Jump to content

Word Filtering failing to block terms which have been explicitly set to be blocked from posting.


Recommended Posts

Hi, me again. Your resident pest about anti-spam measures 😛

Different problem this time though. I've got a message (actually a regularly repeating set) that has two terms which we have set to explicitly block submission in the word filtering for posts. The accounts doing the posting are still able to submit though, which shouldn't be the case.

I've tried a test post using my own admin account and it won't let them through, as expected.

I can't see anything out of the ordinary about this latest batch, but I've preserved one of the messages - hidden from public view of course. It should be at the bottom of this thread: https://www.afkmods.com/index.php?/topic/8841-tel-nalta-ii-patch-collection/

The blocked terms are "crypto pump", "crypto pumps", and "pump_upp". The first two being set to exact match, the third set to loose because they've been varying stuff before and after it.

And before someone suggests it, yes, the posts have been reported as spam with no favorable outcome for doing so.

Link to comment
Share on other sites

To confirm, the Word Filters were added prior to this post being made? Unfortunately, I am not seeing how this was made as with an administrator account and regular user, I am unable to reproduce this.

30 minutes ago, Arthmoor said:

And before someone suggests it, yes, the posts have been reported as spam with no favorable outcome for doing so.

Just to clarify here, are you referring to "Flag user as Spammer"? If so, this is on the user, not the post content. If you are referring to the report option on the post, this just flags it to your moderator team 😉 .

 

Link to comment
Share on other sites

Yes, the word filters have been in place for several days now with no result. They're still able to post. When I tried it myself, the filter blocked me from doing so. Which is why I don't get it. This shouldn't be getting through at all.

Yes, I'm referring to the "Flag as Spammer" function. If that doesn't do anything with the post comment, then I have to wonder, what's the point? You can't defend against spam properly if the system you're using doesn't do anything to analyze the content of the posts. Merely flagging a user as a spammer is pointless in this case and just clogs up the database with banned accounts.

Link to comment
Share on other sites

10 minutes ago, Arthmoor said:

Yes, the word filters have been in place for several days now with no result. They're still able to post. When I tried it myself, the filter blocked me from doing so. Which is why I don't get it. This shouldn't be getting through at all.

Is there anything on your system which you use an API or otherwise to post on your community? That would be a way around it as it isn't going directly through our software.

10 minutes ago, Arthmoor said:

Yes, I'm referring to the "Flag as Spammer" function. If that doesn't do anything with the post comment, then I have to wonder, what's the point? You can't defend against spam properly if the system you're using doesn't do anything to analyze the content of the posts. Merely flagging a user as a spammer is pointless in this case and just clogs up the database with banned accounts.

Our Spam Defense tool works on spammers, not their content. The idea is to stop them at registration, not when they are posting. One spammer could have 50 clients and could have several variants to post so stopping one message would just lead to them posting another but flagging the user as a spammer will then send this back to our system where if enough individuals do or we see a trend on our numerous points at registration, they will not be able to register on our clients' communities.

The system is not 100% perfect though and this is due to the nature of spamming and the internet. There are bot and human spammers. It is as profitable for them to figure out our systems as it is profitable for you and us to prevent them. Spamming goes in phases as well, we always see an uptick around the holidays and new year (you can imagine why). The more you report to the system, the more it learns.

If you haven't already, I would also recommend reviewing the Question And Answers feature for Spam Prevention in ACP -> Members -> Spam Prevention. A good Q&A question on registration is one that is immediately known by your audience but is hard to Google. It takes some time to come up with one but you will see a drastic decrease in spammers registering with the right questions. You also want to rotate these questions in and out, don't leave them up for a long period because as I said, there are human spammers whose sole jobs are to figure these out and post them on a huge spammers database once they do.

With all that said, if you have any suggestions for the Spam Defense system, please post these in our Feature Suggestion forum for further evaluation.

Link to comment
Share on other sites

3 hours ago, Jim M said:

Is there anything on your system which you use an API or otherwise to post on your community?

