It is currently Mon Jan 21, 2019 6:23 am

All times are UTC - 8 hours [ DST ]




Post new topic Reply to topic  [ 16 posts ] 
Author Message
Offline
 Post subject: Account Registration Temporarily Disabled
Post #1 Posted: Tue Oct 03, 2017 8:37 pm 
Honinbo

Posts: 8261
Liked others: 1422
Was liked: 1325
KGS: Kirby
Tygem: 커비라고해
There's some spammer/bot that keeps making new accounts under different IP addresses, spamming new threads to the forum. tchan001 and I have been aggressively banning and removing the posts, but the aggressor seems to be posting under new ip addresses.

For the time being, I've disabled new account registration, until we have a better plan.

_________________
it's be happy, not achieve happiness


This post by Kirby was liked by 3 people: Bonobo, FuriousGeorge, jeromie
Top
 Profile  
 
Offline
 Post subject: Re: Account Registration Temporarily Disabled
Post #2 Posted: Tue Oct 03, 2017 9:27 pm 
Lives in gote

Posts: 395
Liked others: 162
Was liked: 179
Thanks for mitigating the problem quickly.

Top
 Profile  
 
Offline
 Post subject: Re: Account Registration Temporarily Disabled
Post #3 Posted: Tue Oct 03, 2017 9:35 pm 
Lives in sente

Posts: 834
Location: Littleton, CO
Liked others: 278
Was liked: 260
Rank: KGS 3k
Universal go server handle: jeromie
Thanks, Kirby.

Top
 Profile  
 
Offline
 Post subject: Re: Account Registration Temporarily Disabled
Post #4 Posted: Tue Oct 03, 2017 10:25 pm 
Judan
User avatar

Posts: 5125
Location: Banbeck Vale
Liked others: 851
Was liked: 1244
Rank: 1D AGA
GD Posts: 1512
Kaya handle: Test
I've deleted 38 spammer accounts today, and dozens of spam posts.

_________________
'I have often wondered how it is that every man loves himself more than all the rest of men, but yet sets less value on his own opinions of himself than on the opinions of others." -Marcus Aurelius


This post by Joaz Banbeck was liked by: Bonobo
Top
 Profile  
 
Offline
 Post subject: Re: Account Registration Temporarily Disabled
Post #5 Posted: Wed Oct 04, 2017 1:44 am 
Judan

Posts: 7943
Liked others: 2219
Was liked: 2786
Bravo, guys! :salute: :salute: :salute:

_________________
There is one human race.
----------------------------------------------------

The Adkins Principle:

At some point, doesn't thinking have to go on?

— Winona Adkins

Top
 Profile  
 
Offline
 Post subject: Re: Account Registration Temporarily Disabled
Post #6 Posted: Wed Oct 04, 2017 6:12 pm 
Honinbo

Posts: 8261
Liked others: 1422
Was liked: 1325
KGS: Kirby
Tygem: 커비라고해
So going forward, we have a few options:
1.) Just re-enable registration- the spammer may be bored by now.
2.) Change the captcha for registration to be more difficult.
3.) Restrict permissions on new users in some way until they've made some number of posts - for example, first X posts could require admin or moderator approval for all new users.
4.) Research phpBB mods that may have additional spam detection or functionality.

Thoughts?

_________________
it's be happy, not achieve happiness

Top
 Profile  
 
Offline
 Post subject: Re: Account Registration Temporarily Disabled
Post #7 Posted: Wed Oct 04, 2017 8:26 pm 
Lives in sente

Posts: 834
Location: Littleton, CO
Liked others: 278
Was liked: 260
Rank: KGS 3k
Universal go server handle: jeromie
Option 1 seems optimistic, and leaves the board open to a similar attack later.

Option 3 seems like it might raise an unnecessary barrier to entry in a community that already gains new members slowly.

Options 2 and 4 seem like decent technical solutions. Which is better depends on the time investment involve for the success rate, which I don't know how to evaluate right off the bat. If you need help, let me know. I think it would be good to spread the time investment as much as possible.

