Wish List: Flag Spammer Ip address during new post review

[KOTWKOTW]

I am a longtime Invision Board user. I go back to the very first version.

Lately a lot of spam has caused me to waste time deleting posts from spammers.

The current method of marking spammers only when they register as members does not work for boards that allow Guests to post without becoming a member.

I would like to see the following programmed into Invision Board. When a spammer posts as a guest or member, upon the post review by the moderator, the moderator could select Approve, Delete,
Pin, Move or SPAM. The new SPAM option would delete the post and flag the Ip address to allow no further posts from that address. Invision Board would with authorization collect the ip spammer data and allow other Invision boards to use that spammer data to block those addresses. This would provide a more direct method of dealing with the spammers.

Once this simPle option is implemented the spammers will get the message and stay away from a futile act of trying to post. Those that get through will be flagged and ideally the volume of spam will become a trickle that is easy managed by the SPAM option on new post reviews.

Stopping spammers is crucial to Invision boards future success and this option should be done immediately. It is not that hard to implement.

[Rimi]

Hello.

Doesn't the spam service already do all of this? I think what you're actually looking for is for the spam service to be called whenever a guest posts.

[Wolfie]

The current method of marking spammers only when they register as members does not work for boards that allow Guests to post without becoming a member.

I would like to see the following programmed into Invision Board. When a spammer posts as a guest or member, upon the post review by the moderator, the moderator could select Approve, Delete,

Pin, Move or SPAM. The new SPAM option would delete the post and flag the Ip address to allow no further posts from that address. Invision Board would with authorization collect the ip spammer data and allow other Invision boards to use that spammer data to block those addresses. This would provide a more direct method of dealing with the spammers.

Once this simPle option is implemented the spammers will get the message and stay away from a futile act of trying to post. Those that get through will be flagged and ideally the volume of spam will become a trickle that is easy managed by the SPAM option on new post reviews.

In some ways, what you're suggesting would seem simple but really it's more complex and is faulty.

Getting right to an obvious one, you think that simply banning the IP address will fix the issue? Really it won't and will actually negatively impact your board once it reaches a certain point. Why? Because the banning of each IP address used to make spam will only prevent it from that one IP address, meaning that to get it to 'slow down to a trickle' will require hundreds (if not thousands) of addresses being banned. On top of that, it will only stop the newbie/simple/amateur spammers. The more advanced spammers, or those using the heavy duty bots, won't be using their real IP address to begin with. They'll use one of several methods to mask it so you are banning the wrong IP address. Once enough places have banned that IP address, it starts using another one and hits many of the same sites again.

There's also the issue of preventing legitimate visitors from using your community. For example, let's say that someone from a public location (say a cafe, library, etc) is trying to visit your community but a spammer already used that same IP to spam your site (even if they weren't at that location physically). Anyone from that location will be unable to get to your community which means a loss of visitors. Sounds like a minor problem and you might consider the loss of a few legitimate visitors to be worth it to stop spam, but really, you've only banned that one IP address from being used to attack your site and again, the spammer most likely wasn't even really there, just using the IP address.

There's also another problem, one that is rather hard to protect again. The last time I checked, people who use AOL for service, at least for dial-up, would get a random IP address from a pool of thousands, perhaps even millions, of possible IP addresses. I used to be a supervisor of a chat room for a few years and we became all too familiar with IP addresses of AOL visitors and the problem of trying to ban them. Ban the IP, a couple of minutes later they return and would often 'play dumb' and claim that they hadn't been in there before, all the while using similar names, spelling, grammar, etc as they did a few minutes ago. (Imagine someone using a capital letter for each word, always misspelling one particular word that they use in almost every sentence as well as a couple of other dead giveaways.) Okay so ban them again. Couple of minutes later, they're back and going through the same routine again. Problem is, their IP address changes so drastically that in order to successfully ban them would require banning a few regular visitors, some of which may already be in the chat.

Not saying that I wouldn't like to see improvements on spam prevention, just the banning of an IP address will only stop some wannabe spammers. It basically only stops those who don't really know what they're doing. Also, as Lucy mentioned, there is the SMS (Spam Monitoring Service).

If you really want to stop spamming from guests, disable guest posting or require content from guests to be approved before it's publicly available. Won't exactly stop it from coming in, but at least it'll prevent it from showing up to others. Eventually, the spammers will get the hint and avoid your site, at least for awhile. For example, due to a lot of spam registrations, I had enabled email+admin validation of new members and at first there were several registrations (from obvious spammers) and I would ban those accounts. That quickly stopped and I was able to disable the admin part of the validation and for several months the problem was gone. Point being that if you enable a feature to more or less stop them in their tracks (regardless of the IP/email being used), they'll give up for awhile and move onto other easy targets. They will come back, but at least until then, you can loosen the security a bit.

