Java-Gaming.org    
Featured games (79)
games approved by the League of Dukes
Games in Showcase (475)
Games in Android Showcase (106)
games submitted by our members
Games in WIP (530)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: [1] 2
  ignore  |  Print  
  Spam problem not quite solved.  (Read 5115 times)
0 Members and 1 Guest are viewing this topic.
Offline Riven
« League of Dukes »

JGO Overlord


Medals: 742
Projects: 4
Exp: 16 years


Hand over your head.


« Posted 2010-12-18 22:52:03 »

Unfortunately the SMF update to 1.1.12 did not quite solve the spam problem.

The CAPTCHA is apparently trivial to crack for modern bots.

One of these days all banhammers will get instructions on how to wipe an account quickly, removing all posts at once.

Just like spam filters in your email inbox, it's highly unlikely that we will have a perfect solution, but we can surely try to make the cleanup less of a hassle.

Maybe, if there are enough proponents, I can also automate it, by adjusting the [report to moderator] functionality, to automatically wipe a post if there are more than 3 hits by 3 different members.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline appel

JGO Wizard


Medals: 49
Projects: 4


I always win!


« Reply #1 - Posted 2010-12-18 23:01:28 »

Create a captcha using java applet. Maybe the bots can't see that.

Check out the 4K competition @ www.java4k.com
Check out GAMADU (my own site) @ http://gamadu.com/
Offline kappa
« League of Dukes »

JGO Kernel


Medals: 74
Projects: 15


★★★★★


« Reply #2 - Posted 2010-12-18 23:19:52 »

Any custom solution should work well enough, like a simple question with answer, even a weak custom captcha system.

Most the generic solutions are easy to for spammers since it makes sense for them to target and breach such solutions as they can mass spam.

Its just not worth the time or effort for spammers to target a custom solution (even if its weak) as it just on a single forum.
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline pjt33
« Reply #3 - Posted 2010-12-19 00:12:32 »

Also, if possible, automatically strip links from the first n posts of a new member, and add rel="nofollow" to all links in the next n' posts.
Offline Nmb910

Senior Newbie





« Reply #4 - Posted 2010-12-19 02:25:12 »

Sounds good.
Offline Riven
« League of Dukes »

JGO Overlord


Medals: 742
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #5 - Posted 2010-12-19 02:50:09 »

Any custom solution should work well enough

?

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline Riven
« League of Dukes »

JGO Overlord


Medals: 742
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #6 - Posted 2010-12-19 02:52:40 »

Actually, I think the weak point of the captcha is the audio version of it, as it's just a wav-file and you can probably match every character to a region of the file, purely by using a binary indexOf

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline Orangy Tang

JGO Kernel


Medals: 56
Projects: 11


Monkey for a head


« Reply #7 - Posted 2010-12-19 02:54:02 »

What about an additional really simple question system (like "what is the third letter in the fourth word in this sentance"). Largely security via obscurity but it should be simple to code and will probably be quite effective.

[ TriangularPixels.com - Play Growth Spurt, Rescue Squad and Snowman Village ] [ Rebirth - game resource library ]
Offline Nate

JGO Kernel


Medals: 145
Projects: 4
Exp: 14 years


Esoteric Software


« Reply #8 - Posted 2010-12-19 10:02:42 »

Also, if possible, automatically strip links from the first n posts of a new member, and add rel="nofollow" to all links in the next n' posts.
This is good, but it is better to deny the post from happening so that someone doesn't have to manually delete it. Also prevent any new accounts if they contain any links in the profile info (and editing the profile info).

While I do think we need a simple custom captcha solution, we are still going to get spammers. I imagine they have a way for their software to collect a bunch of register screens, and a human can just sit there and answer whatever the questions. Also we'll probably get some manual human spammer sign ups, like those spammers who post an almost relevant question. I think it is necessary to block posts from happening if they appear to be spam.

Offline kappa
« League of Dukes »

JGO Kernel


Medals: 74
Projects: 15


★★★★★


« Reply #9 - Posted 2010-12-19 15:11:54 »


oh nice, looks good, try it, if they still break through then we can think further.

