bugleyman |
3 people marked this as a favorite. |
Literally 80% of the recent threads on the front page are spam.
Guys, come one. CAPTCHAs? How about requiring folks to activate their account by e-mail before use? Or better yet, how about both?
Neither of these are silver bullets...nor are they intended to be. Rather, they're intended to push the amount of effort required to spam high enough to make the spammers look elsewhere for easier targets.
Steve Geddes |
These spammers appear to be happy to sit there for hours at a time creating an account, making a couple of posts and then creating a new account (when the first is deleted). I don't really understand what value they're deriving from it (apparently the high volume of paizo.com counterbalances the fact the spam rarely remains for more than a few minutes). Nonetheless, given the amount of effort they're already devoting for minimal benefit is an email confirmation really going to slow them down at all?
As I understand it, there is already software available which is as accurate as humans at deciphering Captcha (though that's not backed up by anything more reliable than pub talk).
bugleyman |
Again, the idea isn't to make spam impossible, just to make it too time-consuming to be worth the effort.
But really, why not try? How many hours are burned manually removing threads/accounts? To say nothing of the negative impression created when a visitor to the website sees 50%+ of the recent threads on the front page are spam (not an exaggeration -- for the past week or so this has been the case at least half the time). In other words, the status quo isn't really a realistic option, especially if you derive much of your income from the web.
Steve Geddes |
Yeah, I agree something needs to be done. Also, I believe there are things in train (certainly it appears that the countermeasures are evolving along with the spammers behaviour) - I don't think they're not trying.
It's just that making things slightly more difficult for new users doesn't seem like the right strategy to me (since the illegitimate users are already putting up with a huge inconvenience for marginal benefit, making it huge+a little bit probably won't drive them away but probably will be too much for some potential customers).
bugleyman |
*shrug* I guess. Things like activation e-mails and CAPTCHAs are pretty standard, and for just this reason -- not many netizens would balk if they intend to actually use the account (as opposed to spamming with it twice).
That said, maybe you're right and they have a different strategy. It's simply hard to understand why Paizo in particular seems to be taking so long to address the problem.
Gary Teter Senior Software Developer |
14 people marked this as a favorite. |
Anti-spam measures can, if improperly implemented, completely destroy an online community, in slow ways that are hard to detect at first. Keeping the paizo.com messageboards a safe, fun place for everybody is super important, so we're naturally cautious.
I've been working on some new anti-spam tools while everyone's away at Gen Con. We'll probably start testing them later this week. It'll take some time to fine tune them so they'll be operating in an "advisory mode" until we're sure the spamhammer can be made fully operational. But rest assured, those knuckleheads are in our sights.
Marc Radle |
That's great to hear Gary!
FYI, I've joined a couple new forums, mailing lists etc. lately and every last one of them involved some kind of account activation via e-mail before I could use it. It's pretty standard anymore.
I honestly don't think any rational person would mind something like that and it seems like it would slow down the spammers considerably ...
Andrew Betts |
7 people marked this as a favorite. |
I honestly hate captchas and activation e-mails. There are some places I still can't receive my activation e-mails from for reasons like I'm not using an e-mail address associated with my ISP or not using some known service (hotmail, gmail, yahoo, etc). Sometimes the e-mails never even show up no matter what e-mail address I send them too (and they don't go to spam).
And captchas? They're just horrible, especially when I have to zoom a page 500% just to read them. There has yet to ever be a good implementation of them.
Lissa Guillet System Administrator |
BigNorseWolf |
12 people marked this as a favorite. |
And these are real people making these accounts. It's not going to stop them. It will likely just slow them down. We're creating tools to do what needs to be done.
cut scene to dwarves working deep in the bowels of the paizo offices , hammering, pounding, and grinding away on various spiked hammers, wickedly curved knives, and testing a two handed sword out on a computer and a practice dummy wearing a pocket protector
StarMartyr365 |
And these are real people making these accounts. It's not going to stop them. It will likely just slow them down. We're creating tools to do what needs to be done.
We should make sport of this. Spam kill boards? Something shiny and inconsequential like a tag for the most "kills?"
I'm sure things will improve after you guys get your new weapons of spam destruction online. I don't mind sniping the few who make it through.
SM
IQuarent |
Lissa Guillet wrote:And these are real people making these accounts. It's not going to stop them. It will likely just slow them down. We're creating tools to do what needs to be done.cut scene to dwarves working deep in the bowels of the paizo offices , hammering, pounding, and grinding away on various spiked hammers, wickedly curved knives, and testing a two handed sword out on a computer and a practice dummy wearing a pocket protector
Ha! What nerds.
