Arthmoor Posted May 18, 2023 Posted May 18, 2023 On 5/18/2023 at 10:07 AM, Marc Stridgen said: The reality is, in order to prevet spam, they need to first of all be known to be spam. Expand This is where the Akismet proposal I suggested comes into play. The spammers will indeed be known because the system will have detected already. They don't rely on waiting for assaulted forum admins to mass report things. Their algorithm is good enough to detect it on the first encounter in nearly all cases and then everyone using the same system benefits from that. Clover13 1
Marc Posted May 19, 2023 Posted May 19, 2023 On 5/18/2023 at 9:49 PM, Arthmoor said: This is where the Akismet proposal I suggested comes into play. The spammers will indeed be known because the system will have detected already. They don't rely on waiting for assaulted forum admins to mass report things. Their algorithm is good enough to detect it on the first encounter in nearly all cases and then everyone using the same system benefits from that. Expand There does seem to be somewhat of an assumption of how the spam service works, which is not entirely correct. We do not rely solely on reports from admin. In almost all cases, we find that systems are simply not set up in the way we recommend. This being the case, even adding Akismet would not solve an issue, as people have to actually use it, like the current features. No system will work if they aren't being used. I would say, Askimet is also far from perfect, having used it myself. It is good, but doesn't appear any better than setting things up correctly on our system
Arthmoor Posted May 19, 2023 Posted May 19, 2023 (edited) My basic point is that Akismet would never have allowed those airline spammers everyone is getting hit by to post anything, even right out of the gate on a fresh account. The current system in IPS appears to be almost entirely defensive/reactive in nature and has proven wholly ineffective at handling the problem. Even when setting up hCaptcha at "difficult" level, the problem remains. The only other advice I've seen you guys or anyone else give is to pay $20 for the CleanTalk app. While I'm sure that's an effective solution, it's one that raises the expense of running the package as a whole and not all of us want to do that. If there's something more you guy have to suggest on the subject, I'm sure we'd all appreciate knowing. I've been using Akismet for years on non-standard packages it wasn't even meant to be used on, and it's proven solid and reliable. Spammers have yet to succeed in bypassing it for posting, and only occasionally get past it for initial account registration. Edited May 19, 2023 by Arthmoor georgebkk 1
Joel R Posted May 20, 2023 Posted May 20, 2023 FYI my community was spammed by the airline spammers for weeks. It was very frustrating. The suggestions posted above by IPS are insufficient. I customized and enabled ALL spam prevention options in the ACP. I even rotated and changed these options in a near daily basis (eg. Switch from hcaptcha to recaptcha, then back to hcaptcha) and rotated through unique and highly customized challenge questions. I even enabled profile completion with required steps where users were forced to upload profile pictures and fill out their profiles. This would delay the spam by one or two days, but the spam kept coming through. It was so bad back in January and February that I turned off registrations completely for several weeks. When I backtraced the IP addresses, I discovered even more accounts in my member database that were inactive and never used for spamming. If you're being hit by waves of spam, the spam prevention in the ACP is only one part of your arsenal. I took additional steps including: - installing the third party Cleantalk. - Moderating all new posts (Ive never liked this step, because it slows down the engagement of new users. My sites activity is at a level where new members post almost every hour, so I had to expand my moderation team.) - Requiring profile completion (I've never liked this step, because it applies and frustrates ALL users) - Requiring strong password and 2FA - Aggressively rotating and changing up Spam Prevention options. (This was probably the least effective strategy)
