Java-Gaming.org    
Featured games (81)
games approved by the League of Dukes
Games in Showcase (499)
Games in Android Showcase (118)
games submitted by our members
Games in WIP (568)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: 1 [2]
  ignore  |  Print  
  Spam problem not quite solved.  (Read 5211 times)
0 Members and 1 Guest are viewing this topic.
Offline appel

JGO Wizard


Medals: 51
Projects: 4


I always win!


« Reply #30 - Posted 2010-12-21 12:55:49 »

Can't we locate the persons behind these spam bots, and just physically beat the hell out of them?  Roll Eyes

Check out the 4K competition @ www.java4k.com
Check out GAMADU (my own site) @ http://gamadu.com/
Offline princec

JGO Kernel


Medals: 392
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #31 - Posted 2010-12-21 13:44:56 »

Simply delete any accounts that don't post after 7 days.

Cas Smiley

Online Riven
« League of Dukes »

JGO Overlord


Medals: 803
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #32 - Posted 2010-12-21 13:53:54 »

Simply delete any accounts that don't post after 7 days.

Cas Smiley

As said earlier, deleting an account is not simply deleting a record from the jgoforums_members table. There are foreign keys pointing to those members, and by removing the record (including primary key) you can get into a lot of trouble, to the extend that the forum stops working.

I therefore use the 'ban this account' built into SMF, feeding it the result of the query that figures out all accounts without posts.

1  
2  
3  
4  
5  
6  
7  
8  
SELECT ID_MEMBER
FROM jgoforums_members
WHERE NOT EXISTS (
   SELECT *
   FROM jgoforums_messages
   WHERE jgoforums_members.ID_MEMBER = jgoforums_messages.ID_MEMBER
   )
AND `dateRegistered` < UNIX_TIMESTAMP() - 7*24*3600


Removing accounts one at a time, will (eventough automated) probably take a while and may have to be throttled, so I'm probably going to put it in a cronjob.

Besides that, it's not a solution to the spam problem.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline princec

JGO Kernel


Medals: 392
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #33 - Posted 2010-12-21 15:00:12 »

hm slightly cranky database design... I suppose it doesn't come with on delete cascade etc.

Cas Smiley

Offline jezek2
« Reply #34 - Posted 2010-12-21 15:12:49 »

What about people that are registered so they can track new posts? For example, I had posted my first post after over year since I registered account here.

You can't just blindly delete all accounts with 0 posts. What about some check for links in signature and last login activity? I think people who register just for tracking wouldn't set their signature right away (at least majority), but I can be wrong. Maybe just checking the last login date would be sufficient.
Offline princec

JGO Kernel


Medals: 392
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #35 - Posted 2010-12-21 15:23:52 »

Yes, that's a better idea. Basically vape dormant accounts.

Cas Smiley

Offline kappa
« League of Dukes »

JGO Kernel


Medals: 77
Projects: 15


★★★★★


« Reply #36 - Posted 2010-12-21 15:36:24 »

What about people that are registered so they can track new posts? For example

You should use a RSS feed Smiley
Online Riven
« League of Dukes »

JGO Overlord


Medals: 803
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #37 - Posted 2010-12-21 17:27:16 »

Okay: who exactly are we helping by deleting unused accounts? It certainly doesn't have noticeable impact on the forum performance.

There are 20.000 accounts without posts and without personal messages and without topic notifications.

After a cleanup, there would be 10.000 accounts remaining. I doubt anybody would notice the difference.

So why not put all effort in the spam problem itself, instead of the lingering accounts that might or might not be created by spammers. I couldn't really care less about signature spam in some far away page that will have an extremely low pagerank, as there are hardly any links to it.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline kappa
« League of Dukes »

JGO Kernel


Medals: 77
Projects: 15


★★★★★


« Reply #38 - Posted 2010-12-21 17:50:47 »

Out of the 30341 members that would get rid of 23971 (accurate at the time of posting Smiley).

Thats more then 79% of members, further a few thousand (at least 5k) can probably be shaved off as they are inactive or dead (haven't posted anything or logged on in years, and have less then 5 posts).

A cleaner database is a happy database Smiley
Online Riven
« League of Dukes »

JGO Overlord


Medals: 803
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #39 - Posted 2010-12-21 18:02:32 »

A cleaner database is a happy database Smiley

The database doesn't really care, and removing accounts can cause a lot of lurkers to loose their account. I am already receiving personal messages from lurkers. I just don't see the advantages here, and if any, they are outweighed by the potential problems and inconveniences big time.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline TheAnalogKid

JGO Coder


Projects: 2



« Reply #40 - Posted 2010-12-21 18:04:52 »

To make life much harder to spam bots the forums should require a capcha validation on each post and more importantly on user registration. I know it's embarassing for honest users but that helps.