BigDTBone |
2 people marked this as a favorite. |
Anti-spam measures can, if improperly implemented, completely destroy an online community, in slow ways that are hard to detect at first. Keeping the paizo.com messageboards a safe, fun place for everybody is super important, so we're naturally cautious.
I've been working on some new anti-spam tools while everyone's away at Gen Con. We'll probably start testing them later this week. It'll take some time to fine tune them so they'll be operating in an "advisory mode" until we're sure the spamhammer can be made fully operational. But rest assured, those knuckleheads are in our sights.
Anti-spam should be more targeted toward the behavior of the spammers.
Stuff that wouldn't affect 99.9% of people at all; if your account is less than 7 days old you:
Can't make two new threads in the same forum less than 3 hours apart.
Can't make 3 new threads AT ALL less than 6 hours apart.
Thread title can't contain non-English characters.
Thread titles cannot contain .com (forum software must ignore spaces)
cannot make a new thread until they make 10 other posts OR a purchase. (This one is pretty extreme, granted)
All of these actions should result in a user warning and then an automated temp ban if the another trigger action is attempted. The temp ban should trigger the automatic deletion of all user posts in the last hour.
If the system has that that occur more than 4 times in an hour it adds a requirement line to account creation, "PFS number" that way people who are trying to sign up at a con or just on the other side of the world on game night can take the number they got from the coordinator (who generated 20 of them ahead of time and keeps them in their bag) and create an account without noticing any restriction or delay.
Marc Radle |
Gary Teter wrote:Anti-spam measures can, if improperly implemented, completely destroy an online community, in slow ways that are hard to detect at first. Keeping the paizo.com messageboards a safe, fun place for everybody is super important, so we're naturally cautious.
I've been working on some new anti-spam tools while everyone's away at Gen Con. We'll probably start testing them later this week. It'll take some time to fine tune them so they'll be operating in an "advisory mode" until we're sure the spamhammer can be made fully operational. But rest assured, those knuckleheads are in our sights.
Anti-spam should be more targeted toward the behavior of the spammers.
Stuff that wouldn't affect 99.9% of people at all; if your account is less than 7 days old you:
Can't make two new threads in the same forum less than 3 hours apart.
Can't make 3 new threads AT ALL less than 6 hours apart.
Thread title can't contain non-English characters.
Thread titles cannot contain .com (forum software must ignore spaces)
cannot make a new thread until they make 10 other posts OR a purchase. (This one is pretty extreme, granted)All of these actions should result in a user warning and then an automated temp ban if the another trigger action is attempted. The temp ban should trigger the automatic deletion of all user posts in the last hour.
If the system has that that occur more than 4 times in an hour it adds a requirement line to account creation, "PFS number" that way people who are trying to sign up at a con or just on the other side of the world on game night can take the number they got from the coordinator (who generated 20 of them ahead of time and keeps them in their bag) and create an account without noticing any restriction or delay.
These actually sound like excellent measures (minus the last one of course). As I read them, it occurred to me that a number of other message boards I belong to also have similar restrictions to new users.
Marc Radle |
1 person marked this as a favorite. |
Anti-spam measures can, if improperly implemented, completely destroy an online community, in slow ways that are hard to detect at first. Keeping the paizo.com messageboards a safe, fun place for everybody is super important, so we're naturally cautious.
On the flip side, having forums constantly flooded with this spam garbage can and will also completely destroy an online community :(
Anguish |
3 people marked this as a favorite. |
On the flip side, having forums constantly flooded with this spam garbage can and will also completely destroy an online community :(
Not really. It's amazing what you don't pay attention to if it's not relevant to your life. Like... advertising. On an annoyance scale of 1 to 10, these non-English spam threads are easily only a 1.
Jumping through hoops to participate in a community... that's at least a 2.
For instance, I won't rate software I use on Google Play because... seriously, Google+? I have to have ANOTHER thing that isn't my Google account? Not happening. More hoops, bad.
Kobold Catgirl |
7 people marked this as a favorite. |
Yeah, the spam is kinda annoying, I guess, but not really that bad for me. Maybe I'm just really tolerant of long chains of completely pointless, redundant, idiotic threads for some reason.
Stuff that wouldn't affect 99.9% of people at all;
Uh...
Can't make two new threads in the same forum less than 3 hours apart.
W...whuh....
Can't make 3 new threads AT ALL less than 6 hours apart.
bb-b-buh...
