" Last Shout - Posted by: Brinson - Saturday, 10 March 2007 03:42 Oh dear god I hate spammers. We should bring back lynch mobs, why did they ever go out of style? I mean, if someone BARGED into my house without asking and tried to sell me shit over and over and over they'd be arrested for felony level offenses. People do it online and its just business. Note to spammers: I hate you. I want you to die…painfully. I want you to watch your blood leave your body. Now leave me alone, or I might track your IP and show up at the doorstep my discomfort afforded you. Brinson, Out. "
I'm amazed at how far they'll go. I have image verification on my site…are spam bots now able to crack those? Geez. Its not just that, too, but they're good. They hotlink smileys with what would, on anything but a very specialized forum, seem normal. Are you buying your gf flowers? Do you know where to get movies online? Can you point me to good articles on the site?
Oh dear god I hate them so much. They need to be shot…in the legs, over and over…until the pain itself causes them to die.
[ /Rant]
Any ideas you guys have about keeping them out? I don't want to personally activate each account…I dislike sites that do that…How about we start an organization dedicated to finding spammers and postings pics of their dislocated fingers? Yeah, I'd like that..
NOTE: Brinson does not, nor has he ever, promoted the brutal finding, torturing, scorching, destroying, abusing, beating, clubbing, pistol whipping, cutting, knifing, shooting, sniping, or killing of the despicable slime creatures he playfully calls "those bastard spammers who must die painfully far, far from all that they hold dear".
I don't know about QuickSilver, so Samson will have to speak for that one, but SimpleMachines is a forum software that comes with a captcha (image verification) system, which is why I switched to it. It also lets you set the complexity of the graphic used to verify that the person is real and not a spambot. And the software is free, though I intend to donate to them anyway for providing such a great software.
A lot of the more common boards, Ikonboard, Invisionboard, phpbb, etc seem to be hit the most. Unless they really upgrade their software against spambots, there's not much you're going to be able to do without incorporating your own captcha system or some other method into the software yourself.
It's pretty simple. Just change your forum a little bit. For example, on my phpBB forum I changed the text of my register link a little. I also added a dynamic link for the register link so bots can't go directly to it. I haven't had a single bot since then.
The captcha in QSF and QSFP is very effective, even just on its own. Combine that with email verification and so far *knocks on the nearest thing to wood he can find* it's stopped the spambots cold. Unfortunately as is usually the case with this sort of thing, it can make legitimate human registrations a huge pain in the ass when the graphic is difficult to read. I've failed our captcha myself in testing!
Which is why I began pursuing alternatives. I found Akismet. It's a comment filtering system commonly used on blogs, but since blogs and forums are basically the same under the hood, porting Akismet to filter forum posts probably wouldn't be that difficult to accomplish. And there are already plugins available even for PunBB, phpBB, SMF, and Phorum. I'm planning one for QSF/QSFP as well.
I put the system into practice with my own blog, running Sandbox, and so far not one spammer has penetrated the system and been able to post. This after they cracked the captcha that Kiasyn provided with it. Spam posts are stored in a spam table in the DB so that if a false positive comes up you can release it to be posted, and the Akismet filter will be updated to reflect it. You can also do the same with false negatives ( really spam ) but I haven't implemented that side of things yet since I'm lazy and it hasn't been necessary so far :P
It's pretty simple. Just change your forum a little bit.
Yep. People write bots that understand the major forum software people seem to be using. I had a problem being spammed when I was using UseMod Wiki, but I made changes to the parameter names passed in the URLs and never got spammed again. I also never got spammed running my TeensyWeb wiki/forum because nobody but me is running it. This is much like most virii are written for Windows. Nobody will bother writing a bot for forum/wiki software that has been customized or little used..
Nobody will bother writing a bot for forum/wiki software that has been customized or little used..
This isn't entirely true. I'm one of 4 people running Sandbox in a live environment. My site has been the only one so far to become the target of bot spammers. They even wasted the time cracking the captcha system in it. That's why I had to implement Akismet filtering. For one single solitary blog. I don't yet know why they come to me trying to advertise their crap. My site hasn't even been released from Google's sandbox, so it doesn't have pagerank or anything yet. It's not terribly popular with anyone outside of a small circle of online friends either.
