Tired of reporting spam

Quote: Originally posted by aga

I can imagine a really active Amateur Chemistry forum where just about Every post is full of photos and detailed information about amazing Chemical experiments the member did that day. So detailed that many other members could (presumably would) try to replicate it and have a bundle of fun, and discuss their findings. 'Signal-to-Noise'-wise, we're not really in that ballpark here, not today/month/year for sure. Any barrier to Inclusion would further make SM an exclusive playground for the endless stream of non-chemists who like to type words into a computer, imagining they are living Real lives.

Quote: Originally posted by SelfInflicted

Sorry if this has been suggested before. There is a report button. What if a process could count the number or reports that has the word spam in the report and automagically move off the message. Who has time to program that though. Could be a list of trusted members and if that member reports the post it is off to the spam folder. Report "spammer" an then automatically temporary ban. Just thoughts.

Quote: Originally posted by Bot0nist

I like what barley81 did in the last spam thread. After reporting it, he posted "Spam thread reported" in the thread. This way everyone who always reports every spam they see (like me) will know its handled, and it will keep us from flooding the moderators with report U2Us. So, If you see a spam thread and it doesn't have a "reported spam" post in it, report it and post that you did. I think this will help.

Quote: Originally posted by MJ101

Quote: Originally posted by Bot0nist   I like what barley81 did in the last spam thread. After reporting it, he posted "Spam thread reported" in the thread. This way everyone who always reports every spam they see (like me) will know its handled, and it will keep us from flooding the moderators with report U2Us. So, If you see a spam thread and it doesn't have a "reported spam" post in it, report it and post that you did. I think this will help. @Bot0nist: That's a great idea. I'll do that the next time I report a spam post.

Here's a few things you can do.

1: Report IPs
https://www.abuseipdb.com/

Depending on the forum software (We have Woltlab but we're changing to Xenforo soon) The admins can see and report malicious IP addresses.

2: SpamCop:

https://www.spamcop.net/anonsignup.shtml

This can be used by the admins to report spammers, and hopefully get them kicked off of their respective ISPs.

Captchas are great for preventing spam bots from accessing the forum. Even a simple captcha would thwart a lot of spam.

But please. Keep the Captchas simple. crystal growers' idea for a captcha with pictures of a lab setup, asking the user to identify a piece of glassware is a great idea, and would be more than enough
to strain out those with zero knowledge. At least it would force them to do some leg work to learn about lab glassware.

(You can glean the info simply by watching chemistry videos on youtube )

Hopefully, the info presented here will help the admins to minimize the amount of spam here.

BTW: What's the difference between a Florence flask and a round-bottom flask?


[Edited on 18-7-2018 by MJ101]

[Edited on 18-7-2018 by MJ101]

It must have been a bad couple of days on the spam. I disappear for a 36 hours and return to this:

I've just reported another round of spam. Thanks to whoever it is that has already cleaned up most/all of it.

There are plenty of good ideas here for how it might be prevented in the future. What we really need to do is pick one and get it implemented.

The chemistry related question as a CAPTCHA seems the most straightforward. Using the virtual machine Polverone creates as a backup I've started making the changes. I've updated the form and now need to add choosing the question and then evaluating the response.

I'll seed it with some simple questions but the administrators should be able to add new or delete them from the database.

Quote: Originally posted by XeonTheMGPony

or what is the symbol on a periodic table of X and have x element change every time. that will make it harder for the bots to learn but looking good

Quote: Originally posted by streety

This is a really good suggestion. I doubt the questions will need to be difficult to be effective and this style gives lots of variety.

Quote: Originally posted by Swinfi2

I really like Reboots idea of a sign up quiz. say like 5 easy questions. eg: Balance this equation CH4 + _O2 -> _CO2 + _H2O Give the formula product of H2SO4 + NaCl -> NaHSO4 + __ What is a Kelvin: A) A material. B) A name. C) Unit of temperature. _ Give the Element symbol for any element that's a liquid at room temperature: __ what is the SI unit for energy: _ just long enough that a human who has to look this stuff up might think ffs i'll post quicker somewhere else. a bot should obviously fail unless its given the answers, i guess make them show up in random order.

