Spammers & bots

[Pete Mack]

After the massive pr0nspam attack yesterday, I took a look at the new members list.

It's pretty clear this site is under moderately heavy attack by bots--there are an insane number of new 'members' with obviously generated names with 0 posts and 0 visits, on order of 10 registrations per day. One of them--apparently a master site--is repeatedly using an R-rated picture as its avatar.

Pav,
This is looking rather grim. Can you put some restriction on the composition of user names or something?

If you like, I'm willing to research the vbulletin boards for possible remedies.

[Nick]

A partial solution might be to

1. Include a comment in the registration email to the effect that any account which has no posts and no ladder dumps within a week will be deleted and
2. Delete any account with no posts or ladder dumps within a week.

Don't ask for implementation details - I'm more of an idea rat.

[pav]

Pete, I am aware of those usernames. So far, they havent done any harm, or any activity at all. They were all registered from a single subnet of certain Indonesian ADSL provider, which is rather curious.

The spam outbreaks are always done by a freshly registered username.

Deleting accounts is counter-productive, as that allows the spambot second round of spamming. Banning these accounts is better.

[Derakon]

I recommend changing the captcha to something more specific to Angband. I don't think that the bots are specifically targeting this site; they're just scanning for forums they know how to register and post on, and then trying repeatedly to get past the captcha. Change it into something like "What is the first artifact light source most characters find?" (and then doing a regex for "galadriel" on the answer) would probably work pretty well. Or even "What famous fantasy author's work is Angband based on?"

Heck, one site I use just says "Are you human?"

[SaThaRiel]

Yeah, fighting spam(-bots) is not an easy task. I have some success on a forum with a simple math module (well, for phpBB). Its just questioning stuff like "seven plus 3" or "IV minus six" and the like...it seems to work. Maybe this is an idea for this board (if there is a module for vBulletin). The "board topic" related question will work too.
Captcha and email activation do some good but seem to leak a bit. I dont know why...maybe the bots are good enough.
Another change i recently made is to put all users into a "newly registered users" group which doesnt allow them to browse the memberlist, pm other members and post directly (posts have to be approved first). They will be put into the usual member group after 2 posts (apporoved ones). I think that you can compare the workload to this forum (also more users but postcount should be similar or just a bit higher). And it consumes maybe 15-20 minutes additional "work" a day.
Protecting the admin area with an .htaccess file seems to do good too. So many little things can be done. The sum should work well

[pav]

Those are solid advices, but I believe the recent spam outbreaks were carried out by a living fleshy human, not by a botnet.

I would hate to inconvenience newcomers to have to wait a couple of hours before their initial post is approved. I fear that would drive people away from starting to post on here. I already do that thing you mentioned about PMs.

[Atarlost]

You could, though, hold any post with an external url or image by a new poster for moderation.

So urls that start with andband.ook.cz are allowed through (since the ladder is here) but any other url gets the post in the moderation queue.

[pav]

Not a bad idea. I will check how hard it will be to implement in vB.

[SaThaRiel]

Hm, and what about having a post delay of some minutes for the second post (after registration - one post direct, 2nd one has to wait)? Mostly people who are interested will post one topic or answer a question maybe - but they seldom post 2 or more times after they registered. So this may help to keep the mass spamming flesh humans away because it takes them too much time (actually they get paid for it).
Sure there is the chance that someone wants to post twice and maybe has to wait for 5 minutes. But with a good description this shouldn't be a too big problem for most people. And if its a problem for them then theyre maybe in the wrong forum anyway

[pav]

Ineffective - the first spam will still get through.