Offline ryanm

Senior Member


Projects: 1
Exp: 15 years


Used to be bleb


« Reply #41 - Posted 2010-12-21 18:14:49 »

Okay: who exactly are we helping by deleting unused accounts?
<clutches at straws>New users whose preferred name has already been taken?

Pretty weak I guess. If it's going to be a ball-ache it's probably not worthwhile. You can put lurkers' mind at rest though - the last-active-on record should shield them from any cull
Offline EgonOlsen
« Reply #42 - Posted 2010-12-21 21:39:47 »

For the forum on the jPCT-website (based on SMF 1.1.12 with its weak captcha too), i maintain a large ban list. With some experience and the help of http://www.stopforumspam.com/ you get a pretty good feeling of what to put on the ban list and which account to delete. Spammers' stategies change from time to time, but you can easily adopt to it. With that, i've reduced spam accounts from 10-60 per day down to 0-5. Of course, this may hurt some people whose mail addresses match the current spamming strategy by accident, but i can live with that. For example, i'm banning every account from registering where the mail address matches *[0..9]@gmail*, *[0..9]@live* and *[0..9]@hotmail* to ban all those dumbashell152326@gmail.com suckers who register using dynamic IPs so that you can't ban them by IP.

I tried to use alternative captchas for SMF but they all sucked in one way or another. The problem with doing your own is, that you have to modify the code again every update.

It's still annoying and if somebody plans to use a tank to roll over some spammers, please count me in.

Offline Nate

JGO Kernel


Medals: 149
Projects: 4
Exp: 14 years


Esoteric Software


« Reply #43 - Posted 2010-12-21 21:51:16 »

I see we just got 15 spam posts. Rejecting any post by users with < 10 posts would fix that.

It is hardly a good idea to disallow posting for people with too few posts, that way they will never be allowed to post Tongue
(sorry, if I just explained a bad joke)

Haha... sorry, I meant "reject any post that contains links by users with < 10 posts".

Offline kappa
« League of Dukes »

JGO Kernel


Medals: 77
Projects: 15


★★★★★


« Reply #44 - Posted 2010-12-21 21:53:31 »

Haha... sorry, I meant "reject any post that contains links by users with < 10 posts".

Might unfairly penalise people posting for the first time to show of their project, which a lot of members do in their first post.
Offline ShannonSmith
« Reply #45 - Posted 2010-12-21 22:00:56 »

Some other forums replace links in posts of new users with a message saying: "links for users with less than 5 posts disabled". After 5 posts the links auto-enable.

Online Riven
« League of Dukes »

JGO Overlord


Medals: 803
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #46 - Posted 2010-12-21 22:31:41 »

As those spambots easily make over 10 posts, that's not really effective.

I think it's best to hide links from new accounts for 24 hours (since registration).

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline pjt33
« Reply #47 - Posted 2010-12-21 22:33:57 »

For example, i'm banning every account from registering where the mail address matches *[0..9]@gmail*, *[0..9]@live* and *[0..9]@hotmail* to ban all those dumbashell152326@gmail.com suckers who register using dynamic IPs so that you can't ban them by IP.
FWIW gmail addresses also work as whatever @ googlemail.com, so you might want to add that.
Offline EgonOlsen
« Reply #48 - Posted 2010-12-21 22:42:15 »

FWIW gmail addresses also work as whatever @ googlemail.com, so you might want to add that.
Yes, but spammers aren't using it that much ATM.

Offline kappa
« League of Dukes »

JGO Kernel


Medals: 77
Projects: 15


★★★★★


« Reply #49 - Posted 2010-12-21 22:54:01 »

I think it's best to hide links from new accounts for 24 hours (since registration).

does it really matter if the links from spambots show or not? posts get cleaned up pretty quickly anyway, i think the bigger problem is them posting in the first place and their posts showing up which is really the inconvenience here.
Offline Nate

JGO Kernel


Medals: 149
Projects: 4
Exp: 14 years


Esoteric Software


« Reply #50 - Posted 2010-12-22 00:06:44 »

i think the bigger problem is them posting in the first place and their posts showing up which is really the inconvenience here.

