we know that the user deletion feature still needs more tweaking.


  • Admin

    Ironically, deleting the user made it impossible for me to ban him, while he's still able to post, rofl



  • Ironically, deleting the user made it impossible for me to ban him, while he's still able to post

    @psychobunny

    Interesting. Maybe ban first, then delete.


  • Admin

    @baris just pushed a fix that hopefully solves the user deletion bug, and I guess we all know what we're doing in the upcoming weeks re: spam prevention 😛


  • GNU/Linux Admin

    @psychobunny said:

    I guess we all know what we're doing in the upcoming weeks re: spam prevention

    Yeah, and all we needed was to have a spambot hammer us for half an hour 😛



  • What about adding support for Project Honeypot, I use it on my forum and haven't had a single spambot registration in 7 months. It stops them before they even get to the registration process. Then an option for either a Q&A or one of them new fangled captchas where you need to click the spanner or something. 🙂


  • GNU/Linux Admin

    I use it on my forum and haven't had a single spambot registration in 7 months.

    Hey, good enough for me -- I might just look into it 🙂



  • @julian Check out http://www.stopforumspam.com/ while you're at it, most forum systems have this and it works a wonder. You can use them both to be uber-protected.

    But for now, I think a simple spambot prevention would be a nice, like reCaptcha.





  • Most Captchas are easily broken by bots, the only real way you can stop a spambot by using a captcha is if you build your own or use one that's not well known, the spam bot creators don't bother hacking the smaller captcha providers.

    An option to use each one would be nice though, maybe a few different captcha providers, or a Question & Answer form. Then run them through someone like Stop Forum Spam whilst we're there. This, by default would also give you an edge over other bulletin board software, as most just handle it through a plugin/add-on.


  • Plugin & Theme Dev

    I'd like to have an option within ACP like "Allow posting without javascript" and "Allow registration without javascript", because many bots do not have js activated.
    The following traps could be done as well:

    • measure time the user lasts on the page (hidden timestamp input-field). If it's less than a few seconds it's most likely a bot. (you may skip this test if the user has some reputation since copy+paste may result in short delays too)
    • honeypot (user-hidden (js if enabled, otherwise css) input-field with common name like 'email', if it gets filled it's most likely a bot)
    • confirmation-page (or dialog if js is enabled) with checkbox like "I am a human" or simple question like "What is more valuable gold or glass?"

    If these options are implemented the following should be configurable within ACP:

    • Enable time-measure, minimum time
    • Confirmation Question + Answer (if answer is true or false show checkbox with opposite default-value)
    • Skip confirmation if javascript is enabled (default: true)

    In combination with the database suggestion by @anooxy this should filter most bots without annoying (javascript-enabled) users in any way.


  • Plugin & Theme Dev

    Interestingly enough I had the idea of making a Project Honeypot plugin 2 months ago
    Never came around to doing it though... Still have that Poll thing and the video chatting...



  • On my new site, I have more bot-registered users than real users. The list just keeps growing by the minutes. Nothing to stop them.


Log in to reply
 

Suggested Topics

| |