Quote: Originally posted by RogueRose

I say all members stop doing the job. we've been doing it for years, offered to pay to have something programmed, and an endless other array of things. If they don't want to do something about it, there are other boards out there

Quote: Originally posted by MJ101

Who is the forum administrator? And when was the last time anyone spoke to him/her?

Quote: Originally posted by symboom

Its a pattern so its a bot that can ve outsmarted it used key words and is repeating the same message easy to stop Needs to be programmed in the fourm software or we could work together and update the site i all a person needs is the source code i havnt studied computers for a while But the board does run on a linux server. Maybe work on peice on the site addressing the problems And make a poll Who knows how to work on servers

Spamergency Measures

Xevil is another program used along side xrumer
Im tired of seeing the this is a test with xrumer username

https://xevil(dot)net/en/
Removed hyperlink

This is the programs website
The program discription
XEvil — easy, fast and flexible tool for automatic recognition of most type of CAPTCHA's (included so hard captchas like Google ReCaptcha v.1 and v.2, Solve Media, Facebook-captcha, etc.).

The application replaces such services as AntiGate (Anti-Captcha), RuCaptcha, DeCaptcher, etc., and at the same time it provides for higher recognition velocity (in 10 times) and is completely free of charge.

Video says new OCR reconition.

TO WEB MASTERS
Anti-bot protection in the form of graphic captchas is going for good. It has been several years already, the captchas are recognized by various services and various application (free/non-free).

The captchas on the site can be customized continuously but this is dead end road. The captchas can push off the visitor of the site (who can be your potential customer). This type of anti-bot protection is outdated, and will go for good in 2-3 year with introduction of more modern user authentication systems.

The state of art are provided with secure protection against Spam-bots with use of the following techniques:

CloudFlare
StopForumSpam
Akismet
Encrypted with JS-protection
etc.
It takes not more than 20-30 minutes (one day for the non-expert) to ensure site protection against robots without using such repulsive for users technologies as captchas



white hat hackers use the tools that the scammers use see how it works and counteract the program from screwing up the threads

This is a suggestion for the moderators to try as they are responsible for keeping the site is good working order

All that needs to be now is defeating these two programs
Maybe make an automated script to counteract the programs
And the spam problems will be gone for good.

So they sell the problem and the solution
To the problem they created sounds like
The anti tobacco ads paid for by the tobacco companies
Ironic selling the problem and solution.


[Edited on 4-8-2018 by symboom]

Quote: Originally posted by j_sum1

I am not sure how much a captcha would change things: there is evidence that the bots circumvent some sevurity measures (eg, flood protection measures) and it is unknown what else they might get around. There is also suggestion of some human intervention at times (sad sad little life). If it seems like we are being targeted, that is probably accurate.

Quote: Originally posted by streety

I could potentially try to implement other anti-spam features if this proves to be insufficient. I think there are three broad categories of options we might consider 1) Prevent spambots from registering Hopefully this captcha question will limit the flood 2) When they do get in limit the damge they can do One option that might be relatively easy to implement is limiting new accounts to a single thread in the first 24 hours 3) When there is spam make it easier to clean up I'm not entirely sure what the process is when you deal with spam. If you can describe the current process and what your ideal process would be I can try to implement something closer to your ideal.

Quote: Originally posted by streety

I did wonder about that automated script myself. The admin interface in the virtual machine backup doesn't suggest there is any automated deletion system and a quick look through the code didn't reveal anything either. It's possible the virtual machine doesn't include that functionality. Implementing/replacing an automated spam deletion script could potentially be done without needing to modify the code on the site. If the admins/mods would be willing to set up a server somewhere[0] we could create a script that every 5 minutes logged in with their credentials, or the credentials of a newly created account, and swept out any new spam. [0] This would cost ~$2/month. I'm sure many users, including myself, could host this for free but that's a bad idea from a security perspective. [Edited on 26-7-2018 by streety]

Quote: Originally posted by CharlieA

OK, I guess I'm ready to find more spam-free BB than this one. Any Suggestions?

j_sum1:

I did: I really have been enjoying this BB as I try to refresh my chemistry knowledge (BS, 1962), but I'm tired of reporting 10-15 spam messages every day. I appreciate all you have done with this BB, but I am ready to look for one that is (more) spam-free. Can you recommend any? Thanks. Regards,
CharlieA

Thanks for the idea. Being computer-challenged, I don't understand why one or more of the many suggestions to combat spam that are in this thread haven't been implemented.