Actually, I think the weak point of the captcha is the audio version of it, as it's just a wav-file and you can probably match every character to a region of the file, purely by using a binary indexOf

Well it'll probably only get cracked if the spammers think its worth spending time on. Just for one small forum? unlikely.
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline Riven
« League of Dukes »

JGO Overlord


Medals: 742
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #10 - Posted 2010-12-19 17:20:53 »

Actually, I think the weak point of the captcha is the audio version of it, as it's just a wav-file and you can probably match every character to a region of the file, purely by using a binary indexOf

Well it'll probably only get cracked if the spammers think its worth spending time on. Just for one small forum? unlikely.

My suspicion is that spammers ignore the captcha image, and automatically download the *.wav file. It's much easier (less CPU cycles) to 'crack' that wav file with indexOf than to make sense of the captcha image.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline DzzD
« Reply #11 - Posted 2010-12-19 17:39:49 »

what about something like :

[attachment deleted by admin]

Offline princec

JGO Kernel


Medals: 339
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #12 - Posted 2010-12-19 22:16:12 »

Actually I'm really in favour of the "3 reports of spamming and you're banninated" approach. And block the IP for good measure for a week.

Cas Smiley

Offline zammbi

JGO Coder


Medals: 4



« Reply #13 - Posted 2010-12-20 00:46:22 »

Maybe SMF 2 would have better spam options.

Current project - Rename and Sort
Offline Riven
« League of Dukes »

JGO Overlord


Medals: 742
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #14 - Posted 2010-12-20 00:53:11 »

Maybe SMF 2 would have better spam options.
Too bad SMF 2 is in the 'release candidate' phase.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline Scarzzurs
« Reply #15 - Posted 2010-12-20 12:41:49 »

I'm not quite sure how much of a target JGO is for spammers.
In the case it isn't, a simple custom clear-text question and text field answer at registration should suffice.
At least it works for my forum and a lot others.

I'm sceptical towards having the users remove spam...
No matter how many users we have, we will eventually run out of time to remove the ever increasing spam, a better solution should be found instead...

Well, that's just my thoughts...

- Scarzzurs

My games and Projects:
BlastingPixels.com,
Old website
Offline Eli Delventhal

JGO Kernel


Medals: 42
Projects: 11


Game Engineer


« Reply #16 - Posted 2010-12-21 00:11:13 »

What about a simple Java question? That can also weed out people who can't program. :-)

1  
2  
3  
4  
int c = 17;
c--;
c *= 2;
System.out.println("c");

What gets printed? That actually might be too hard because of the trick question aspect, but you get the idea, no?

See my work:
OTC Software
Offline DzzD
« Reply #17 - Posted 2010-12-21 02:12:12 »

does the intended result is "c" Smiley ?

Offline appel

JGO Wizard


Medals: 49
Projects: 4


I always win!


« Reply #18 - Posted 2010-12-21 03:10:24 »

What about a simple Java question? That can also weed out people who can't program. :-)

1  
2  
3  
4  
int c = 17;
c--;
c *= 2;
System.out.println("c");

What gets printed? That actually might be too hard because of the trick question aspect, but you get the idea, no?

This is a good solution. Although the println is not needed, just ask what the value of c is.

Check out the 4K competition @ www.java4k.com
Check out GAMADU (my own site) @ http://gamadu.com/
Offline Gudradain
« Reply #19 - Posted 2010-12-21 04:15:56 »

Actually I'm really in favour of the "3 reports of spamming and you're banninated" approach. And block the IP for good measure for a week.

Cas Smiley

Yea good idea I'm creating 3 accounts right now Smiley
Offline Nate

JGO Kernel


Medals: 145
Projects: 4
Exp: 14 years


Esoteric Software


« Reply #20 - Posted 2010-12-21 06:29:19 »

I see we just got 15 spam posts. Rejecting any post by users with < 10 posts would fix that.

Offline ryanm

Senior Member


Projects: 1
Exp: 15 years


Used to be bleb


« Reply #21 - Posted 2010-12-21 08:49:16 »

Spam deleted. I'm quite looking forward to the batch-delete ability...
Offline Scarzzurs
« Reply #22 - Posted 2010-12-21 10:06:34 »

I see we just got 15 spam posts. Rejecting any post by users with < 10 posts would fix that.

