The spam is real.
-
@hek said:
@a_5mith said:
Captcha is a waste of air.
What is wrong with reCatcha?
Why should someone have to type all of this out, just to gain access to a site. The numerical ones usually aren't bad, but they can also be quite hit and miss. The biggest problem with captcha though is to do with how easily they're hacked. Companies that pay people to answer captchas, automated bots that can work them out etc. They're not what you'd call user friendly.
This one that @bentael posted looks useful, but it would have to support multiple languages before it's of any proper use. With NodeBB supporting 30+ languages or so, a viable anti spam being english only is a bit of a shame. However even visual captcha has a weak point, the audio captcha. It was the audio portion of reCaptcha that was hacked almost 4 years ago using audio algorythm to calculate the answer. Play a captcha question to something like Siri, or Google Now, and it will return the answer. Build a system to automate this, and you've rendered an entire layer of security, useless.
-
I don't know why you say akismet is not that good, but akismet is pretty decent considering that fact that it works decently in most wordpress installation with 85% success, so decent that no one would mind, if that is integrated into the core. And yes capcha is waste of air, agreed
-
Or else another idea is to come up with nbb native anti spam :
Drop a cookie every time a page is loaded via browser, if someone tries to comment without the cookie being dropped in the browser! Its probably not human and the comment can be moved to a moderation queue. Whether it be comment or new topic.
Second, if a user is making more than 3 new topic every minute, the fourth topic need to not be allowed to create without a cool down period of 30 minutes. This is used by reddit.
Third, there are many servers like stopspam and all which stores a list of the most spamming IP addresses, so nbb can check an IP against their database before allowing an IP to post more than 5 topics per hour, but a person with more than 3 reputation points can be avoided these checks.
This way, u don't need to have akismey or spots without honeys or captcha, if user wants additional protection, they will install plugins.
-
@vegetagz6 said:
Or else another idea is to come up with nbb native anti spam :
Drop a cookie every time a page is loaded via browser, if someone tries to comment without the cookie being dropped in the browser! Its probably not human and the comment can be moved to a moderation queue. Whether it be comment or new topic.
Second, if a user is making more than 3 new topic every minute, the fourth topic need to not be allowed to create without a cool down period of 30 minutes. This is used by reddit.
Third, there are many servers like stopspam and all which stores a list of the most spamming IP addresses, so nbb can check an IP against their database before allowing an IP to post more than 5 topics per hour, but a person with more than 3 reputation points can be avoided these checks.
This way, u don't need to have akismey or spots without honeys or captcha, if user wants additional protection, they will install plugins.
Project Honeypot checks against known spammers and blocks them at registration, this solves 90% of automated spam. A good Q&A would solve the rest usually. I'm pretty sure we can already limit how often someone can post/create topics. Post based permissions are always a good one, I used them on SMF, less than 5 posts, you couldn't post links or more than a topic every 2 minutes or so. Until they hit 10 posts.
-
@a_5mith I have had very good luck with Akismet on some Vanilla forums I run. Sometimes tools like Project Honeypot or StopForumSpam let new spammers through, while Akismet detects spam and hides it. I believe a combination of both is pretty powerful.
I do agree though that captchas just aren't good these days. I hate filling them out, and they're pretty ineffective against modern spammers.
-
The question plugin works fine for me, albeit I'll admit I'm using the EVE Online API plugin for most of the forums that I run so there's no way a bot could sign up without being a real person in the corp in question.
Not saying that all of their posts could be considered to be not spam but hey, who's counting.
-
The who.is info of the sites they promote comes back as private, however looking at where the nameservers point, and complaining to them may get them blacklisted by emailing their abuse email.
They've also been hammering talk.kano.me as well as a whole host of other large sites, IGN etc.
Scumbags.
You'd think it would be easier to just spend $20 on google adwords, rather than paying 10 guys in a shed to spam forums with rubbish. -
They just keep going, very persistent.
The issue with Akismet is when a user posts a link without manually changing its appearance (http://google.com instead of Google) the plugin is likely to "prevent the topic from posting" the user gets an alert, the composer stays active.
In reality, the plugin allows the post.
Very easy to get several duplicate topics like this.
-
Login | NodeBB Forum Software
NodeBB Forum Software - A better community platform for the modern web. NodeBB is a next generation forum software that's free and easy to use.
(manage.nodebb.org)
^ Testing a link as-is
Edit: Seems to work
-
@julian Of course my issue was when the old Markdown library was in use. I can't imagine Akismet would have had an issue with it but not the new library considering both simply render text into links -- unless the old library operated at the time of post and the new one operated at the time of display.