It's difficult to get a true impression of the number and frequency of spam posts from occasional visits to the forum so I decided to collect some data. I wrote a simple script that downloaded the "Today's Posts" page every 5 minutes and recorded any new topics. If any topics it had seen previously were missing it checked whether they were deleted and recorded when that happened.

The results were quite interesting so I thought I would share what I found.

I stopped the script ~12 hours ago and at that point it had been running for 6 days, 2 hours. During that time I recorded 645 spam topics for a rate of 106/day.

The histogram below shows the time it took to delete each spam topic.



The minimum was barely above 5 minutes so I probably missed some topics that were deleted so quickly they were gone before my script downloaded the page.

The average was 84 minutes. 32% were deleted within 30 minutes, 47% within 60 minutes, and 79% within 120 minutes. The median was 65 minutes.



Messages posted around 6-7am board time seemed to take the longest time to be removed.

I've stopped the script for the moment but can restart it if there is continued interest in this type of analysis.

The x axis is the time posted and uses the default for the board, i.e. GMT-8. I think Sydney would be 18 hours ahead.

This is adjusted for time deleted.


This is color coded for the day. It does seem like the uptick around 6-10am occurs on multiple days. Whether that pattern will continue or not is an open question.


[edit]
I've just looked at the users and there is a surprise there as well.

There were 216 members linked to spam posts.

I assumed they were registering and then immediately posting spam. Most accounts did follow that pattern but 15 accounts were registered days before they started posting. For these 15 accounts the median delay was 8 days. There were two accounts around 40-50 days and one account that was registered 71 days before it started posting.
[/edit]

[Edited on 8-8-2018 by streety]

Quote: Originally posted by Polverone

I have tweaked the reporting process, somewhat inspired by violet sin. Before spam had to be reported by two trusted members or one moderator before it was auto-deleted. Now it will be auto-deleted if it is reported by one trusted member and one 'semi-trusted' member. Everyone who has been registered at least 60 days and has at least 50 posts automatically becomes a member of the 'semi-trusted' group. This should reduce the waiting time for spam deletion, and means that any frequent user of the site can help stamp out spam.

Quote: Originally posted by streety

The x axis is the time posted and uses the default for the board, i.e. GMT-8. I think Sydney would be 18 hours ahead. This is adjusted for time deleted. This is color coded for the day. It does seem like the uptick around 6-10am occurs on multiple days. Whether that pattern will continue or not is an open question. [edit] I've just looked at the users and there is a surprise there as well. There were 216 members linked to spam posts. I assumed they were registering and then immediately posting spam. Most accounts did follow that pattern but 15 accounts were registered days before they started posting. For these 15 accounts the median delay was 8 days. There were two accounts around 40-50 days and one account that was registered 71 days before it started posting. [/edit] [Edited on 8-8-2018 by streety]

Highlight reported posts

Quote: Originally posted by Polverone

I have tweaked the reporting process, somewhat inspired by violet sin. Before spam had to be reported by two trusted members or one moderator before it was auto-deleted. Now it will be auto-deleted if it is reported by one trusted member and one 'semi-trusted' member. Everyone who has been registered at least 60 days and has at least 50 posts automatically becomes a member of the 'semi-trusted' group. This should reduce the waiting time for spam deletion, and means that any frequent user of the site can help stamp out spam.

What should we write when reporting trolls?

For interest' sake...
I have not cleared my u2u trash for about four months. (Late April or early May.) The only thing in there is spam reports.

You are all doing a grand job. And even though the bots are persistent, I get the feeling we are staying ahead of the mess.
But this does illustrate the size of the problem.

Quote: Originally posted by streety

fusso, what would you like to know about the legitimate posts? I can extract quite a lot of information from the backup. The icons would be a good idea if we continue to struggle with spam. I'm hoping we are close to a major improvement. I've been able to train a machine learning model to detect spam posts with high accuracy and have now modified the monitoring script to send spam reports. If run by a admin or mod account the reports should trigger the automatic deletion script on the server. To avoid mistakes it will only trigger if: - a new user (less than 48 hours old) starts two or more new topics detected as spam - a new user starts one topic detected as spam that is also reported by a member As the spammers change their content the performance of the model will eventually degrade but it will be easy to update it.

