January 31, 2007 at 8:30 am #2148
Is there anyone to crack down on the spam postings (re: dodgy sites). I know they get removed quite quick, but they always seem to be there when I am trying to sell the benefits of open source to my boss! It makes it a hard sell……
CheersJanuary 31, 2007 at 10:53 am #2149
Its a real nightmare with the forum spam. I check the site every morning (British time) so like you say it gets removed pretty quick. When I find spam I ban the IP address it came from and remove the offending user. The user registration form is bot-proof so I think what happens is that human spammers register new user accounts then feed these into a spambot which posts the offending items. Ill install a new forum module over next week or so in order that all posts have to be human-verified by typing in the characters from an image, as this method seems bot-proof.
Half the problem I think is the software I use, from what I gather PHPBB is so popular now that any popular phpbb site is a spam magnet. Ill try installing some more anti-spam modules before thinking about changing forum software though!
MarkFebruary 12, 2007 at 2:54 pm #2150
Just wanted to update you on what Ive done to prevent forum spamming as there were several users who felt awkward forwarding the site to their managers when trying to present a case for adoption of open source testing tools within their businesses. Obviously this kind of defeats the purpose of the site so Ive made it a priority to improve the anti-spam techniques used. What follows is my current anti-spam strategy, some of these were in place already while others are new, hopefully this will stop the problem in its tracks:
– [b:1qp6rlgl]Email confirmation[/b:1qp6rlgl] is required during user registration, this puts many spammers off as a genuine email is required.
– [b:1qp6rlgl]Visual confirmation[/b:1qp6rlgl] is required during user registration which means that bots cannot register.
– The [b:1qp6rlgl]forum software is updated[/b:1qp6rlgl] immediately new production releases are made available, these often have security/spam fixes
– The [b:1qp6rlgl]memberlist page has been removed[/b:1qp6rlgl] so that URLs to sites of spammers who do not post are no longer visible, defeating the point of these spammers registering; members can still view the profile of a person via a link from one of their posts.
– [b:1qp6rlgl]All posts now require visual confirmation[/b:1qp6rlgl], this should be the nail in the coffin as humans were registering and then passing their login to their bots.
– A [b:1qp6rlgl]bot trap[/b:1qp6rlgl] on the homepage successfully throws most bots off the site and permanently bans them before most of them even reach the forums.
– [b:1qp6rlgl]Daily manual checks[/b:1qp6rlgl] take place as well as all these automated methods, and spam is removed immediately it is found.
Unfortunately I had to make a tradeoff between two very important areas: spam protection and accessibility. Visual confirmation using bitmapped images (captchas) presents a real problem to users who are blind, have low vision, or have a learning disability such as dyslexia. However, the user registration has used visual confirmation since 2003, and no-one has contacted me yet regarding this issue so I am assuming this has not been a problem for the sites users. If this does cause a problem to anyone though, please do contact me and I will look into applying alternative anti-spam measures.
You must be logged in to reply to this topic.