Exactly, that is why I propose not allowing the post if it has a link. Just removing the links isn't that helpful. It would probably be sufficient to require at least 1 post before you can make a post containing a link.

Online Riven
« League of Dukes »

JGO Overlord


Medals: 803
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #51 - Posted 2010-12-22 00:13:58 »

Yeah, like next time I will just ignore the posts that have nothing to do with the issue at hand -- like removing those ancient accounts.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline kappa
« League of Dukes »

JGO Kernel


Medals: 77
Projects: 15


★★★★★


« Reply #52 - Posted 2010-12-22 10:54:50 »

Yeah, like next time I will just ignore the posts that have nothing to do with the issue at hand -- like removing those ancient accounts.

sorry, probably came across too harsh/rude there, wasn't the intention.
Online Riven
« League of Dukes »

JGO Overlord


Medals: 803
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #53 - Posted 2010-12-22 11:44:28 »

This is the plan:

In the post process of members with zero or one posts, a post with a link in it will be (silently!) rejected and thus will not show up on the forum. Instead, the contents of the topic will be sent to the emailaddress of the poster, explaining this is an anti-spam measure, and kindly requesting him/her to make a new post without the link(s).

It conveniently leaves the post count at zero, preventing the case that everything (including spamming) is allowed after N posts. I'm pretty sure only human spammers can get through -- you're never going to stop them anyway.

Anybody opposed to this? Please enlighten me of any downsides.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline ryanm

Senior Member


Projects: 1
Exp: 15 years


Used to be bleb


« Reply #54 - Posted 2010-12-22 11:53:28 »

Sounds good to me.
Offline woogley
« Reply #55 - Posted 2010-12-22 13:38:42 »

Is there any way to disable signatures for new users? Much of the spam in the past has been plain text, with the actual spam links in their signature.
Online Riven
« League of Dukes »

JGO Overlord


Medals: 803
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #56 - Posted 2010-12-24 13:24:25 »

Additional captcha in registration process:

http://www.java-gaming.org/index.php?action=activate;u=0;code=0

(naturally it won't work when you try to actually activate it, as there is no userid 0)

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline ryanm

Senior Member


Projects: 1
Exp: 15 years


Used to be bleb


« Reply #57 - Posted 2011-01-14 13:12:41 »

Well that seems to have worked, I haven't seen a spam post since Cheesy
Bizarrely, there are still spam profiles getting through. I find it incredible that there are real people out there who have the knowledge to compile and run a java snippet who find it worthwhile to spam forums. Do we know if they try to post, or is their objective just to get the signature into the DB? Does the verification snippet change? Is it possible that the solution is being shared amongst spammers?

I also note that I've gained a "Delete this account" ability that purports to nuke a user and all their posts. Is this safe to use? Have the potential DB problems been resolved?
I have to admit, its presence makes me slightly nervous. I'm pretty sure I'm not going to abuse the awesome power it affords, but who knows what evil lurks in the hearts of men? It's like a big red button labelled "DO NOT PRESS"  persecutioncomplex
Pages: 1 [2]
  ignore  |  Print  
 
 
You cannot reply to this message, because it is very, very old.

 

Add your game by posting it in the WIP section,
or publish it in Showcase.

The first screenshot will be displayed as a thumbnail.

Riven (10 views)
2014-10-02 14:36:20

Pippogeek (41 views)
2014-09-24 16:13:29

Pippogeek (32 views)
2014-09-24 16:12:22

Pippogeek (22 views)
2014-09-24 16:12:06

Grunnt (48 views)
2014-09-23 14:38:19

radar3301 (30 views)
2014-09-21 23:33:17

BurntPizza (65 views)
2014-09-21 02:42:18

BurntPizza (37 views)
2014-09-21 01:30:30

moogie (44 views)
2014-09-21 00:26:15

UprightPath (53 views)
2014-09-20 20:14:06
List of Learning Resources
by Longor1996
2014-08-16 10:40:00

List of Learning Resources
by SilverTiger
2014-08-05 19:33:27

Resources for WIP games
by CogWheelz
2014-08-01 16:20:17

Resources for WIP games
by CogWheelz
2014-08-01 16:19:50

List of Learning Resources
by SilverTiger
2014-07-31 16:29:50

List of Learning Resources
by SilverTiger
2014-07-31 16:26:06

List of Learning Resources
by SilverTiger
2014-07-31 11:54:12

HotSpot Options
by dleskov
2014-07-08 01:59:08
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!