This first figure is the frequency of posting over the complete period of the board:



This is the figure showing the frequency of posts for each hour of the day. The time is the same as the board (UTC-8) so the peak is approximately, 12pm pacific time, 3pm eastern time, 8pm UTC, 5am in Sydney.



In putting together these figures I discovered two odd posts. The post date is 1969. In the database they are represented by timestamp values of 0 and 1. They are also clearly spam but then there are 8 pages of legitimate content.
https://www.sciencemadness.org/whisper/viewthread.php?tid=21...

Can someone confirm this pattern? The bots seem to post in a certain order when spamming. Just an observation. Might be interesting to check if the pattern holds. (I just realized there is not so much order as I had hoped with that last one. Still.)

Quote: Originally posted by Swinfi2

@streety the "don't you like sex" thread. I read the first 2-3 pages and it looks like a compilation of everything to do with nerve agents/drugs and other bad stuff that (when organised as such) kinda implicates the forum staff as they have posts amongst it. I have a hard time believing the post is "real" as many posts reference poeple/posts that are missing and context jumps. It looks to me like an AI word salad of coppied posts to give the appearance of coherance. How could that even happen? That thread freaks me out, it looks like a set up imo.

Quote: Originally posted by streety

In putting together these figures I discovered two odd posts. The post date is 1969. In the database they are represented by timestamp values of 0 and 1. They are also clearly spam but then there are 8 pages of legitimate content. https://www.sciencemadness.org/whisper/viewthread.php?tid=21...

Quote: Originally posted by fusso

Quote: Originally posted by streety   In putting together these figures I discovered two odd posts. The post date is 1969. In the database they are represented by timestamp values of 0 and 1. They are also clearly spam but then there are 8 pages of legitimate content. @jsum well here you are.

Negative 15 posts?

Tonight is especially frustrating...3 pages of posts today, and 2 pages of them are spam. I think when a new account is made, the account shouldn't be able to post for a week. There is much talk here about this subject but nothing seems to get done about it. I wish I were computer literate but I'm not, so I'm unable to do anything about it (except leave the forum).

This is an update on my post from the top of page 19.

The script was updated and run every 2 minutes. I restarted it on the 19th and analyze only full days below, so from the 20th August to the 14th September.

During that time I recorded 2803 spam topics for a rate of 100/day.

The histogram below shows the time it took to delete each spam topic.



The minimum was again barely above the sampling frequency of the script so I still probably missed some topics that were deleted so quickly they were gone before my script downloaded the page. Should be less than last time though.

The average was 69 minutes(down from 84 minutes). 34% (up from 32%) were deleted within 30 minutes, 64% (up from 47%) within 60 minutes, and 83% (up from 79%) within 120 minutes. The median was 45 minutes (down from 65 minutes).

There isn't much effect of time of day on spam duration in this period.





You may notice the topic deleted after more than 3000 minutes. It was not a spam post so I may need to think about how to handle deletions that are not spam related. In this case it seems to be a legitimate member who created a new topic in error instead of a reply to an existing topic. It was then later cleaned up by an administrator.



Yesterday was particularly bad for spam. Hopefully it won't be the start of an up-tick in the posting frequency.

The past few days have been quite bad but today doesn't seem extraordinary.



The median period of time spam posts are hanging around was a little higher than usual.



I have been working with woelen to deploy a script to help with the spam. I should really follow up on that. Essentially it would do exactly as you suggest and increase the impact more members could have.