Marc Posted May 22, 2023 Posted May 22, 2023 On 5/20/2023 at 11:17 AM, Joel R said: Aggressively rotating and changing up Spam Prevention options. (This was probably the least effective strategy) Expand It would actually add to the issue also, as you are essentially always at some point switching to one which is not as effective. Im interested as to whether or not you upped the sensitivity on hCAPTCHA? I ask as thats tended to be effective in most cases I have tried. Of course, adding additional measures as you have mentioned there is never going to hurt, and glad you managed to get the issue resolved for yourself. In your case, you found you did need extra, however you had also made sure things were set up correctly first of all. My point above was that in many cases (most) we find they havent been. So its always advisable to do that in the first instance. On 5/19/2023 at 9:35 PM, Arthmoor said: My basic point is that Akismet would never have allowed those airline spammers everyone is getting hit by to post anything, even right out of the gate on a fresh account. The current system in IPS appears to be almost entirely defensive/reactive in nature and has proven wholly ineffective at handling the problem. Even when setting up hCaptcha at "difficult" level, the problem remains. The only other advice I've seen you guys or anyone else give is to pay $20 for the CleanTalk app. While I'm sure that's an effective solution, it's one that raises the expense of running the package as a whole and not all of us want to do that. If there's something more you guy have to suggest on the subject, I'm sure we'd all appreciate knowing. I've been using Akismet for years on non-standard packages it wasn't even meant to be used on, and it's proven solid and reliable. Spammers have yet to succeed in bypassing it for posting, and only occasionally get past it for initial account registration. Expand Of course feel free to post that up as a suggestion in our feedback area, as mentioned 🙂
Arthmoor Posted May 22, 2023 Posted May 22, 2023 On 5/22/2023 at 5:52 AM, Marc Stridgen said: Of course feel free to post that up as a suggestion in our feedback area, as mentioned Expand I did, back in January, but there's been no indication of any interest from IPS at all.
Marc Posted May 23, 2023 Posted May 23, 2023 On 5/22/2023 at 10:23 PM, Arthmoor said: I did, back in January, but there's been no indication of any interest from IPS at all. Expand We wont necessarily respond to everything, but they are all certainly read and considered
Combat_Pilot_Jason Posted May 23, 2023 Posted May 23, 2023 On 5/23/2023 at 8:55 AM, Marc Stridgen said: We wont necessarily respond to everything, but they are all certainly read and considered Expand Hello Marc and everyone, So my new forum has gotten hit by the spammers already. I also had this problem at my old forum, but I recall we were able to approve all first posts from new members and this squashed it, but I don't see that ability in the backend now. Is it not possible? I don't see such a setting or am I blind? Thanks for any help, Jason
Jim M Posted May 23, 2023 Posted May 23, 2023 On 5/23/2023 at 3:44 PM, Combat_Pilot_Jason said: So my new forum has gotten hit by the spammers already. I also had this problem at my old forum, but I recall we were able to approve all first posts from new members and this squashed it, but I don't see that ability in the backend now. Is it not possible? I don't see such a setting or am I blind? Expand ACP -> Members -> Groups -> edit your base member group -> Content tab -> Require approval before content shows?
Combat_Pilot_Jason Posted May 23, 2023 Posted May 23, 2023 (edited) On 5/23/2023 at 3:58 PM, Jim M said: ACP -> Members -> Groups -> edit your base member group -> Content tab -> Require approval before content shows? Expand I must be blind I do not see such a setting there. Jason On 5/23/2023 at 3:58 PM, Jim M said: ACP -> Members -> Groups -> edit your base member group -> Content tab -> Require approval before content shows? Expand Ok I finally found it, but does it apply only to a user's first post or every post? I wans to hold only their first post. Jason Edited May 23, 2023 by Combat_Pilot_Jason
Ryan Ashbrook Posted May 23, 2023 Posted May 23, 2023 If you set it to Yes, another option will appear allowing you to set when it's automatically removed.
Combat_Pilot_Jason Posted May 23, 2023 Posted May 23, 2023 On 5/23/2023 at 4:23 PM, Ryan Ashbrook said: If you set it to Yes, another option will appear allowing you to set when it's automatically removed. Expand Thank you Ryan! Solved. Appreciate it. Jason
Clover13 Posted May 25, 2023 Posted May 25, 2023 One of my sites got hit early this morning by 92 spammer accounts with hCaptcha on Difficult. Same airline attack wave I've had some spammers join from over the last week or two, but nothing with this kind of volume in such a short period. Worst attack I've had on that site in over 10 years. Had to put the site into email confirmation + admin approval for now.
