Sciencemadness Discussion Board

This forum needs more moderators

clearly_not_atara - 25-7-2018 at 23:13

I mean there's like spam all the time lol

If you don't trust people to be full mods maybe you should just give some users the power to move threads, then they can move it to Detritus but they don't have "real" mod powers.

Loptr - 26-7-2018 at 04:29

Yeah, something does need to be done.

I volunteer.

[Edited on 26-7-2018 by Loptr]

[Edited on 26-7-2018 by Loptr]

MultiplePersonality - 26-7-2018 at 04:47

Nah, just some limits. Why allow just registered person to post 10 topics at once? Why allow them at all? Why allow any person to post more than 10 or 20 posts a day, or 1 topic a day? Same things that is universal in life, to enjoy, avoid suffering, disease, etc. For example, overeat and you will suffer. Same rules apply in software, internet, everywhere. Life can be fully enjoyed if we keep it in limits, optimality, reference values. Either using max value as limit, or min value, or from-to (between min-max). That is only way to enjoy, protect something, not suffer, succeed anything.

Haven't you noticed that it is only 1 or 2 persons, posting 10 topics? Why allow anybody to post that number of topics? 1 per day is enough, everything else is boredom, spam, trolling. While it would not fully prevent that from happening, it would be optically better.

TheMrbunGee - 26-7-2018 at 05:37

Yea, I don't really like the idea of 1 new post a day, but it could be like 3.

I could also do some cleaning job. It is really sad that this disease has come to this forum. (At least it looks more active on a quick glance this way. :D )

RogueRose - 26-7-2018 at 05:43

I second the "more mods" or some kind of elevated privildge.

How about we create a sub forum where only trusted members have access, this forum is for reporting spam only. Members would create a thread and in the body of the thread you could put the member name of the person flooding with spam.

Thread title - Spam report
Body of thread:
Username1
Username2
Username 3
Username 4
etc

Post the thread and then use the "report" function, and in the report section use an indicator like "spam accounts".

Then the program can reference the posting and take all the usernames listed in the thread, add them to the "delete" filter, and all their postings would get cleaned.

It could be done a few other ways similar to this, but reporting each post, the way we do now is a PITA. I reported close to 40 in the last 2 days alone and at one point I said F' it, and let about 50+ just stay on the forum b/c I had beter things to do. One poster had about 30-40 postings in 10 mins. How is that possible when I can't even post 3 posts in under 2-3 mins and I get a flood warning.

It seems these spammers have some way to work around this process.

Do we know where these IP's are coming from? It would be interesting to know what c country the spam is originating from.

This is the type of stuff that Congress needs to pass laws about, cyber crimes that effect businesses from outside countries. This may seem like a "small" issue but it effects thousands of sites.

I would support some kind of sanctions, reduce of aid, etc to countries that allow spammers to operate from their countries and they need to be penalized for allowing them safe harbor. Some sites went under because of these attacks years back.

MultiplePersonality - 26-7-2018 at 05:46

There are limits and rewards for members on most forums, where how much you are allowed depends on how long you've been there, or how many posts you have, the more the better for you. And it is stupid to do anything manually in this century, imagine having to rotate motor by hand. And when I talk about limits or quantity it's really sometimes all the difference.

I just went outside it was after rain, good temperature, clean air, no pollen, no animals (insects, snakes...), no heat from which many people die each year. Much better than having to tolerate sneezing, stings, pain, itching, heat, sweat... That is subjective experience.

But what is objectively or scientifically different there? Only quantity really. Different temperature, pressure, light, number of particles in air, number of animals, moisture. See how just changing some quanitity or numbers things easily turn from hell to heaven, and vice versa.

That's why I like chemistry, math, and most sciences. Because we can change those parameters, and make heaven artificially.

And it's true in computer world too. In everything. OK, to not go fully off topic, stop here.