[KOTWKOTW]

The SMS system doesn't work with boards such as mine what allow Guest posters. Non-Member posts is what drives the Board. My request would help the majority of Invision Board moderators who have to go through all the spam to get to the real posts. When you mark in the Member section an individual who is trying to become a member, don't you block his IP address? Or is something else going on there that prevents that spammer from posting again?

What's the solution? Unless Invision Board addresses this issue it will not be able to be the premier message board.

I'm not just criticizing Invision Board for the sake of criticism. I'm a longtime supporter of Invision Board. It's a great board format and has been from the beginning but the board is at a crossroad and it's programmers need to step up and find a viable solution. For me, I will take blocking some innocent guest who is using the same ip address as a spammer rather than having to go through spam post after post deleting them in mass.

KOTW

[Royzee]

I will take blocking some innocent guest who is using the same ip address as a spammer rather than having to go through spam post after post deleting them in mass.

An "innocent guest" is not going to have the same IP as a listed spammer.

[Wolfie]

The SMS system doesn't work with boards such as mine what allow Guest posters. Non-Member posts is what drives the Board. My request would help the majority of Invision Board moderators who have to go through all the spam to get to the real posts. When you mark in the Member section an individual who is trying to become a member, don't you block his IP address? Or is something else going on there that prevents that spammer from posting again?

I don't know the inner workings of the SMS service (it's on the IPS end of the deal), but flags based on different criteria, including IP address, but not limited to it. What if the same email address is being used but different IP addresses? Should each of those IP addresses be banned just because one spammer used that IP address one time? There are over a billion possible IP addresses (much much more), what if a majority of those are somehow spoofed by spammers? It's something to seriously keep in mind. Not saying an IP address should never be banned because a spammer used it, just you should keep that in mind when banning an address.

What's the solution? Unless Invision Board addresses this issue it will not be able to be the premier message board.

I'm not just criticizing Invision Board for the sake of criticism. I'm a longtime supporter of Invision Board. It's a great board format and has been from the beginning but the board is at a crossroad and it's programmers need to step up and find a viable solution.

A lot of people come up with an idea/feature to add to the product and make references to how it will make IP.Board the ultimate forum or how without it, IPB won't reach a certain status. I've said things like that too, I won't deny. However it really boils down to being an opinion. Not saying your suggestion doesn't hold any value or that it doesn't have any merit to it.

As for finding a solution, the truth is, a majority of that responsibility falls on the ISP's and other providers who make it so easy for spammers to wreck havoc on everyone. Seriously, if I were providing a service where people could get onto the internet and a majority of my clients was made up of those who bombard people with spam, would you really blame it on the software on the sites being victimized or would you think that I should be taking responsibility for letting it happen when I could have prevented it? Wouldn't be hard for me to have installed software that would analyze usage and alert me when someone is likely using my service to spam others.

Decent web hosting companies forbid abusing their services for such activity because otherwise, enough people report emails as spam that generated from that hosting company, and their email servers end up blocked, which then prevents legitimate clients from sending out legitimate emails because it ends up flagged as spam even though it's not. IPS has even removed the option to 'ignore' a members preference to not receive admin emails, so that the software can't be easily abused (it's still possible, but requires altering the software, but that's another issue altogether).

An "innocent guest" is not going to have the same IP as a listed spammer.

That's not true. The more knowledgeable and experienced the spammer, the more likely they will be using proxies or other methods to mask their real IP address. In other words, they could end up being from an IP address of someone legitimate that visits the site. The more popular the site, the more likely this is to occur. Saying that it can't happen or won't happen is ignoring reality. To use the AOL example again, someone could be using a legitimate service and happen to be one of the few who abuses the service to spam sites before their account gets terminated.

[KOTWKOTW]

Wolfie,

Thank you for your well thought out response. As my post title states "Wish List". I believe that my suggested wish list item has validity. Maybe it has to be tweeked by those who are much more familiar with the "back office" technical operation of the internet as they related to message boards and spammers. I prefer to operate my message board and let the tech guys handle the "back office" stuff that make my board look great and provide a service to my community.

Long live Invision Board. I've been a long time advocate for the board. My board has over 86,000 posts acquired over 8 years. That's a lot of "Approve", "Delete", and "Edit". I don't mind those but the Spammers frustrate me. I don't understand how they think that their obvious self serving posts are ever getting through the approval process but it would be nice to get rid of them forever. A dream I know.

Regards,

KOTW

[Wolfie]

I believe that my suggested wish list item has validity. Maybe it has to be tweeked by those who are much more familiar with the "back office" technical operation of the internet as they related to message boards and spammers. I prefer to operate my message board and let the tech guys handle the "back office" stuff that make my board look great and provide a service to my community.

I'm as much against spammers as anyone else (except of course, spammers, because they're all for allowing spammers to flood everything in hopes of getting an extra dollar). Just that there better ways to try to prevent spam without going on an IP ban spree.

If you look in the marketplace, you might find something that increases the difficulty for spammers while not being difficult or a nuisance to valid visitors.