Clover13 Posted May 25, 2023 Posted May 25, 2023 Added Q&A challenges and they still are completing registrations.
Jim M Posted May 25, 2023 Posted May 25, 2023 On 5/25/2023 at 4:43 PM, Clover13 said: Added Q&A challenges and they still are completing registrations. Expand They are easily Google-able so you may have already been hit by a human who went through them all or a smart AI. SeNioR- 1
SeNioR- Posted May 25, 2023 Posted May 25, 2023 (edited) On 5/25/2023 at 8:21 PM, Jim M said: been hit by a human Expand Some dumbass might be doing this on purpose... 😖 Edited May 25, 2023 by SeNioR-
Randy Calvert Posted May 25, 2023 Posted May 25, 2023 If it's spamming the same thing, look at the IP addresses and see if they are in the same range. If so, block the /24.
Clover13 Posted May 25, 2023 Posted May 25, 2023 (edited) On 5/25/2023 at 8:29 PM, Randy Calvert said: If it's spamming the same thing, look at the IP addresses and see if they are in the same range. If so, block the /24. Expand Nope, they're all over...little bit of reuse but not a ton. Majority of spot checks passed with a spam score of 1. nojon88181 nojon88181@goflipa.com 2023-05-25 04:46 2402:1f00:8000:800::19a8 Asia/Kolkata hud9304 hud93047@zbock.com 2023-05-25 05:08 207.244.127.168 America/Los_Angeles tnd89615 tnd89615@omeie.com 2023-05-25 05:14 2401:4900:1f37:c44f:e045:bde5:acef:97d4 Asia/Kolkata sidmohan hewabej348@introace.com 2023-05-25 05:55 2401:4900:1f38:26ac:48c6:c940:c2f2:cab Asia/Kolkata Elena hivivow758@goflipa.com 2023-05-25 06:02 49.50.79.127 Asia/Kolkata dashi wakajov941@goflipa.com 2023-05-25 06:11 49.50.79.127 Asia/Kolkata John245 avdeshraghav66@gmail.com 2023-05-25 06:13 49.50.79.127 Asia/Kolkata Nick7685 tayoj72801@favilu.com 2023-05-25 06:14 37.120.141.90 Asia/Kolkata sara fokeri1070@introace.com 2023-05-25 06:25 2401:4900:1f38:26ac:48c6:c940:c2f2:cab Asia/Kolkata yojolog996 yojolog996@lifezg.com 2023-05-25 06:35 2605:6440:5007:1000::15ca Asia/Kolkata kuhbitj3310 teresia14@mailtouiq.com 2023-05-25 06:35 180.151.20.76 Asia/Colombo Miller Robert milerrobertusa@gmail.com 2023-05-25 06:40 2409:4055:495:8176:daff:33fd:b293:fc13 Asia/Kolkata vipal54038 vipal54038@pgobo.com 2023-05-25 06:51 2405:201:4008:1893:e0bd:6369:bd65:e936 Asia/Kolkata hanzel0121 hanzel.theophilus@minofangle.org 2023-05-25 07:02 2401:4900:5ac8:2d9a:2075:8819:596f:c232 Asia/Kolkata nduaor nduaor@internetkeno.com 2023-05-25 07:28 185.198.240.65 Asia/Kolkata das324 ymypnuv@mailto.plus 2023-05-25 07:29 89.187.178.176 Asia/Kolkata hasali2049 hasali2049@favilu.com 2023-05-25 07:39 185.209.160.122 Asia/Kolkata AirlinesSupport2023 goyoboj364@goflipa.com 2023-05-25 07:39 2605:6440:4010:6000::b74c America/Los_Angeles piemrgn piemrgn@gofsrhr.com 2023-05-25 07:40 191.101.132.27 Asia/Kolkata jftfki333 jftfki333@outlook.com 2023-05-25 07:44 191.101.132.27 Asia/Kolkata rafes11379 rafes11379@favilu.com 2023-05-25 07:46 181.214.107.51 Asia/Kolkata huntersquad huntersquad@matchmatepro.com 2023-05-25 07:47 63.135.161.63 Asia/Kolkata jhoana jhoana.1@mailtouiq.com 