RogueRose - 26-7-2018 at 05:58

If members can be assigned some kind of "trusted" status, then there should be a forum where ALL new members posts go until we know they aren't a spammer. When a new member makes a thread it goes to "new member section" and then a trusted member can read it and go to the "report" function and write the pre-determinied word/phrase for "all ok with post", so the opposite from writing "spam" in the report.

Then the thread gets moved to the appropriate forum.

There could also be a field for where they want the thread posted, like Organic Chem.

So it would look like this

Forum - New Members posts

Thread title - How to make Benzene from paper towels
Thread body:-destination forum - Organic Chemistry
So mix paper towels with benzyl alcohol, milk and tomato juice, allow to ferment and distill while adding fermented goat urine. (sorry for bad joke)
/thread

Then when a trusted member see's this thread they report it and in the report box they could write something like:
/verified
/move-to: [forum] Organic Chemistry


I would think some kind of BBC code could be incorperated to allow users to semi-automate the verification of new users and to purge spammers like this:

Trusted member reports posting
/purge [member]spammer-asshole
/purge [member]spammer-asshole2
etc,

Or as I said, doing this in a thread that only some members have access to, like Detritus. If members post spammers names there, others will know that they have been reported already. If you need more than one person to report (some members should be trusted enough.........) then they can reply to the thread with the same /purge [member]spammer-asshole names as well, so the replies could be double verification.

I'm sure everyone is tired, but I'm just throwing ideas out that may be reasonable within this forum software, IDK the limitations.


j_sum1 - 26-7-2018 at 06:32

The spam and trolling has gotten everyone a bit riled.

To the OP, more mods will probably make little difference to the current problem. I don't object to additional mods but the current need is to stop spam before it hits the board.

The board does suffer from a bit of inertia. Change happens slowly. As far as I can tell, the software is not as flexible as we might like. Which means that certain combinations of trusted membership, restricting post counts and so forth, these things are not easily possible.

I would love to get a captcha happening. I think that would go a long way to minimising the spam. However, I think that needs Polverone on board. Sending him a polite U2U might be worthwhile.

WGTR - 26-7-2018 at 06:46

How many new members do we get every day? By that I mean real members, not spambots. How about just requiring new members to introduce themselves in a U2U/email to a mod/admin, to gain posting privileges? A quick search of the message on Google could tell if the intro was copy/pasted from somewhere else.

I think there are enough moderators overall, although there are many who haven't logged in here for years. Life gets in the way sometimes. Active mods, though? There are probably enough, but I would volunteer myself as available for general spam cleanup, etc, if that was needed.

j_sum1 - 26-7-2018 at 06:52

We did recently limit new signup to a small number per day and these filled within minutes after the clock ticking over. Genuine new users did not get a look in.

As far as numbers go. A ballpark figure at present would be less than 10 genuine users and more than 200 spam accounts per day.

WGTR - 26-7-2018 at 07:17

Here's a wild idea then; probably poorly developed, but just an idea at this point:

Let's say that clicking on the registration link allows you to register, but also refers you to a thread that explains how to gain posting privileges. The new member has to send an intro to a U2U member listed in the post to gain privileges, otherwise they only have read access to the forum. This U2U address would be one that all the mods could access, and could be a throwaway that changes every now and then (if it starts getting spammed).

Limiting read access of the "Members List" to people who are currently signed in could remove any benefit that spammers would gain, of registering accounts that have spam links in their profiles (since these are currently viewable to non-members, robots, etc.).

j_sum1 - 26-7-2018 at 08:24

What you are suggesting is u2u access only to new users with posting priveleges given on request.
Already proposed, but unfortunately it is apparently not an option with the software as it is currently configured. It would require some coding.

MultiplePersonality - 26-7-2018 at 08:34

Let's make conclusion. World (or this board) needs more time, programmers, security, automation, space, smart people, wise people, truth... 5 years ago I thought I will need 10 m2 space, then I realized it is 100 to 1000 m2. Also most people have no time, or don't know hot to properly use time, to save some time for unfinished business. Polverone? Time is eluding me every single day, seriously, I can't do anything, even simple task like wash my hands. :(

streety - 26-7-2018 at 10:46

There is plenty of spam but it only hangs around for a few hours before getting deleted. The mods seem to be doing a fantastic job for the moment and hopefully the situation will be resolved before the burnout.

