The spam is real.
-
Seems the honeypot is out of honey.
-
Hmm its too much spam. Did you try deleting the spams at least? Last I logged in some hours back, there were 10 spam, now more than 30.
-
This forum doesn't use akismet? The plugin u once showed me had all 3 options, akismet captcha and honeyspot.
-
@vegetagz6 said:
Hmm its too much spam. Did you try deleting the spams at least? Last I logged in some hours back, there were 10 spam, now more than 30.
Me? No, not a moderator.
I'm pretty sure this place uses Honeypot, I've never had much luck with akisment, so I don't use it. I personally use the Q&A plugin, and Honeypot. Captcha is a waste of air.
-
-
@hek said:
@a_5mith said:
Captcha is a waste of air.
What is wrong with reCatcha?
Why should someone have to type all of this out, just to gain access to a site. The numerical ones usually aren't bad, but they can also be quite hit and miss. The biggest problem with captcha though is to do with how easily they're hacked. Companies that pay people to answer captchas, automated bots that can work them out etc. They're not what you'd call user friendly.
This one that @bentael posted looks useful, but it would have to support multiple languages before it's of any proper use. With NodeBB supporting 30+ languages or so, a viable anti spam being english only is a bit of a shame. However even visual captcha has a weak point, the audio captcha. It was the audio portion of reCaptcha that was hacked almost 4 years ago using audio algorythm to calculate the answer. Play a captcha question to something like Siri, or Google Now, and it will return the answer. Build a system to automate this, and you've rendered an entire layer of security, useless.
-
I don't know why you say akismet is not that good, but akismet is pretty decent considering that fact that it works decently in most wordpress installation with 85% success, so decent that no one would mind, if that is integrated into the core. And yes capcha is waste of air, agreed
-
Or else another idea is to come up with nbb native anti spam :
Drop a cookie every time a page is loaded via browser, if someone tries to comment without the cookie being dropped in the browser! Its probably not human and the comment can be moved to a moderation queue. Whether it be comment or new topic.
Second, if a user is making more than 3 new topic every minute, the fourth topic need to not be allowed to create without a cool down period of 30 minutes. This is used by reddit.
Third, there are many servers like stopspam and all which stores a list of the most spamming IP addresses, so nbb can check an IP against their database before allowing an IP to post more than 5 topics per hour, but a person with more than 3 reputation points can be avoided these checks.
This way, u don't need to have akismey or spots without honeys or captcha, if user wants additional protection, they will install plugins.
-
@vegetagz6 said:
Or else another idea is to come up with nbb native anti spam :
Drop a cookie every time a page is loaded via browser, if someone tries to comment without the cookie being dropped in the browser! Its probably not human and the comment can be moved to a moderation queue. Whether it be comment or new topic.
Second, if a user is making more than 3 new topic every minute, the fourth topic need to not be allowed to create without a cool down period of 30 minutes. This is used by reddit.
Third, there are many servers like stopspam and all which stores a list of the most spamming IP addresses, so nbb can check an IP against their database before allowing an IP to post more than 5 topics per hour, but a person with more than 3 reputation points can be avoided these checks.
This way, u don't need to have akismey or spots without honeys or captcha, if user wants additional protection, they will install plugins.
Project Honeypot checks against known spammers and blocks them at registration, this solves 90% of automated spam. A good Q&A would solve the rest usually. I'm pretty sure we can already limit how often someone can post/create topics. Post based permissions are always a good one, I used them on SMF, less than 5 posts, you couldn't post links or more than a topic every 2 minutes or so. Until they hit 10 posts.
-
I believe our post limiter is set to something low like 10 seconds. Having it set higher until you hit a certain rep threshold may be a good idea.
-
Here we go: gh#2335
-
The spam doesn't even make sense.
Gibberish gibberish gibberish, email address. Perhaps time to add a deny from to nginx?
-
@a_5mith I'm thinking it's a manual sign-up... they don't really make much sense, but if it were automated, we'd be getting a whole ton more.
-
@a_5mith I have had very good luck with Akismet on some Vanilla forums I run. Sometimes tools like Project Honeypot or StopForumSpam let new spammers through, while Akismet detects spam and hides it. I believe a combination of both is pretty powerful.
I do agree though that captchas just aren't good these days. I hate filling them out, and they're pretty ineffective against modern spammers.
-
The question plugin works fine for me, albeit I'll admit I'm using the EVE Online API plugin for most of the forums that I run so there's no way a bot could sign up without being a real person in the corp in question.
Not saying that all of their posts could be considered to be not spam but hey, who's counting.
-
The who.is info of the sites they promote comes back as private, however looking at where the nameservers point, and complaining to them may get them blacklisted by emailing their abuse email.
They've also been hammering talk.kano.me as well as a whole host of other large sites, IGN etc.
Scumbags.
You'd think it would be easier to just spend $20 on google adwords, rather than paying 10 guys in a shed to spam forums with rubbish.
-
They just keep going, very persistent.
The issue with Akismet is when a user posts a link without manually changing its appearance (http://google.com instead of Google) the plugin is likely to "prevent the topic from posting" the user gets an alert, the composer stays active.
In reality, the plugin allows the post.
Very easy to get several duplicate topics like this.
-
@Ted is this an issue with spam-be-gone's handling of spam topics, then?
-
@julian I think that's just an issue with akismet as part of the spam-be-gone plugin, enforcing someone to embed a link with Markdown doesn't really constitute spam prevention, just user annoyance.
-
^ Testing a link as-is
Edit: Seems to work