Top
 Profile  
 
Offline
 Post subject: Re: Account Registration Temporarily Disabled
Post #8 Posted: Thu Oct 05, 2017 12:54 am 
Gosei
User avatar

Posts: 1513
Location: Hong Kong
Liked others: 43
Was liked: 512
GD Posts: 1292
In my opinion, the occasional spammers are not the problem. They are easily handled by mods.
It's the serial spammers like the one we just had recently which are the real problems. Even if you make the captcha code harder during registration, it is easy for the spam originator to make new accounts manually. Therefore it is more important to make it harder for bots to spam posts quickly. Perhaps we need to think about making a captcha code for each new post or some type of delay timer between posts to keep the amount of spam mre manageable and to make banning serial spammers less demanding on mods.

_________________
http://tchan001.wordpress.com
A blog on Asian go books, go sightings, and interesting tidbits
Go is such a beautiful game.

Top
 Profile  
 
Offline
 Post subject: Re: Account Registration Temporarily Disabled
Post #9 Posted: Thu Oct 05, 2017 1:32 am 
Oza
User avatar

Posts: 2490
Liked others: 1263
Was liked: 1106
First of all, you guys did a great job handling this attack. The whole first page of new posts was spam, and more were flying in faster than I could report them. I see that at least three mods/admins were involved in the clean up, but I do wonder whether any further measures are indeed necessary. While this attack seemed alarming, this type of attack is rather infrequent, and as far as I can tell, shutting it down involved banning the user's ip and deleting the posts, which is basically the same work as with any other spammer. I like Kirby's idea #1 best as it avoids impeding the forum users. If it turns out that robot spam attacks are a frequent problem, then by all means we should look for a technical solution that doesn't place more burden on the mods, but if it's a once-in-a-blue-moon kind of thing, then why bother?

_________________
The key is to keep Bonzo under control -Tami

Top
 Profile  
 
Offline
 Post subject: Re: Account Registration Temporarily Disabled
Post #10 Posted: Thu Oct 05, 2017 1:43 am 
Lives with ko

Posts: 141
Liked others: 11
Was liked: 29
Thanks to the mods handling it!

Having an extra captcha for the first post of a user might be enough to throw bots off. Another idea is to block temporarily posts from accounts when (repeated) posts are posted within seconds or some spam-filter detects something.

_________________
If something sank it might be a treasure. And 2kyu advice is not necessarily Dan repertoire..

Top
 Profile  
 
Offline
 Post subject: Re: Account Registration Temporarily Disabled
Post #11 Posted: Thu Oct 05, 2017 10:59 am 
Judan
User avatar

Posts: 5125
Location: Banbeck Vale
Liked others: 851
Was liked: 1244
Rank: 1D AGA
GD Posts: 1512
Kaya handle: Test
My solution is a combination of several ideas proposed in this thread.

The one bottleneck that every potential spammer has to go through is registration. We have to catch them there. Trying to catch them afterwards can only be done after they have damaged the forum.

We could put all new members on appproval ( meaning that their posts are held waiting for approval by a mod )

But any attempt to slow down spammers at registration is likely to impose a rather irritating burden on legitimate new members - and does so at a time when the interest is very tentative. An established member may tolerate the irritation of being put on approval for he knows the benefits well, but a new member may give up and go away.

My solution is this: allow new members to post unimpeded, but modify the reporting code so that if anyone reports a new user's post, the new user's account converts to approval and the new post disappears from view.

_________________
'I have often wondered how it is that every man loves himself more than all the rest of men, but yet sets less value on his own opinions of himself than on the opinions of others." -Marcus Aurelius

Top
 Profile  
 
Offline
 Post subject: Re: Account Registration Temporarily Disabled
Post #12 Posted: Thu Oct 05, 2017 11:25 am 
Judan

Posts: 7943
Liked others: 2219
Was liked: 2786
Does timing matter? Perhaps if a user tries to make two posts in less than 15 sec., they are assumed to be a spammer?

I have noticed several sites that use the presence of links in a note to send it to moderation. Users here often post links, usually to other go sites. Perhaps we could try that approach, and some sites to link to could be white-listed.

_________________
There is one human race.
----------------------------------------------------

The Adkins Principle:

At some point, doesn't thinking have to go on?