*Marches down Paizo street carrying sign: I AM THE 0.01%*
Anguish |
1 person marked this as a favorite. |
Uh...
Quote:Can't make two new threads in the same forum less than 3 hours apart.W...whuh....
Quote:Can't make 3 new threads AT ALL less than 6 hours apart.bb-b-buh...
*Marches down Paizo street carrying sign: I AM THE 0.01%*
You omitted the important part: "if your account is less than 7 days old".
Seriously, sliding posting rights is a reasonable approach. Someone with a brand new account probably shouldn't be creating multiple threads. Two in the first day, tops. After someone's made it upwards of ten posts in a week (or more) without being flagged as a spammer, they could be awarded full posting privs.
Feros |
3 people marked this as a favorite. |
Kobold Cleaver wrote:Uh...
Quote:Can't make two new threads in the same forum less than 3 hours apart.W...whuh....
Quote:Can't make 3 new threads AT ALL less than 6 hours apart.bb-b-buh...
*Marches down Paizo street carrying sign: I AM THE 0.01%*
You omitted the important part: "if your account is less than 7 days old".
Seriously, sliding posting rights is a reasonable approach. Someone with a brand new account probably shouldn't be creating multiple threads. Two in the first day, tops. After someone's made it upwards of ten posts in a week (or more) without being flagged as a spammer, they could be awarded full posting privs.
Yeah KC, your account is so old it remembers when cell-phones weren't smart! :)
TomG |
As much as I dislike spam, it don't see it as much as others on this forum, I guess (although it's admittedly pretty bad today).
More frustrating to me is how frequently the forums are down (whether for maintenance, or whatever). It bothered me a decade ago when Paizo was running PF in its first beta, and it is still an issue when I return a decade later.
There are tools that can help (strategies used by the "Bad Behavior" and "akismet" plugins, for example), that address behavior, location, similarity to other posts, etc., not just content of a single post. The ability to sandbox accounts (so they appear visible to themselves, but not to other non-sandboxed users) helps, as does implementing easy account removal tools, and a big community of moderators. A handful of rules by itself won't be sufficient, and can be gamed if it's actual people behind the spam (like it seems to be).
Even with these strategies, I'd still much rather Paizo work on keeping the forums more responsive and with a higher uptime.
bugleyman |
A captcha also only takes a second or two to get past. You could accomplish the exact same result by just delaying the activation by about a minute. Not that I'm saying we should do that, either.
It isn't the delay that matters, it's the extra effort on the part of the registrant.
But whatever. All I know is that many, many other very popular forums that employ CAPTCHAs and/or registration confirmation do not have this problem. I cannot, of course, say this is a causal relationship, but there is certainly a correlation.
For the record, six out of ten threads on the front page at the time of this posting were spam. It's hard to see how a few registration hoops would do more damage to the community than that level of spam. YMMV.
Richard Moore Editor, Jon Brazer Enterprises |
Aniuś the Talewise |
Gary Teter wrote:Anti-spam measures can, if improperly implemented, completely destroy an online community, in slow ways that are hard to detect at first. Keeping the paizo.com messageboards a safe, fun place for everybody is super important, so we're naturally cautious.
I've been working on some new anti-spam tools while everyone's away at Gen Con. We'll probably start testing them later this week. It'll take some time to fine tune them so they'll be operating in an "advisory mode" until we're sure the spamhammer can be made fully operational. But rest assured, those knuckleheads are in our sights.
Anti-spam should be more targeted toward the behavior of the spammers.
Stuff that wouldn't affect 99.9% of people at all; if your account is less than 7 days old you:
Can't make two new threads in the same forum less than 3 hours apart.
Can't make 3 new threads AT ALL less than 6 hours apart.
Thread title can't contain non-English characters.
Thread titles cannot contain .com (forum software must ignore spaces)
cannot make a new thread until they make 10 other posts OR a purchase. (This one is pretty extreme, granted)All of these actions should result in a user warning and then an automated temp ban if the another trigger action is attempted. The temp ban should trigger the automatic deletion of all user posts in the last hour.
If the system has that that occur more than 4 times in an hour it adds a requirement line to account creation, "PFS number" that way people who are trying to sign up at a con or just on the other side of the world on game night can take the number they got from the coordinator (who generated 20 of them ahead of time and keeps them in their bag) and create an account without noticing any restriction or delay.
forum software should also take into account that the spammers sometimes use an alternative dot punctuation in .com
BigDTBone |
1 person marked this as a favorite. |
BigDTBone wrote:forum software should also take into account that the spammers sometimes use an alternative dot punctuation in .comGary Teter wrote:Anti-spam measures can, if improperly implemented, completely destroy an online community, in slow ways that are hard to detect at first. Keeping the paizo.com messageboards a safe, fun place for everybody is super important, so we're naturally cautious.