There shouldn't be. I haven't enabled anything like that via any options in the ACP.

 

3 hours ago, Jim M said:

Our Spam Defense tool works on spammers, not their content.

That seems very much less than effective then because bot farms don't keep using the same accounts. With the previous batch of airline ticket scammers, it was fresh new accounts every day. With these crypto bots, it's sleeper accounts they embeded on site months ago. Filtering solely based on the registration is completely ineffective. So I'll take your other advice and post on the other forum and recommend you guys partner up with Akismet - their service acts on the content and is ludicrously effective. Wordpress ships with that as a default plugin and everything.

Link to comment
Share on other sites

Unfortunately there seems to be no other post at the bottom of that topic, unless the account you have provided on file cannot see that content, so I would need an example I can see and look through to advise on what has happened there.

With regard suggestions, please feel free to post those up within the suggestions forum. 

Link to comment
Share on other sites

Unfortunately, this isn't something which we can reproduce based on any of the text here.  Additionally, the example we were looking into here has been removed. Please provide us with a URL and please leave that in place till we are through with our support here.

Link to comment
Share on other sites

We do have the same issue here on our forum. The issue is there since a few weeks and besides new accounts the posts where also made by older legit users which were not logged in since a couple of years. 

The content itself is:

<p>
	https://t.me/pump_upp - best crypto pumps on telegram<br>
	Make 1000% and more within 1 day, join channel @pump_upp !
</p>

 

Edited by Hackbart
Link to comment
Share on other sites

1 minute ago, Hackbart said:

We do have the same issue here on our forum. The issue is there since a few weeks and besides new accounts the posts where also made by older legit users which were not logged in since a couple of years. 

The content itself is:

<p>
	https://t.me/pump_upp - best crypto pumps on telegram<br>
	Make 1000% and more within 1 day, join channel @pump_upp !
</p>

 

Do you have Word Filtering in place to block these and are these spammers still getting by? That is the issue which is being reported here and that we need a URL to an existing post to further investigate. 

Link to comment
Share on other sites

2 hours ago, Jim M said:

Unfortunately, this isn't something which we can reproduce based on any of the text here.  Additionally, the example we were looking into here has been removed. Please provide us with a URL and please leave that in place till we are through with our support here.

Alright, I'll leave the next one up that comes along. After you told me the contents aren't being checked I removed it.

Glad to see I'm not the only one seeing this problem now though. Hopefully we can figure this out.

Link to comment
Share on other sites

4 minutes ago, Arthmoor said:

Alright, I'll leave the next one up that comes along. After you told me the contents aren't being checked I removed it.

It would not be a part of the Spam Defense system but it would work as a part of the Word Filtering (which is what we are troubleshooting here 🙂 )

Link to comment
Share on other sites

15 hours ago, Hackbart said:

Thanks, I added this now in the Obscenity filter. I will keep you informed if it still appears.

Could contain: Page, Text

The word filter I added yesterday does not seem to work. We got in the mean time a few spam posts with the same content which should be blocked according to the filter.

Link to comment
Share on other sites

7 hours ago, Marc Stridgen said:

Please see the following, which I believe may be what you are facing here.

https://invisioncommunity.com/news/invision-community/new-feature-a-friendly-reminder-before-posting-r1249/?tab=comments#comment-228962

Its not really meant to stop bots, but to encourage better posting

Yes, I am aware of what it's intended for. The problem is that you've got no actual spam filtering at all so this is what we're left to attempt in desperation to keep them from posting this crap. They're doing it anyway now, so even filtering has become useless.

I've given you examples of what we're facing. So has the other person responding here. Neither of us are getting adequate responses for the kind of money this package costs. You've suggested no actual solutions to the problem. Flagging the users is worthless. Especially if they're from sleeper accounts who registered quietly months and months ago with your "spam defense" doing nothing about it. At this stage of things even setting the site to require admin approval for all registrations won't do any good and will only piss people off who are legitimately wanting to join.