So it apparently isn't so clear cut. They spammed me, and there doesn't appear to be any value in it. *shrug*
Maybe the spammers heard about the rampage you went on in your antispam campaign over the last few months and specifically targetted you for vengence. :wink:
Lol, if they're wasting time doing that, so be it. They only prove that the Akismet filtering system works. And the more spam I see locked away in the spam table, the more trust I can place in the system. Perhaps leading to eventually not using captcha at all.
:LOL: Well, I was really just being fasicist about it, but, who knows, we are talking about folks who will write scripts to bot into sites to send spam even to places like California where they know it's illegal and could result in some crazy monetary fines or worse.. :shrug:
Jesus. I don't know if I could fathom having 200+ spams a day on my blog. But I suppose since they've found me and think they're getting away with something that I'll end up there eventually :(
But either way. Akismet is definitely a godsend for blogs. Jury is still out on how well it'll do with forums, but one of these days I'm going to write up the code for QSFP and put it to the test. The biggest pain is adding some kind of AdminCP or moderator options for it to be able to flag false positives.
I put the system into practice with my own blog, running Sandbox, and so far not one spammer has penetrated the system and been able to post. This after they cracked the captcha that Kiasyn provided with it.
True, but that doesn't change the fact that it may as well not be there now. In fact, I may just take it out of mine and go just with the spam filter and see if the results change any. I've caught 49 so far with the filter :)
I put the system into practice with my own blog, running Sandbox, and so far not one spammer has penetrated the system and been able to post. This after they cracked the captcha that Kiasyn provided with it.
to be fair, that was a -very- simplistic captcha.
Are you saying that we should all be upgrading our Sandbox captcha's to something considerably more complex as well as adding Samson's akismet?
Hmm, that's a shame. Captcha seems to be the only, or least primary, defense against spammers currently for most sites anymore. :sad:
Conner, I think you've misunderstood. In the case of Sandbox and other blogs, captcha isn't anywhere near as effective as a good spam filtering hook. You have to consider than if mine has been hit 49 times with captcha enabled I would have then had to go in and delete those 49 comments. Akismet blocked them all from ever being posted. So if captcha doesn't work, why impose the inconvenience on the users when they want to comment?
In forums it's not quite so easy since trying to use a comment based filter won't do much good for bogus bot registrations. You need other methods to combat that. And sadly right now captcha is it. But if you combine that with using Akismet to filter incoming posts, they can register all they like but it won't do them any good.
And blocking search engines from indexing you isn't the answer either. Doing so also prevents people from finding information contained in your forum.
My latest shoutout on my site:
"
Last Shout - Posted by: Brinson - Saturday, 10 March 2007 03:42
Oh dear god I hate spammers. We should bring back lynch mobs, why did they ever go out of style? I mean, if someone BARGED into my house without asking and tried to sell me shit over and over and over they'd be arrested for felony level offenses. People do it online and its just business. Note to spammers: I hate you. I want you to die…painfully. I want you to watch your blood leave your body. Now leave me alone, or I might track your IP and show up at the doorstep my discomfort afforded you. Brinson, Out. "
I'm amazed at how far they'll go. I have image verification on my site…are spam bots now able to crack those? Geez. Its not just that, too, but they're good. They hotlink smileys with what would, on anything but a very specialized forum, seem normal. Are you buying your gf flowers? Do you know where to get movies online? Can you point me to good articles on the site?
Oh dear god I hate them so much. They need to be shot…in the legs, over and over…until the pain itself causes them to die.
[ /Rant]
Any ideas you guys have about keeping them out? I don't want to personally activate each account…I dislike sites that do that…How about we start an organization dedicated to finding spammers and postings pics of their dislocated fingers? Yeah, I'd like that..
NOTE: Brinson does not, nor has he ever, promoted the brutal finding, torturing, scorching, destroying, abusing, beating, clubbing, pistol whipping, cutting, knifing, shooting, sniping, or killing of the despicable slime creatures he playfully calls "those bastard spammers who must die painfully far, far from all that they hold dear".