Between the 'Tired of reporting spam' thread and here there is no shortage of good ideas. The issue had been implementing them, i.e. writing the code to implement them. I was able to implement a captcha question in a few hours. If that is insufficient I'm happy to work on other ideas.

The bottleneck now is getting the new code deployed on the server. As j_sum1 indicates that needs Polverone.

A more interesting question is how we might limit the spam, and the work required by the mods, without altering the code running the site if Polverone remains unavailable for a while. That will take some thought but something might be possible.

Loptr - 26-7-2018 at 11:08

Who here is capable of coding? The forum software language is PHP. I am a software engineer. If you guys come up with a plan, and I agree to it, then I can make the changes. Anyone else willing to help can join in.

I think there is a VM of the Site somewhere here. I think Polverone also has a Github repo with the forum software committed.

Do we still make backups frequently?

[Edited on 26-7-2018 by Loptr]

EDIT: I offered to Polverone to make some changes to apache rewrite filters to redirect the HTTP site to the HTTPS site, but I never got around to it for some reason. It was just a matter of writing some regular expressions. I can still do it.

[Edited on 26-7-2018 by Loptr]

From Polverone (while back):

Quote:
Quote:
Could we deprecate http and force https? Also, a filter would have to be in place to redirect the /talk/ addresses in the forum to /whisper/, which I have to manually do every time I click on a link pretty much.

Any issues with that, other than man hours?

:)


I would like to do that. I would also start using a "real" signed HTTPS certificate instead of sticking with self-signed certs that always set off warnings in browsers.

The trickiest part is setting up the redirects. A year or two past I tried to set up Apache rewrite rules to do the trick but was unsuccessful. If you can figure it out I would be grateful.

I need to rewrite every URL of the form:
http://www.sciencemadness.org/talk/viewthread.php?params=bla...

To:
https://www.sciencemadness.org/whisper/viewthread.php?params...

It seems like it should be simple, but I was unable to do it the last time I tried.


[Edited on 26-7-2018 by Loptr]

[Edited on 26-7-2018 by Loptr]

streety - 26-7-2018 at 11:28

Way ahead of you. :)

https://www.sciencemadness.org/whisper/viewthread.php?tid=16...

Quote: Originally posted by streety  
I believe I now have a simple captcha question implemented.

The steps needed to add this to the forum are:

1) Merge in the pull request on github: https://github.com/mattbernst/xmbforum/pull/1
2) Copy member.php and templates.xmb to the forum (these are the only files changed)
3) Restore the templates cache by going to the Administration panel, then templates under 'look & feel', clicking 'Restore all' and then 'yes'
4) Add the questions to the database by going to Administration panel, then 'insert raw sql' under 'database tools' and submitting the sql query in the attached file



If you're up for getting the virtual machine running from the backup and providing a code review that would be useful.

Loptr - 26-7-2018 at 11:38

Quote: Originally posted by streety  
Way ahead of you. :)

https://www.sciencemadness.org/whisper/viewthread.php?tid=16...

Quote: Originally posted by streety  
I believe I now have a simple captcha question implemented.

The steps needed to add this to the forum are:

1) Merge in the pull request on github: https://github.com/mattbernst/xmbforum/pull/1
2) Copy member.php and templates.xmb to the forum (these are the only files changed)
3) Restore the templates cache by going to the Administration panel, then templates under 'look & feel', clicking 'Restore all' and then 'yes'
4) Add the questions to the database by going to Administration panel, then 'insert raw sql' under 'database tools' and submitting the sql query in the attached file



If you're up for getting the virtual machine running from the backup and providing a code review that would be useful.


I'm pulling down the OVA file now for the latest backup. I will take a look at your PR tonight. I left an intro comment in the PR on Github.

