Spam problem not quite solved.

Unfortunately the SMF update to 1.1.12 did not quite solve the spam problem.

The CAPTCHA is apparently trivial to crack for modern bots.

One of these days all banhammers will get instructions on how to wipe an account quickly, removing all posts at once.

Just like spam filters in your email inbox, it’s highly unlikely that we will have a perfect solution, but we can surely try to make the cleanup less of a hassle.

Maybe, if there are enough proponents, I can also automate it, by adjusting the [report to moderator] functionality, to automatically wipe a post if there are more than 3 hits by 3 different members.

Create a captcha using java applet. Maybe the bots can’t see that.

Any custom solution should work well enough, like a simple question with answer, even a weak custom captcha system.

Most the generic solutions are easy to for spammers since it makes sense for them to target and breach such solutions as they can mass spam.

Its just not worth the time or effort for spammers to target a custom solution (even if its weak) as it just on a single forum.

Also, if possible, automatically strip links from the first n posts of a new member, and add rel=“nofollow” to all links in the next n’ posts.

Sounds good.

http://indiespot.net:1337/app/jgo-code-image?code=WQC

?

Actually, I think the weak point of the captcha is the audio version of it, as it’s just a wav-file and you can probably match every character to a region of the file, purely by using a binary indexOf

What about an additional really simple question system (like “what is the third letter in the fourth word in this sentance”). Largely security via obscurity but it should be simple to code and will probably be quite effective.

This is good, but it is better to deny the post from happening so that someone doesn’t have to manually delete it. Also prevent any new accounts if they contain any links in the profile info (and editing the profile info).

While I do think we need a simple custom captcha solution, we are still going to get spammers. I imagine they have a way for their software to collect a bunch of register screens, and a human can just sit there and answer whatever the questions. Also we’ll probably get some manual human spammer sign ups, like those spammers who post an almost relevant question. I think it is necessary to block posts from happening if they appear to be spam.

oh nice, looks good, try it, if they still break through then we can think further.

Well it’ll probably only get cracked if the spammers think its worth spending time on. Just for one small forum? unlikely.

My suspicion is that spammers ignore the captcha image, and automatically download the *.wav file. It’s much easier (less CPU cycles) to ‘crack’ that wav file with indexOf than to make sense of the captcha image.

what about something like :

[attachment deleted by admin]

Actually I’m really in favour of the “3 reports of spamming and you’re banninated” approach. And block the IP for good measure for a week.

Cas

Maybe SMF 2 would have better spam options.

Too bad SMF 2 is in the ‘release candidate’ phase.

I’m not quite sure how much of a target JGO is for spammers.
In the case it isn’t, a simple custom clear-text question and text field answer at registration should suffice.
At least it works for my forum and a lot others.

I’m sceptical towards having the users remove spam…
No matter how many users we have, we will eventually run out of time to remove the ever increasing spam, a better solution should be found instead…

Well, that’s just my thoughts…

• Scarzzurs

What about a simple Java question? That can also weed out people who can’t program.

int c = 17;
c--;
c *= 2;
System.out.println("c");

What gets printed? That actually might be too hard because of the trick question aspect, but you get the idea, no?

does the intended result is “c” ?

This is a good solution. Although the println is not needed, just ask what the value of c is.

Yea good idea I’m creating 3 accounts right now