xoops forums

goffy

Quite a regular
Posted on: 2016/8/8 6:43
goffy
goffy (Show more)
Quite a regular
Posts: 377
Since: 2010/12/27
#1

Antispam solutions

Hi together

I want to open this new thread, because default procedure (https://xoops.org/modules/smartfaq/faq.php?faqid=856) to avoid spamming is not sufficient enought.
Quote:
Why not take a break and come back in 600 sec
is no solution.
It is like to capitulate against spammers.
And, in my opinion, a solution for this problem should be first priority.
If I visit as a new xoops user this main website of xoops and I recognize, that they have problems to fix this, maybe I go away.

Some ideas from my side:
1) in user management there should be a button "Ban user" and then the email and IP should be added to protectors ban list
2) the spammers often use the same mail domain (e.g. "...@mail.ru). it should be possible to add such maildomains to registration blacklist
3) each user should get a flag for trustworthiness (depending on the rank or the numbers of good postings,...). Depending on this flag also the time for "Why not take a break ..." and so on
4) adding captha methods (like google reCaptcha) to Xoops core

any other ideas?

Mamba

Moderator
Posted on: 2016/8/8 8:05
Mamba
Mamba (Show more)
Moderator
Posts: 10799
Since: 2004/4/23
#2

Re: Antispam solutions

Quote:
And, in my opinion, a solution for this problem should be first priority.
If I visit as a new xoops user this main website of xoops and I recognize, that they have problems to fix this, maybe I go away.

No reason to panic!

Last week we had a concentrated spam attack, so we've increased temporarily the minimum pause between postings to slow these guys down, till they run out of email and IP addresses for registration. Right it seems to be OK, but we are still monitoring it, and hopefully soon we'll go back to normal.

Quote:
Some ideas from my side:
1) in user management there should be a button "Ban user" and then the email and IP should be added to protectors ban list

Yes, that's what we're doing it, so it was question of time till they run out of email and IP addresses.

Quote:
2) the spammers often use the same mail domain (e.g. "...@mail.ru). it should be possible to add such maildomains to registration blacklist

Most registrations were from @gmail accounts, which you obviously don't want to block

Quote:
3) each user should get a flag for trustworthiness (depending on the rank or the numbers of good postings,...). Depending on this flag also the time for "Why not take a break ..." and so on
4) adding captha methods (like google reCaptcha) to Xoops core

That's what we've discussed with Richard couple of days ago - if you're a new user, and have less than X messages posted, you time between messages is 10 min, if you're between X and Y, then 5 min, and anything above Y, no limitation. But we're open to other suggestions...

Quote:
any other ideas?

Ideas are nice and good, but what's would be better, are actual solutions
So if anybody wants to go and implement something, please do and show us your code...
Support XOOPS => DONATE
Use 2.5.10 | Docs | Modules | Bugs

Cifug

Quite a regular
Posted on: 2016/8/8 10:09
Cifug
Cifug (Show more)
Quite a regular
Posts: 208
Since: 2007/12/13
#3

Re: Antispam solutions

I get the need to do something and the time it would take to implement a fix, but if I was new to any forum and excited about this new thing I found and had half dozen issues I wanted to talk about, but had to wait 10 minutes between my posts, not sure how long I would hang around. I think 10 minutes is too long.

Maybe 2 minutes? It would still slow spammers down massively.

Just my 2 cents.

goffy

Quite a regular
Posted on: 2016/8/8 10:45
goffy
goffy (Show more)
Quite a regular
Posts: 377
Since: 2010/12/27
#4

Re: Antispam solutions

hi mamba

Quote:
Quote:
2) the spammers often use the same mail domain (e.g. "...@mail.ru). it should be possible to add such maildomains to registration blacklist

Most registrations were from @gmail accounts, which you obviously don't want to block

on my sites most of spammers have mail.ru or .pl
on xon.myxoops.org we have nice email domains like a.mylittlepony.website or f.pattaya-mega.com
so, IMO it make sense to have a blacklist with suspicious mail domain. maybe we can solve it, that
- this email domain need admin verfication or
- this registration will be blocked immediately

Quote:
That's what we've discussed with Richard couple of days ago - if you're a new user, and have less than X messages posted, you time between messages is 10 min, if you're between X and Y, then 5 min, and anything above Y, no limitation.
that good to hear