What's even worse is that there's a dirt simple solution to this that should take a team of professionals such as yourselves about a week to implement properly, but the impression I'm getting is that you've never even heard of it despite it being ubiquitous in the Wordpress community.

Yes, I get it, it's not meant to stop bots. What is? Does IPB literally do nothing at all about that?

Oh, and by the way, I'm going to remove the spam now since leaving it up for you guys to look at clearly hasn't done anything useful other than annoy our users and moderators both.

Edited by Arthmoor
Link to comment
Share on other sites

I am sorry to hear that your expectations of support are not being met, as that is not what we strive for. Please keep in mind though, that here in support, we can only inform you of what our software is capable of today. If that does not meet your needs, you're welcome to suggest new features in our Feature Suggestion forum. However, please keep in mind that these will be evaluated by our product team and if greenlit, worked into our development plan and lifecycle.

I am also sorry that you are getting frustrated with spam, I would too. It is, unfortunately, a very frustrating part of running a website. I am happy to shift the focus of this support topic from word filters to how else you can prevent spam now that we have established why these bots can get around word filters.

Seeing as you are seeing this with sleeper accounts that haven't posted in a while or have no/minimal posts, you may wish to use our group promotions tool to kind of separate users who have no or minimal activity to those who do. You can then mod queue the initial group that has no or minimal activity for 1 approved post or whatever you see fit to remove that mod queue. You can read more on that here: https://invisioncommunity.com/4guides/members-and-groups/promoting-members-r313/

There is also Automatic Moderation where your users can report content and if it meets the number of reports that you setup, it can be automatically hidden. This is helpful if you have a small moderator team or when your moderator team is offline. This can be done in ACP -> Members -> Automatic Moderation.

Unfortunately, based on what you and a few others are reporting, there is quite a large spam attack going on out on the web currently. You may wish to analyze the given IP addresses or countries of the offending users and ban these at the network level with your hosting provider if you do not have real members from these countries. There are other solutions like CloudFlare which like you ban whole ASNs which may be of use as well.

 

Link to comment
Share on other sites

But we haven't established how they're able to bypass the filters. Where did this ever get mentioned? Seems to me if "X" is blocked, it should be blocked. Not ignored and allowed anyway for a select set of random individuals when moderator and admin testing claims the posts would have been blocked.

So you're now seriously suggesting that we implement measures that are only going to piss of legit members?

Link to comment
Share on other sites

3 minutes ago, Arthmoor said:

But we haven't established how they're able to bypass the filters. Where did this ever get mentioned? Seems to me if "X" is blocked, it should be blocked. Not ignored and allowed anyway for a select set of random individuals when moderator and admin testing claims the posts would have been blocked.

As mentioned by Matt, this is done in Javascript. Some bots can literally get past this as it is not done in processing the actual data. This is due to this is not meant for spam prevention.

Link to comment
Share on other sites

4 minutes ago, Arthmoor said:

So you're now seriously suggesting that we implement measures that are only going to piss of legit members?

You are asking for suggestions to help fight the spam you are encountering. These are tools within the software today that you can deploy. 

Many of our customers have deployed this for other reasons and this has not angered their member-base because it only impacts new or those who have no/minimal content. How you deploy this is up to you. 

Link to comment
Share on other sites

So are you saying that the post filtering is relying on client side javascript rather than being processed server side?

If so then I'd have to agree with a number of posters in the other topic you guys suggested that the feature is basically useless bloat and ought to be removed to make room for something that actually works.

Link to comment
Share on other sites

Just now, Arthmoor said:

So are you saying that the post filtering is relying on client side javascript rather than being processed server side?

If so then I'd have to agree with a number of posters in the other topic you guys suggested that the feature is basically useless bloat and ought to be removed to make room for something that actually works.

You are more than welcome to suggest that if you wish.

Talking with my team internally, there are some improvements for link filtering in the future that will be server-side. However, word filtering is not currently being worked on.

Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...