New feature: spam trap!

General Discussions
#1

I need your help in debugging this baby. I think it’s quite robust, but anyway… here it goes:

Posts are rejected if:

  1. the member has less than 3 posts
  2. it contains any of the strings that I made illegal (mainly to prevent links)

                // these are the illegal substrings

                $illegal = array();
                $illegal[] = 'http://';
                $illegal[] = 'www.';
                $illegal[] = '.com';
                $illegal[] = '.net';
                $illegal[] = '.org';
                $illegal[] = '.cn';
                $illegal[] = '.ru';

                // add a bunch of TLDs
                // $illegal[] = ...;

                $isIllegal = false;
                foreach($illegal as $item)
                {
                        $isIllegal |= (strpos($msg, $item) !== FALSE);
                }

There is an email sent to the member about what happened, and what should be done to be able to repost their message.

Feel free to make new accounts and try to spam in this thread.

#2

Signature and profile links will only be allowed when you have more than 3 (successful) posts.

Naturally: silent rejections, to prevent bots form freaking out.

#3

this looks like a super great why to sort the spam problem :slight_smile:

#4

Hope so!

#5

It’s also great way to filter out people who have first post with links to their showcased project…

EDIT: missed the e-mail part, so these people have to post three dummy posts without anything and then they can post the real post? Or is there additional captcha?

#6

It’s not perfect, but there is limited time I can spend on these things…

Got an idea that is simple to implement in a crappy PHP codebase?

#7

I’ve reported a few spammers before, but how many spammers successfully post here nowadays?

#8

I deleted 6 spam posts this morning.

#9

Ah, that explains some things :slight_smile:

How many genuine first posters do you get?

#10

Seems solid. Question: why don’t you include all domain suffixes targeting all countries?

#11

Mainly me being lazy. “http://” and “www.” are kinda catch-all anyway. The current TLDs are there because they have high-spam potential.

#12

You need to break once illegal turns true, otherwise you risk setting it to false again.

In fact, all you’re currently doing is excluding “.ru”, everything else is permitted.

#13

It’s bitwise OR…

#14

My eyes didn’t see it, ! and | seemed very similar. Maybe I need stronger glasses :\

I also tested it, registered a spam bot account and I got filtered when attempting to post a link.

#15

Have you already tried adding a new Input-Field like Email or something and add some text like “Don’t fill this out” and then just block all the Posts that filled out this Field? You could probably also just hide the Input-Field with CSS, since I guess most of the Bots don’t check first, wether the Field is visible or not.

Most of the Bots just fill out all Fields and send it. It works pretty good for me and some other People and it’s easy to implement.

#16

Good idea, sounds easy enough to implement, but I suspect it only really works well on contact-forms, not for dedicated code written to post a message on a SMF forum.

#17

Well, these bots target SMF (or specific versions thereof). So, the first step should be some customization of the sign up form. I’d put two extra rows at the very beginning… one textfield which shall remain empty and one textfield which shall remain unchanged (IP+salt -> hash).

I’d also rename the names of all inputs and replace their descriptions with images.

Everything which gets through that is either a human or a JGO specific bot. The latter is somewhat unlikely.

#18

U bad man anti-lynxist.

#19

The above sounds pretty good too.

#20

To be honest I think this is a far better solution than scaring away new members (assuming most first posters will add a link to their game).