2023-05-25 07:51 98.159.224.128 Asia/Kolkata redejong haruto.jerric@fullangle.org 2023-05-25 07:51 45.132.115.59 Asia/Kolkata jamesalter3232 vwpolo@mtcxmail.com 2023-05-25 07:56 117.96.8.211 Asia/Kolkata josduuah amdkakjdiwee22@outlook.com 2023-05-25 08:01 2402:8100:2103:fd00:58fe:e7f1:467c:bb1f Asia/Kolkata dokok48068 dokok48068@cutefier.com 2023-05-25 08:02 95.142.124.19 Asia/Kolkata Ticketbookingnumber poppy4893hug@gmail.com 2023-05-25 08:15 2405:201:4034:28c2:b03d:7753:45c0:df4a Asia/Kolkata foxofyxo foxofyxo@socam.me 2023-05-25 08:18 2409:4063:4d15:4c31:2883:2c49:ccb3:275b Asia/Kolkata kemeko7372 kemeko7372@farebus.com 2023-05-25 08:22 68.235.32.237 Asia/Kolkata Janaria01 nathancurtis6763+rmmjs@outlook.com 2023-05-25 08:27 2405:204:148d:8217:e852:f610:2eaa:c54 Asia/Kolkata koyib82511 koyib82511@cutefier.com 2023-05-25 08:36 212.102.60.172 Asia/Kolkata dcr47008 dcr47008@zbock.com 2023-05-25 08:52 2401:4900:1f37:c44f:2df6:5d42:7678:570c America/Los_Angeles dfghjkwe4r4etr dfghjkwe4r4etr@outlook.com 2023-05-25 08:55 5.62.59.43 Asia/Kolkata gje02274 gje02274@omeie.com 2023-05-25 08:58 5.62.59.43 Asia/Kolkata xeyedo1952 xeyedo1952@pgobo.com 2023-05-25 09:14 2.57.168.77 Asia/Kolkata bullguard87 lexaxopolski@cashbackr.com 2023-05-25 09:14 192.155.89.144 America/Los_Angeles sdjakdj uvaismalik1999@outlook.com 2023-05-25 09:18 2402:8100:2105:bd6f:58fe:e7f1:467c:bb1f Asia/Kolkata denilson denilson.khaleil@fullangle.org 2023-05-25 09:23 2.57.168.12 Asia/Kolkata zerrick zerrick.markease@fullangle.org 2023-05-25 09:24 98.159.224.108 Asia/Kolkata jaraver36 jaraver360@duscore.com 2023-05-25 09:25 37.120.141.90 Asia/Kolkata cibebeg130 cibebeg130@introace.com 2023-05-25 09:32 45.131.195.235 Asia/Kolkata devidsergil devidsergil786@gmail.com 2023-05-25 09:33 103.174.165.97 Asia/Kolkata difere5800 difere5800@pgobo.com 2023-05-25 09:39 51.15.78.81 Asia/Kolkata sdfghj sdfghj@full-news.servehttp.com 2023-05-25 09:39 212.102.33.132 Asia/Kolkata tayofex tayofex960@dietna.com 2023-05-25 09:42 2605:6440:5007:1000::1c6 Asia/Kolkata mokeda4847 mokeda4847@fabtivia.com 2023-05-25 09:49 2605:6440:5007:1000::15ca Asia/Kolkata dolafef464 dolafef464@farebus.com 2023-05-25 09:54 162.253.68.169 Asia/Kolkata givagol701 givagol701@mevori.com 2023-05-25 09:57 2401:4900:1f3d:c265:b110:4bf7:1bfb:b1f0 Asia/Kolkata pibate7366 pibate7366@pgobo.com 2023-05-25 09:59 98.159.33.18 Asia/Kolkata Bebo befepow998@pgobo.com 2023-05-25 09:59 2401:4900:3d33:245:ce6:4fdf:6bc3:112c America/Los_Angeles QuickBooks Support bpddts@internetkeno.com 2023-05-25 10:07 2401:4900:1f38:26ac:18d8:4fcd:f9d6:4256 Asia/Kolkata kasra0121 kasra.venson@minofangle.org 2023-05-25 10:10 2401:4900:5ac8:2d9a:2075:8819:596f:c232 Asia/Kolkata xowoguzy xowoguzy@socam.me 2023-05-25 10:15 2409:4063:4d15:4c31:709d:71a5:4ac0:29d3 Asia/Kolkata davetor639 davetor639@duscore.com 2023-05-25 10:17 2409:4053:d9c:b807:293e:fd7a:b650:b6e3 Asia/Kolkata ghastly woxogon587@introace.com 2023-05-25 10:20 2401:4900:3d33:245:30f7:71fb:8c96:843c America/Los_Angeles qhd7826 qhd78262@nezid.com 