Quote:
Ideas are nice and good, but what's would be better, are actual solutions
So if anybody wants to go and implement something, please do and show us your code...
I prefer to discuss first and if we have a common agreement then I start with coding

Quote:
Quote:
1) in user management there should be a button "Ban user" and then the email and IP should be added to protectors ban list
Yes, that's what we're doing it, so it was question ...
This is the second reason for discussing first, because if someone is already dealing with it, it make no sense that I do the same

geekwright

Quite a regular
Posted on: 2016/8/8 14:09
geekwright
geekwright (Show more)
Quite a regular
Posts: 277
Since: 2010/10/15
#5

Re: Antispam solutions

Just tossing out a couple of things I have been considering, in addition to the graduated rate limiting.

In Protector there is a spam filter, postcommon_post_need_multibyte.php, that was designed to protect CJK sites from english spam. It counted multibyte characters and rejected the post if there were too few -- an intended language heuristic.

A lot of the recent spam wave involved almost exclusively CJK and other multibyte look alike characters. A filter that rejected a post based on an opposite heuristic (too many bytes for the number of characters) would be a very easy fix suitable for many target audience languages.

On a related note, it seems a bit too cumbersome to manipulate the protector filters. It would be nice to be able to manipulate them from a web interface.

Another approach to consider is a varying pattern of response. We tend to have a fixed response, and that benefits spam automation. Sometimes delaying, sometimes denying, sometimes presenting additional captcha, anything that changes the script would present an bigger obstacle to bots and cheap human labor.

It is important to remember this is not just a one time fix situation. Spam is a ever changing problem, and it has been a while since our tools for this have been updated. I'll read these suggestions and concerns, and we'll devise a plan to incorporate the best. We'll also try to do a more continuous review of this area to keep it fresher, more up to date.

goffy

Quite a regular
Posted on: 2016/8/12 8:36
goffy
goffy (Show more)
Quite a regular
Posts: 377
Since: 2010/12/27
#6

Re: Antispam solutions

hi geekwright

two additional ideas, which I have implemented on myxoops.org:
1) starting point of bots is register.php, I'm using another name (changed manually). Would it be possible to generate during installation of xoops a random file name and write this file name into xoops config?
2) normally nobody types in "http://website.com/register.php" in the Url field of browser. Everybody use the link somewhere on the website to get to registration form, therefore there must be a http referer if register.php starts.

Of course, this steps do not help against cheap human labor.

What do you think?

option

Just popping in
Posted on: 2016/8/14 0:02
option
option (Show more)
Just popping in
Posts: 50
Since: 2006/5/24
#7

Re: Antispam solutions

and Recaptcha for xoops ....
https://github.com/bitcero/reCaptcha
:O

geekwright

Quite a regular
Posted on: 2016/8/17 2:37
geekwright
geekwright (Show more)
Quite a regular
Posts: 277
Since: 2010/10/15
#8

Re: Antispam solutions

Quote:

goffy wrote:
hi geekwright

two additional ideas, which I have implemented on myxoops.org:
1) starting point of bots is register.php, I'm using another name (changed manually). Would it be possible to generate during installation of xoops a random file name and write this file name into xoops config?
2) normally nobody types in "http://website.com/register.php" in the Url field of browser. Everybody use the link somewhere on the website to get to registration form, therefore there must be a http referer if register.php starts.

Of course, this steps do not help against cheap human labor.

What do you think?


Have the changes made a measurable impact?

It seems like the changed name of the register.php would just be another database item for the bot logic, just like the domain and field details. A bot survey of the site could just look for the link by proximity or labels. It would invalidate the current state for bots targeting the site, but I'm wondering if it would really deter new ones.

The referer check comes with a lot of potential for collateral damage. Lots of things blank that header. I've seen corporate proxies that do that, along with a number of security and privacy services/extensions. It would stop bots coming in directly, but it also could stop legitimate traffic.

I'll definitely keep considering the possibilities. Thanks for the ideas!

geekwright

Quite a regular
Posted on: 2016/8/17 2:39
geekwright
geekwright (Show more)
Quite a regular
Posts: 277
Since: 2010/10/15
#9

Re: Antispam solutions

Quote:

option wrote:
and Recaptcha for xoops ....
https://github.com/bitcero/reCaptcha
:O


There is a certain elegance in a "let Google fight the war for you" strategy