Daily spam, like every single day same thing?
-
The one time use password to the forum is located in the pfsense book available for purchase here and here.
-
Whatever spam protections we have active are being worked around yet again. It's an ongoing fight. The last few days I've noticed they have been coming from a wider array of IP addresses, often multiple attempts per user, so it's probably a botnet at the heart of it.
I'm not sure if anything else might have changed on our side or if it's just an anti-spam measure that was recently worked around by whatever software the bots are running now.
We might be able to look into some different SMF anti-spam controls, which might help again for a little while.
If a question is static, it just takes one human to plug in the answer to their bot before it's broken again, so something dynamic is better.
-
Posting rate limit until certain criteria meet to establish credibility of account.
Criteria could be a combination of a variety of conditions. Such as, account age, # of their threads that have been replied to by members and/or some number of members who have met criteria.
So that a newbie account can obtain timely assistance always allow them to reply within their thread once there is a reply by an established member.
It's all about requirements for establishing ones self within the community.
-
Whatever spam protections we have active are being worked around yet again. It's an ongoing fight. The last few days I've noticed they have been coming from a wider array of IP addresses, often multiple attempts per user, so it's probably a botnet at the heart of it.
I'm not sure if anything else might have changed on our side or if it's just an anti-spam measure that was recently worked around by whatever software the bots are running now.
We might be able to look into some different SMF anti-spam controls, which might help again for a little while.
If a question is static, it just takes one human to plug in the answer to their bot before it's broken again, so something dynamic is better.
The devs reccomend having many (20 to 30) registration questions. You can then set the number of questions which must be answered such as 3 to 5 for registration. The forum software will randomly rotate the questions to be answered from the ones you have set to keep the bots from automatically answering them. Obviously this may not help if there is an actual person on the other end registering a spam account but from what the devs at SMF say this is a fairly effective method of keeping the bots away.
-
Multi language questions!
-
If it's bots, many of them won't run client side scripts. If they do it makes them vulnerable to counter attack. So if that is the case, that they are bots, then some well crafted dynamic JS may eliminate the vast majority of them without even being noticed by real users.
-
Make every newbie's first two posts mod approved. Hard to post something on topic in a technical forum if you are a spammer and have no clue otherwise.
-
I didn't notice them morning, but my morning routine was disrupted and I wasn't on the board as early as normally am.. I am quite often checking around 5-530ish chicago time. And normally they are always there. But didn't get on this morning, maybe the mods already deleted them now?
Maybe the group using pfsense forums as message exchange with their coded messages are on vacation? ;) Maybe they got arrested? ;)
Problem I see with mod approval for first few messages is that is just more work for the mod, vs deleting spam and their accounts their having to approve all new members posts, etc.
Guess another option is just more eyes on it? I would be happy help move/delete spam.. Maybe we can get some volunteers that can move the messages into a hidden area so mods can just deal with easier. This keeps the spam from normal users eyes and makes it easier for mods to deal with all in 1 place, etc?
This prevents the volunteers from deleting stuff that is not really spam, if they move stuff they shouldn't then they can be removed from the vol list, etc.
Just spitballing here - got to be way someway to squash this shit…
-
Best practice would be to try prevent it from happening at all rather than dealing with it after it's here. That goes for approving new user posts. That's a lot to ask of the mods and admins, especially on a fairly busy forum such as this one.
-
Read only for all.
Must buy the book for post access.
Unrestricted forum use for support subscribers plus a hot line section or something.
Monetizing isn't necessarily evil if you do it in a way that supports the community.
The only thing is if everyone buys a book would it kill the action here in the forums.
There's a balance for sure. -
Read only for all.
Must buy the book for post access.This would be another kind of forum. BTW not a forum any more but rather "support channel". Why not but not mine, for sure.
As already stated above, this is, in any case, an endless ongoing fight and if making registration more difficult generates more workload from mods, then this is useless and will be more painful, from mods perspective, than deleting spam.
So game is to find the right balance, meaning reasonably complex and dynamic registration process between "open free control-less registration" and process relying on mods approbation after you buy book and report last "6 letters" word printed on page 98.