2023-05-25 10:22 2401:4900:1f37:c44f:fdda:a29b:f90c:8dcf America/Los_Angeles sjdaoda ddjakdkadda@outlook.com 2023-05-25 10:23 172.98.86.176 Asia/Kolkata gunupark cifepiy799@mevori.com 2023-05-25 10:24 95.142.127.21 America/Los_Angeles froggy rayiwe6376@introace.com 2023-05-25 10:24 2401:4900:3d33:245:30f7:71fb:8c96:843c America/Los_Angeles Dumbo kaveyo4562@mevori.com 2023-05-25 10:27 165.231.33.234 America/Los_Angeles jsodjsidi joaiduuww2233@hotmail.com 2023-05-25 10:28 2401:4900:5c2f:a4a2:111b:7c53:b240:8ef5 Asia/Kolkata jameswalker54674 djnovitsky@eewmaop.com 2023-05-25 10:29 110.227.134.127 Asia/Kolkata aroger25may aroger25may@and-reviewed.servehttp.com 2023-05-25 10:31 107.181.178.75 Asia/Kolkata draron135 draron1357@bunnyboo.it 2023-05-25 10:33 94.140.8.103 Asia/Kolkata nbdbbcfxvb vovowe9060@pgobo.com 2023-05-25 10:34 143.42.114.36 America/Los_Angeles mojudufov.cisufihet mojudufov.cisufihet@rungel.net 2023-05-25 10:37 23.105.110.216 America/Los_Angeles dfghj dfghj@news-today.blogsyte.com 2023-05-25 10:40 2401:4900:1f37:c44f:85b8:26c2:e24d:2bdc Asia/Kolkata wivaje7320 wivaje7320@farebus.com 2023-05-25 10:40 2401:4900:c12:74a6:9476:8af4:bfa2:e773 Asia/Kolkata Thomaswalters thomas.65walter@gmail.com 2023-05-25 10:50 2400:adc7:14d:d200:5038:7efb:83cb:eebf Asia/Karachi Haryvey John travtaskflight@gmail.com 2023-05-25 10:53 110.235.232.134 Asia/Kolkata tinavag749 tinavag749@goflipa.com 2023-05-25 11:01 2.57.168.101 Asia/Kolkata bovahe bovahe3623@favilu.com 2023-05-25 11:04 2401:4900:1f38:26ac:dcb3:2aa8:28ae:7d99 Asia/Kolkata heyow heyow60888@favilu.com 2023-05-25 11:10 2401:4900:1f38:26ac:dcb3:2aa8:28ae:7d99 Asia/Kolkata asedrftyui asedrftyui@miami-blogs.servesarcasm.com 2023-05-25 11:11 2401:4900:1f37:c44f:9543:85fe:b704:f8e7 Asia/Kolkata yiwifar72 yiwifar723@duscore.com 2023-05-25 11:36 2a07:23c0:0:9000::34ad Asia/Kolkata mmgvofkmo vimopevos@rungel.net 2023-05-25 11:40 223.190.83.146 Asia/Kolkata riyaca xefomat360@cutefier.com 2023-05-25 11:41 103.103.59.247 Asia/Kolkata hepigah915 hepigah915@pgobo.com 2023-05-25 11:48 2607:6b80:3:1003::a862 Asia/Kolkata tytvj qapecubumo@gotgel.org 2023-05-25 11:55 223.190.83.146 America/Los_Angeles wgr4e q.bonlinee@gmail.com 2023-05-25 11:57 223.190.83.146 America/Los_Angeles kivyryqo kivyryqo@finews.biz 2023-05-25 11:58 2604:4300:c00a::39 Asia/Kolkata wsert ttu45201@zslsz.com 2023-05-25 12:01 2401:4900:1f37:c44f:5d9a:fc3c:7932:2744 America/Los_Angeles qekypa qekypa@afia.pro 2023-05-25 12:05 2a07:23c0:0:7000::1f68 Asia/Kolkata faran sona lehivanapuc@jollyfree.com 2023-05-25 12:11 223.190.83.146 Asia/Kolkata wehifay119 wehifay119@pgobo.com 2023-05-25 12:13 2.57.168.46 Asia/Kolkata faran host tevecejino@gotgel.org 2023-05-25 12:17 122.161.91.68 Asia/Kolkata Hentymeh99 kegojew999@goflipa.com 2023-05-25 12:20 68.235.38.170 Asia/Kolkata wanatve wanatverasyn.vn12.7.9@gmail.com 2023-05-25 12:36 2409:4050:2d08:9ea2:e497:3342:6143:4e23 Asia/Kolkata ulzeglvu ulzeglvu@internetkeno.com 2023-05-25 13:22 182.69.182.215 Asia/Kolkata daeaybfz daeaybfz@internetkeno.com 2023-05-25 