JJay - 26-7-2018 at 12:02

Oh, I can program. I should probably grab the OVA too....

unionised - 26-7-2018 at 12:09

As a bit of an aside, could someone please clarify the "automatic" process for getting rid of spam once it's reported by members?
Does anyone's reporting a post as spam have the same "weight" in terms of thee system deleting it?
Is the process automatic, or does a real live person have to agree with it?

Would it be more efficient if, for example, we all agreed to report the first 3 bits of spam from a given user - I suspect that at the moment people report the ones they notice first.

If I report posts 1,2 and 3. someone else reports 4,5 and 6 and a third person reports 7,8 and 9 does the system notice that the poster is a spammer?

Is there some (deliberate) delay between people reporting spam and it being deleted- does the system only sweep out the trash every hour or something?

Loptr - 26-7-2018 at 12:23

Quote: Originally posted by unionised  
As a bit of an aside, could someone please clarify the "automatic" process for getting rid of spam once it's reported by members?
Does anyone's reporting a post as spam have the same "weight" in terms of thee system deleting it?
Is the process automatic, or does a real live person have to agree with it?

Would it be more efficient if, for example, we all agreed to report the first 3 bits of spam from a given user - I suspect that at the moment people report the ones they notice first.

If I report posts 1,2 and 3. someone else reports 4,5 and 6 and a third person reports 7,8 and 9 does the system notice that the poster is a spammer?

Is there some (deliberate) delay between people reporting spam and it being deleted- does the system only sweep out the trash every hour or something?


I believe it just notifies the mods. If you look at your U2U outbox you will see the reported post messages.

Quote: Originally posted by JJay  
Oh, I can program. I should probably grab the OVA too....


As far as I can tell, streety has an implementation of captcha for the registration page.

Gotta love in-line SQL... ;)

[Edited on 26-7-2018 by Loptr]

unionised - 26-7-2018 at 13:12

Quote: Originally posted by Loptr  

I believe it just notifies the mods.

[Edited on 26-7-2018 by Loptr]

I believe there's some automated element.
I'd really like to hear from someone who actually knows.

JJay - 26-7-2018 at 13:14

Quote: Originally posted by Loptr  


As far as I can tell, streety has an implementation of captcha for the registration page.

Gotta love in-line SQL... ;)



I'll take a look at it.

streety - 26-7-2018 at 13:24

I did wonder about that automated script myself. The admin interface in the virtual machine backup doesn't suggest there is any automated deletion system and a quick look through the code didn't reveal anything either. It's possible the virtual machine doesn't include that functionality.

Implementing/replacing an automated spam deletion script could potentially be done without needing to modify the code on the site. If the admins/mods would be willing to set up a server somewhere[0] we could create a script that every 5 minutes logged in with their credentials, or the credentials of a newly created account, and swept out any new spam.

[0] This would cost ~$2/month. I'm sure many users, including myself, could host this for free but that's a bad idea from a security perspective.

[Edited on 26-7-2018 by streety]

Vosoryx - 26-7-2018 at 15:15

I agree that we need more mods. Even if the spam posts still get made, if there are enough mods around to delete them as soon as they come up then they will eventually get discouraged and give up.

I'll help if I can.

woelen - 26-7-2018 at 22:42

Spam bots never will get discouraged. They just post their spam and do not bother anymore about their "offspring".
The real problem is not really the number of active moderators, but it is the old software we are using. This software cannot cope with the modern internet anymore.
Several good ideas were posted in this thread, but none of them can easily be implemented with the standard forum software.