Edit to include most recent day in duration plot. Changing the interpretation.
[Edited on 22-9-2018 by streety]

[Edited on 22-9-2018 by streety]

Quote: Originally posted by Melgar

By the way, my efforts to get this site working using phpBB has had quite a few breakthroughs in the last week or so. Check it out: http://35.185.63.230/talk/index.php The theme is just a random one, and other themes can be added and used. There are some bbcodes that I've had difficulty converting, and there's definitely some more things that would need working out, but the hardest parts are all behind me now. Thoughts?[Edited on 9/22/18 by Melgar]

Quote:

1.Blacklisting services such as fspamlist, StopForumSpam and keep databases of IP addresses, usernames and e-mail addresses used to post spam or register forum accounts.Forum software can query these lists and either deny posts or registration, or submit the request for human moderation. This is similar to DNSBL services. 2.Simple CAPTCHA systems which display alphanumeric characters have proven vulnerable to optical character recognition software but those that scramble the characters appear to be far more effective 3.Textual confirmation,in which the user answers one or more random questions to prove that he/she is not a spambot - ( doesn't have to be chemistry questions,could be questions like "how many letters in sciencemadness" or in which language is it ?) 4.Confirmation e-mails to registering users prior to allowing the user a first log in, either containing a site-generated password or an activation code/link 5.Authoritative voice, using an external filtering service to get a verdict if the data is spam or not.( free filtering services available) 6.Denial of registration from certain domains that are a major source of spambots, or even domain extensions such as .ru, .br, .biz 7.Using a search engine to investigate usernames for hits as recognized spambots on other forums(this could be coded into SM so that it does it automatically.) 8.Changing technical details of the forum software to confuse bots — for example, changing "agreed=true" to "mode=agreed" in the registration page of phpBB 9.Blocking posts or registrations that contain certain blacklisted words ( can be automated) 10.A useful technique for proactive detection of well-known spammer proxies is to query a search engine for this IP. It will show up on pages that specialize in the listing of proxies.( again can be automated) 11.Redirecting spammers to "spam subforums" to direct spam away from human users on the main site( or even do a return to sender approach and beat them at their own game )

My own suggestions-
1.Most spammers have a link in their message,so we could detect posts with links and block them(for 1st post only)
2.Do not allow newly registered members to post more than 1 message or in more than 1 sub forum.
3.Block usernames or posts with non english alphabets

someone had posted an amazing idea is this thread,but I can't seem to find that post now.The idea was to run usernames through a password strength checker.Since bots use long alphanumerical strings,they would indirectly make very strong passwords,which could be detected and blocked.
We must do something fast,or pretty soon we would have to build another arc to escape this flood

[Edited on 23-9-2018 by CuReUS]

Quote: Originally posted by Melgar

It's just bots that scan the internet for message boards that they're able to automatically register at. They use various tactics to try and make it harder to keep them out. Some of these tactics probably don't make any logical sense, but they kind of operate on a "throw a bunch of shit at the wall and see what sticks" philosophy. The only real way out is to migrate to software that's still being actively developed, which I'm trying to do with phpBB. If anyone has any thoughts on this, I'd love to hear to them. If you want server access, send me your RSA public keys, and I'll add you to authorized_hosts. If you want admin access on the phpBB test site, register at the link I posted above, and message me your username, and I'll make you an admin. If you want to look at the forum databases, I'm running a virtual machine of the XMB server within the phpBB server, and you can access both MySQL databases via TCP/IP if you're logged in. I have it set up so I can easily pull data in from both databases via a Ruby console. Like, to show data for a random user, you can type XMB.members.random, or PHPBB.users.random, respectively. I would really like some help with the PHP part, since my own PHP skills are severely lacking. I've gotten this far mainly by using Ruby and relying on my decent SQL background. Most of the rest of what's left is just annoyances. Like the fact that [size] and [attachment] tags work differently in phpBB. I'm not sure whether to try and script the conversion of XMB tags to their phpBB versions (something I did already with the [rquote] tags) or try and make the XMB bbcode tags work as they are. Right now, the goal is to get it to a point where we like how it looks, then set up a new board with all the settings imported from the one I'm working on now. Presumably run by Polverone. Then use the tools we've developed to transfer the data over. XMB hasn't been actively developed since 2009, and I'm pretty sure we had a consensus a long time ago that we're going to have to transition to new software if we ever want to address this problem. Correct me if I'm wrong.

Quote: Originally posted by WGTR

I just went to send a U2U, and was informed that I have to delete some messages, as I've exceeded my limit of 5000. I have something like 5,600 messages in my outbox. Apparently when I report spam, a message gets sent to every admin, every time...and they don't get automatically deleted. Now, since I have a few dozen sent messages that I'd like to keep, I have to go into my outbox and manually look through all 5,600 of these spam reports so that I don't accidentally delete something important. Sigh.