I've been working on some new anti-spam tools while everyone's away at Gen Con. We'll probably start testing them later this week. It'll take some time to fine tune them so they'll be operating in an "advisory mode" until we're sure the spamhammer can be made fully operational. But rest assured, those knuckleheads are in our sights.
Anti-spam should be more targeted toward the behavior of the spammers.
Stuff that wouldn't affect 99.9% of people at all; if your account is less than 7 days old you:
Can't make two new threads in the same forum less than 3 hours apart.
Can't make 3 new threads AT ALL less than 6 hours apart.
Thread title can't contain non-English characters.
Thread titles cannot contain .com (forum software must ignore spaces)
cannot make a new thread until they make 10 other posts OR a purchase. (This one is pretty extreme, granted)All of these actions should result in a user warning and then an automated temp ban if the another trigger action is attempted. The temp ban should trigger the automatic deletion of all user posts in the last hour.
If the system has that that occur more than 4 times in an hour it adds a requirement line to account creation, "PFS number" that way people who are trying to sign up at a con or just on the other side of the world on game night can take the number they got from the coordinator (who generated 20 of them ahead of time and keeps them in their bag) and create an account without noticing any restriction or delay.
And replace Os with 0s
TOZ |
Orfamay Quest |
3 people marked this as a favorite. |
Regarding the captcha discussion. An alternative is google's reCAPTCHA.
That's not an "alternative" in any meaningful sense of the word.
1) the spammers who are hitting our board are not bots.
2) Captcha and its variants only protect against bots.
3) Captcha, and all its variants, add substantially to the annoyance level of real customers.
Drive away some of the paying customers while doing literally nothing to prevent spam? Yeah, that's a great idea! <rolleyes>
Chubby1968 |
Drive away some of the paying customers while doing literally nothing to prevent spam? Yeah, that's a great idea! <rolleyes>
I'm sorry if I somehow offended you and therefore is deserving of your sarcasm.
However, on sites where I've tried the reCAPTCHA it has worked great, since I as the user only have had to click a confirmation button and not solve a normal captcha. It is my understanding, that the risk analysis part of the method makes it more difficult for "suspicious" users (whether they are bots or not). Of course, it does work best against bots.
bugleyman |
Chubby1968 wrote:Regarding the captcha discussion. An alternative is google's reCAPTCHA.That's not an "alternative" in any meaningful sense of the word.
1) the spammers who are hitting our board are not bots.
2) Captcha and its variants only protect against bots.
3) Captcha, and all its variants, add substantially to the annoyance level of real customers.Drive away some of the paying customers while doing literally nothing to prevent spam? Yeah, that's a great idea! <rolleyes>
Assuming you read this -- which is a risk, because you clearly haven't read most of the thread -- it's not about stopping spammers. It's making this site a less tempting target. If CATCHAs "add substantially to the annoyance of level of real customers," doesn't that mean they'd also annoy the spammers? And since the goal is to encourage them to move to easier (read: less annoying) targets...
Also, the current situation is untenable, and is almost certainly driving away customers. If I come to a website to create an account, and see it is inundated with spammers, I'll probably just say thanks but no thanks and go to a different site. One that, mysteriously, doesn't have that problem. If only we had some clue how they accomplished that...
Orfamay Quest |
1 person marked this as a favorite. |
Orfamay Quest wrote:Assuming you read this -- which is a risk, because you clearly haven't read most of the thread -- it's not about stopping spammers. It's making this site a less tempting target. If CATCHAs "add substantially to the annoyance of level of real customers," doesn't that mean they'd also annoy the spammers?
Drive away some of the paying customers while doing literally nothing to prevent spam? Yeah, that's a great idea! <rolleyes>
No. They are humans who get paid to target specific sites. Annoyance is not a factor in their target selection.
And since the goal is to encourage them to move to easier (read: less annoying) targets...
.... it will do literally nothing to prevent spam while driving away some of the paying customers.
<rolleyes>
Also, the current situation is untenable, and is almost certainly driving away customers.
I agree. So we should definitely make it worse and drive away even more of the paying customers.
<rolleyes>
John Woodford |
Kvantum wrote:Is there some way to isolate the incoming IPs for those spam posters?No. They're using a botnet. It might even be your IP that they're using, depending upon how often you update your anti-virus software.
So keep your antivirus software up to date.