The spam-deletion script we have now is activated every few minutes. It looks for reports of spam by one of the moderators or admins. If a post is reported as spam, and the account which did the post is sufficiently recent, then all posts of that account, all associated U2Us about that spammer and finally the account itself are removed. The check on the age of the account is added to avoid accidental deletion of regular users who have been around for a while already. This mechanism works very good and makes removal of spam very simple. Just with two or three clocks we can remove a spammer and all its posts.
Since a few weeks, however, it seems that the removal of U2Us about the spam are not removed or are only removed under some specific circumstances and this leads to enormous amounts of reporting U2Us in the moderator's and admin's U2U boxes. Removing all those U2Us at the moment is more work than removing actual spam. We need Polverone to have a look at this. At them moment of writing I again have 170 U2Us in my inbox. This also is the reason why moderators may miss some regular U2Us from other members. When wading through all those 100s of U2Us it easily happens that one too much is removed.

Corrosive Joeseph - 27-7-2018 at 00:42

Holy shit............ The WHOLE first page of todays posts is spammed......... YES........ THE WHOLE PAGE

:mad:



/CJ

symboom - 27-7-2018 at 10:18

Got one https://en.m.wikipedia.org/wiki/XRumer
Spammers software

XRumer is a piece of software made for spamming[1] online forums and comment sections. It is marketed as a program for search engine optimization and was created by BotmasterLabs. It is able to register and post to forums (forum spam) with the aim of boosting search engine rankings. The program is able to bypass security techniques commonly used by many forums and blogs to deter automated spam, such as account registration, client detection, many forms of CAPTCHAs, and e-mail activation before posting. The program utilises SOCKS and HTTP proxies in an attempt to make it more difficult for administrators to block posts by source IP and features a proxy checking tool to verify the integrity and anonymity of the proxies used.

Interesting there is a user with that username

He would post test just a test its the 2nd time i saw that ppst thwn he deletes it

[Edited on 27-7-2018 by symboom]

[Edited on 27-7-2018 by symboom]

[Edited on 27-7-2018 by symboom]

S.C. Wack - 27-7-2018 at 18:38

This spam wave is not of lurkers. Why not disable registration altogether, until certain posted times when heavy moderation is planned.

Vosoryx - 27-7-2018 at 21:07

I'm pretty concerned about turning away legitimate new users, but yeah, i can actually see where you're coming from.

Maybe, on the registration page, we put something like this:

"Hello future ScienceMadness.org user.
Unfortunately, we are currently dealing with a very serious spam problem. As such, we have temporarily turned off registration.
But don't despair! We want you on the forum. We know it's a bit of a hassle, but if you could please send an email to scimadregistration@gmail.com [or something like that] letting us know that you're an actual human and we will set you up an account and email it back to you. (Be sure to use the email you want associated with the forum)
The username and password can both be changed later.
We're sorry for the inconvenience."

That email account can be patrolled by the mods and new accounts can be set up as needed.

Perhaps, if the email starts getting spammed, we could add in a "code" so that the email doesn't get spammed all to hell too. I dunno, something like:

"In the subject of the email, please include the name of the metal prepared by mixing copper and zinc, commonly found in plumbing and gas fittings. This is so that we can find your email amongst the spam."

Then we could just search up every email in the inbox containing the word "brass" and find them all. And the code could be changed if the spammers get really sophisticated. (I doubt this will happen tbh, they'll decide it's too much work and screw off.)

It would probably mean a few more mods but it would completely kill the spam problem. We could go back to normal once they give up.

weilawei - 28-7-2018 at 01:57

How about hashcash? Force a new user to do a time-consuming computation. Force another round to reply or make a new topic. It was originally developed as a technique to cut down on email spam, but the situation here is exactly analogous.

[Edited on 28-7-2018 by weilawei]

unionised - 29-7-2018 at 04:27

Can we get the system software to throw out posts that are not mainly in the Roman alphabet?

Vosoryx - 29-7-2018 at 12:13

Hey look at that... The entire first page again.
Something needs to be done here, this is getting out of hand.

Screenshot_20180729-131214.png - 362kB

WGTR - 29-7-2018 at 13:03

That was three full pages of spam. Sigh. At least it's mostly gone now.