It is hardly a good idea to disallow posting for people with too few posts, that way they will never be allowed to post Tongue
(sorry, if I just explained a bad joke)

- Scarzzurs

My games and Projects:
BlastingPixels.com,
Old website
Offline princec

JGO Kernel


Medals: 339
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #23 - Posted 2010-12-21 12:57:59 »

The rate at which spam arrived in the previous forum was such that it was trivial to deal with (as I check JGO about, ooh, 200 times a day). Unfortunately I had no powers to actually remove any of it though I was plagued by report emails. So really I think there isn't a spam "problem" at all, given the size of the forums.

Cas Smiley

Offline kappa
« League of Dukes »

JGO Kernel


Medals: 74
Projects: 15


★★★★★


« Reply #24 - Posted 2010-12-21 13:03:15 »

Was at least 5 spam posts per day on the old forum, most were deleted manually pretty quickly and ip's banned (forever).

New forums been pretty good so far, only two or three posts have made it through in total.
Offline princec

JGO Kernel


Medals: 339
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #25 - Posted 2010-12-21 13:06:31 »

Exactly - 5 a day between a bunch of moderators is trivial. I have to deal with 50 long rambling support emails a day - can you please find some sort of robotic solution to that for me instead Smiley

Cas Smiley

Offline pjt33
« Reply #26 - Posted 2010-12-21 13:18:06 »

New forums been pretty good so far, only two or three posts have made it through in total.
Do you mean posters? Because I reported one guy who'd made 15.
Offline kappa
« League of Dukes »

JGO Kernel


Medals: 74
Projects: 15


★★★★★


« Reply #27 - Posted 2010-12-21 13:20:16 »

Do you mean posters? Because I reported one guy who'd made 15.

Yes, of course thats what I meant Smiley
Offline kappa
« League of Dukes »

JGO Kernel


Medals: 74
Projects: 15


★★★★★


« Reply #28 - Posted 2010-12-21 13:23:11 »

What's still worrying is the tons of new members still signing up and not posting anything. Banning them has no effect since their intention isn't to post anything. So looks like the current protection just isn't good enough. They're also clogging up the database and members list.
Offline Riven
« League of Dukes »

JGO Overlord


Medals: 742
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #29 - Posted 2010-12-21 13:46:18 »

What's still worrying is the tons of new members still signing up and not posting anything. Banning them has no effect since their intention isn't to post anything.

Well, there is a captcha for new posts too, if you have less than X posts.

Tomorrow I'm going to put JGO into maintenance mode for an hour or so and do a cleanup.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Pages: [1] 2
  ignore  |  Print  
 
 
You cannot reply to this message, because it is very, very old.

 

Add your game by posting it in the WIP section,
or publish it in Showcase.

The first screenshot will be displayed as a thumbnail.

ctomni231 (32 views)
2014-07-18 06:55:21

Zero Volt (28 views)
2014-07-17 23:47:54

danieldean (24 views)
2014-07-17 23:41:23

MustardPeter (25 views)
2014-07-16 23:30:00

Cero (40 views)
2014-07-16 00:42:17

Riven (42 views)
2014-07-14 18:02:53

OpenGLShaders (29 views)
2014-07-14 16:23:47

Riven (29 views)
2014-07-14 11:51:35

quew8 (26 views)
2014-07-13 13:57:52

SHC (63 views)
2014-07-12 17:50:04
HotSpot Options
by dleskov
2014-07-08 03:59:08

Java and Game Development Tutorials
by SwordsMiner
2014-06-14 00:58:24

Java and Game Development Tutorials
by SwordsMiner
2014-06-14 00:47:22

How do I start Java Game Development?
by ra4king
2014-05-17 11:13:37

HotSpot Options
by Roquen
2014-05-15 09:59:54

HotSpot Options
by Roquen
2014-05-06 15:03:10

Escape Analysis
by Roquen
2014-04-29 22:16:43

Experimental Toys
by Roquen
2014-04-28 13:24:22
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!