-
… approving new user posts. That's a lot to ask of the mods and admins ...
Maybe we could share this workload between "validated" board members. Maybe members with more than 100 posts OR a >+10 Karma OR after applying for?
OR at least two veteran board members (your definition here) have to validate new member's first two posts which are parked in a "penalty queue" until final ok.Sharing the approval work load is the key.
-
To me karma is totally meaningless.
You may get "smite" for any good or wrong reason, whatever yo do (or don't) like, the other way around, you may get "applaud" or "thank you" for nothing.Obviously, this doesn't prevent to bring ideas aiming to sanitize this forum ;)
-
Anything that makes more work for the mods/community than deleting spam is not worth the hassle. I also don't like the 'pay to play' idea, it would go against the nature of this forum. The barrier for discussion/posting here must stay low.
As it stands, we get a handful of spam posts a day. Which may be annoying, but it's better than hundreds or thousands, and they do get cleaned up as soon as they're noticed.
-
… approving new user posts. That's a lot to ask of the mods and admins ...
Maybe we could share this workload between "validated" board members. Maybe members with more than 100 posts OR a >+10 Karma OR after applying for?
OR at least two veteran board members (your definition here) have to validate new member's first two posts which are parked in a "penalty queue" until final ok.Sharing the approval work load is the key.
This could possibly work. The best way would be to create a custom mod group with limited moderator permissions so the actual board moderators group isn't expanded beyond a small core group. It would also take a bit of work to vet who the admins would want in this group too, you don't want just anyone trimming posts or wielding a ban hammer.
I'm just not sure if the approval of new member posts is a permission setting that is independent of a regular mods permissions. I do run a small SMF forum so I'll go dig around in the permissions settings and see if that's even possible.
The barrier for discussion/posting here must stay low.
This right here is huge. You make it difficult for new member to participate, even slightly, and it will kill your forum in no time.
-
Did tiered access work for any of the forums out there?
I know at one point Ars tried it. I didn't stay after I was disillusioned with them because they used $5 words but actually were kind of primal in their tactics if they didn't like what you were saying.
Captcha for the bots - don't know what to do about the jerks, though.
-
Captcha for the bots - don't know what to do about the jerks, though.
Ineffective. There's bots out there that can beat captcha. That's where the string of security questions that can only be answered by a person come in.
-
Why just drives me nuts is who in the right mind even follows these links posted in them.. I can understand someone paying someone to post the stuff to try and drive people to wherever they are linking too.
But as who would actually go there even if the board was full of this stuff. I mean really??? I just do not get it.. So if nobody goes, why would you keep paying the people to do it? it really is a sad example of the complete lack of competence in the overall user base of the whole net..
I mean really look at the example shit I posted, who would actually follow anything in such a post???
-
Why just drives me nuts is who in the right mind even follows these links posted in them.. I can understand someone paying someone to post the stuff to try and drive people to wherever they are linking too.
But as who would actually go there even if the board was full of this stuff. I mean really??? I just do not get it.. So if nobody goes, why would you keep paying the people to do it? it really is a sad example of the complete lack of competence in the overall user base of the whole net..
I mean really look at the example shit I posted, who would actually follow anything in such a post???
People are strange. I get a kick out of reading my spam.
The pornographers use credit cards out of necessity.
The root issue is there's no online universal identity. Making identities is trivial and therefore a vector in which shenanigans is spawned through.
-
But as who would actually go there even if the board was full of this stuff. I mean really??? I just do not get it.. So if nobody goes, why would you keep paying the people to do it?
The wonderful and horrible thing about the internet is that it's given us access to a big planet.
When the bots have access to a potential pool of billions of users, you only need to sucker a small percentage to get some return.Unfortunately we're victims of our own success in that having an active vibrant (one of the best out there IMHO) forum means you're a target for the creeps trying to take advantage.
Annoying (as hell some days) but part of the price of "freedom" and keeping this forum and the pfSense product healthy.
Just my $.02