So far as I know I'm a "trusted reporter", so anyone else that is "trusted", or "semi-trusted" (has been here longer than 60 days and has more than 50 posts) can help nuke this stuff by reporting one of the posts from a given author. I usually report every spam post from an author (not just a few posts) when I'm close to a computer, so if someone else just gets a few of them it should still take out all the trash.

streety - 29-7-2018 at 13:08

Is the automated spam deletion script working? I thought it was reported to be malfunctioning.

j_sum1 - 29-7-2018 at 14:15

It worked well today. I have been the one complaining about it because there have been a number of posts that I have reported and I know others have reported and that are still hanging around hours later. But this morning I saw mass deletions of spam and five spammer accounts obliterated in the time it took me to clear my inbox.

MJ101 - 30-7-2018 at 11:52

Yeah...that XRunnerTest is a little unnerving. If someone is using that to test, then all is well and how can we help?

fusso - 12-8-2018 at 09:38

I think there are certain times when there's no mods/admins online due to time zones?

GameBoy - 12-8-2018 at 09:49

Leve the forum secure, and no need for anybody to "do" anything. No need to "protect" or "clean up" except maybe from few trolls rarely. There are stupid people telling me after rain "go clean up that rain" or when some animal gets into property "go chase that animal out of property". These people are stupid obviously, and real solution is to fix that broken roof through which rain falls inside, and close or fix that fence through which larger animals go through. It's stupid to dry or chase. Similar to how doctors try to "treat" disease, instead of just not making (producing) them. Charles Linden talked about this stupidity in his method by saying "anxiety can't be treated or healed" but only cause removed. Same is with forum, leave that stuff to the software, not to humans, except small part. Sure we need doctors to do surgery in rare cases, but thinking that they will protect us from our bad habits or death or solve all our problems for us is insane. Similar to how police and nobody can't protect us from abusers, insane aka crazy people, evil people. Just one example: https://www.youtube.com/watch?v=XSv8neBxd_w

unionised - 12-8-2018 at 10:24

Quote: Originally posted by GameBoy  
Leve the forum secure, and no need for anybody to "do" anything.

How?
Are you suggesting we don't let anyone post anything or that we don't allow any new members or what?

fusso - 12-8-2018 at 10:39

Quote: Originally posted by GameBoy  
Leve the forum secure, and no need for anybody to "do" anything. No need to "protect" or "clean up" except maybe from few trolls rarely. There are stupid people telling me after rain "go clean up that rain" or when some animal gets into property "go chase that animal out of property". These people are stupid obviously, and real solution is to fix that broken roof through which rain falls inside, and close or fix that fence through which larger animals go through. It's stupid to dry or chase. Similar to how doctors try to "treat" disease, instead of just not making (producing) them. Charles Linden talked about this stupidity in his method by saying "anxiety can't be treated or healed" but only cause removed. Same is with forum, leave that stuff to the software, not to humans, except small part. Sure we need doctors to do surgery in rare cases, but thinking that they will protect us from our bad habits or death or solve all our problems for us is insane. Similar to how police and nobody can't protect us from abusers, insane aka crazy people, evil people. Just one example: https://www.youtube.com/watch?v=XSv8neBxd_w
And obviously one of the trolls that need to be protected, cleaned up and eliminated is you.

Tsjerk - 12-8-2018 at 11:37

You are both bat shit crazy. If you can transfer the forum to a better secured platform I'm sure you will be welcomed a lot.

diddi - 12-8-2018 at 13:43

i agree with the timezone theory. i have watched helpless as a stream of threads appears. its to the point where if its full of spam, i just leave. over it. i offered to be a spam killer but the forum software does not support that ability.

DrP - 14-8-2018 at 01:35

Another forum I am a member on limits the number of posts a 'new member' can post to 5 per day until it has been confirmed they aren't a bot, a spammer or a troll (or some time has elapsed). That way if someone signs up to post spam then they only get 5 posts before it is locked automatically. It works quite well other than the occasional gripe from someone who is genuine and wants to join a discussion on their first day of joining.

It doesn't completely fix it - but it helps prevent a lot of it.