— Winona Adkins

Top
 Profile  
 
Offline
 Post subject: Re: Account Registration Temporarily Disabled
Post #13 Posted: Thu Oct 05, 2017 11:25 am 
Lives with ko

Posts: 260
Liked others: 89
Was liked: 128
Rank: OGS 7 kyu
Kirby wrote:
So going forward, we have a few options:
1.) Just re-enable registration- the spammer may be bored by now.
2.) Change the captcha for registration to be more difficult.
3.) Restrict permissions on new users in some way until they've made some number of posts - for example, first X posts could require admin or moderator approval for all new users.
4.) Research phpBB mods that may have additional spam detection or functionality.

Thoughts?


5) Tell that guys he is targeting the wrong place... seriously, he is spending so much time going through registration and captcha, to spam a site where very few person will be able to read his message :tmbdown:

Is is possible to impose a captcha to the 10 first messages of every new members? then the captcha disappears after the first 10 message.

_________________
I am the author of GoReviewPartner, a small software aimed at assisting reviewing a game of Go. Give it a try!

Top
 Profile  
 
Offline
 Post subject: Re: Account Registration Temporarily Disabled
Post #14 Posted: Thu Oct 05, 2017 12:37 pm 
Lives in sente

Posts: 1297
Liked others: 595
Was liked: 392
Rank: AGA 4k KGS 2k
GD Posts: 61
KGS: dfan
pnprog wrote:
Tell that guys he is targeting the wrong place... seriously, he is spending so much time going through registration and captcha, to spam a site where very few person will be able to read his message :tmbdown:

A large part of the point of message board spam is just to plant more links to the spammer's site so the site will rise in the rankings of search engines such as Google, which use number of incoming links as a component in their measure of quality. So it doesn't matter a ton whether people read the message or not.


This post by dfan was liked by: Joaz Banbeck
Top
 Profile  
 
Offline
 Post subject: Re: Account Registration Temporarily Disabled
Post #15 Posted: Thu Oct 05, 2017 11:58 pm 
Lives in sente

Posts: 854
Location: UK
Liked others: 67
Was liked: 441
Rank: 5 dan
KGS: macelee
There are a number of ways to prevent this sort of problems:

- For computer spam bots, they will complete whatever forms very quickly unlike human-beings. So write some script to prevent forms from being submitted too quickly.
- Implement 'honey pot' - that is some fields in the registration form with some attractive names such as 'homepage', 'url', etc. Use CSS to hide such fields so they will not be seen by normal users. But computer bots are normally silly enough to fill something in these fields so such registration can be blocked easily.
- I don't remember if we need an email address in the registration process. If yes, certain domains can be easily blocked, such as .xyz (no normal people would use such domains for email).
- In all of the above cases, IP addresses are recorded and banned automatically, but only for a number of hours (just in case some legitimate users are using these IPs).
- Use some professional services to filter all traffic before they are acted upon.

Top
 Profile  
 
Offline
 Post subject: Re: Account Registration Temporarily Disabled
Post #16 Posted: Fri Oct 06, 2017 11:31 am 
Judan
User avatar

Posts: 5125
Location: Banbeck Vale
Liked others: 851
Was liked: 1244
Rank: 1D AGA
GD Posts: 1512
Kaya handle: Test
macelee wrote:
There are a number of ways to prevent this sort of problems:

- For computer spam bots, they will complete whatever forms very quickly unlike human-beings. So write some script to prevent forms from being submitted too quickly.
- Implement 'honey pot' - that is some fields in the registration form with some attractive names such as 'homepage', 'url', etc. Use CSS to hide such fields so they will not be seen by normal users. But computer bots are normally silly enough to fill something in these fields so such registration can be blocked easily...


That would inhibit bots, but the latest spammers did new accounts at a rate of approximately one every two minutes, which suggests that they had a human in the loop.

_________________
'I have often wondered how it is that every man loves himself more than all the rest of men, but yet sets less value on his own opinions of himself than on the opinions of others." -Marcus Aurelius

Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 16 posts ] 

All times are UTC - 8 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group