13:27 84.239.14.148 Asia/Kolkata devid larry sjdjaieedddk442@outlook.com 2023-05-25 13:52 2401:4900:5a3f:bf69:6c0e:3337:2c05:ce07 Asia/Kolkata alexpetters3776 alexkhan3776@gmail.com 2023-05-25 14:05 223.236.213.190 Asia/Kolkata texemi3272 texemi3272@duscore.com 2023-05-25 14:31 180.151.17.101 Asia/Kolkata quickb rayinof533@cutefier.com 2023-05-25 14:33 122.161.91.68 Asia/Kolkata rainhict rainhict@fullmails.com 2023-05-25 14:49 178.238.11.131 Asia/Kolkata gumedefaje gumedefaje@jollyfree.com 2023-05-25 15:04 122.161.91.68 Asia/Kolkata mukunuri mukunuri@lyft.live 2023-05-25 15:04 2607:6b80:7:3003::141b Asia/Kolkata On 5/25/2023 at 8:21 PM, Jim M said: They are easily Google-able so you may have already been hit by a human who went through them all or a smart AI. Expand Not sure what you can add where an answer can't be found online or via AI. If I make it that esoteric, no one will be able to register 🙂 Edited May 25, 2023 by Clover13
Jim M Posted May 25, 2023 Posted May 25, 2023 On 5/25/2023 at 9:00 PM, Clover13 said: If I make it that esoteric, no one will be able to register 🙂 Expand You want it hard enough to bypass those not interested in your niche but not easy enough, someone can get it by one quick Google search 🙂 . I would say coming up with good questions/answers will be hard and it will indeed take you time to experiment to find that good blend. Clover13 1
Management Matt Posted May 25, 2023 Management Posted May 25, 2023 Spam is very frustrating, and we've been having discussions at what we can do about it. In the mean time, the best way to avoid spammers posting publicly is to set your default members group to require post approval until 2 pieces of content have been manually approved. (ACP > Members > Groups > Content tab) Whilst it means you'll need to approve the posts of new members, it will stop spammers from getting visible content. Remember to flag those accounts as spammers so it feeds back to our system. We do use various tools to determine spam, including various honey pot databases but it can take a short while to catch up with fresh waves. We want to put more focus into post-registration spam capturing in the near future. Jim M 1
Joel R Posted May 26, 2023 Posted May 26, 2023 On 5/25/2023 at 9:44 PM, Matt said: Spam is very frustrating, and we've been having discussions at what we can do about it. In the mean time, the best way to avoid spammers posting publicly is to set your default members group to require post approval until 2 pieces of content have been manually approved. (ACP > Members > Groups > Content tab) Whilst it means you'll need to approve the posts of new members, it will stop spammers from getting visible content. Remember to flag those accounts as spammers so it feeds back to our system. We do use various tools to determine spam, including various honey pot databases but it can take a short while to catch up with fresh waves. We want to put more focus into post-registration spam capturing in the near future. Expand We were hit with multiple waves of the "airline spam" for several weeks. To the point where I turned off my registrations. I do agree that moderator approval for the first few posts were one of the most effective strategies for dealing with spam. However, that's ultimately a bad experience for all new users. It essentially imposes a cost on all legitimate new users. Looking back, I should have used Word Filters to automatically mark any posts with the word airlines for moderator approval. That would have been a much more targeted method. On 5/25/2023 at 9:11 PM, Jim M said: You want it hard enough to bypass those not interested in your niche but not easy enough, someone can get it by one quick Google search 🙂 . I would say coming up with good questions/answers will be hard and it will indeed take you time to experiment to find that good blend. Expand This is the standard advice given to most community owners, but I question the assumptions behind this standard advice. The reality is that challenge questions actually need to be acceptable to all legitimate users, which means catering to a fairly low common denominator. I don't have data, but I'm almost certain that if IPS conducts an analysis of its communities, my hypothesis is that almost all communities would have simplistic and "Google-able" answers that anyone can answer with questions that are not domain-specific. You set the questions even moderately challenging to the average user, and you start to thwart legitimate registrations. My insight on challenge questions is not to make harder questions, but to make MORE questions. If a user is randomly presented with one challenge question per registration and you have 3 challenge questions, the spambot (or person who is directing the spam bot) will need - at a minimum - 3 attempts to correctly answer all challenge questions. If you have 10 challenge questions, the spambot will need at least 10 attempts to answer all challenge questions. With the randomness of challenge questions, it actually becomes exponentially harder for the spambot to capture all of the answers as you increase the number of questions.
Marc Posted May 26, 2023 Posted May 26, 2023 On 5/26/2023 at 1:08 AM, Joel R said: The reality is that challenge questions actually need to be acceptable to all legitimate users, which means catering to a fairly low common denominator. I don't have data, but I'm almost certain that if IPS conducts an analysis of its communities, my hypothesis is that almost all communities would have simplistic and "Google-able" answers that anyone can answer with questions that are not domain-specific. You set the questions even moderately challenging to the average user, and you start to thwart legitimate registrations. My insight on challenge questions is not to make harder questions, but to make MORE questions. If a user is randomly presented with one challenge question per registration and you have 3 challenge questions, the spambot (or person who is directing the spam bot) will need - at a minimum - 3 attempts to correctly answer all challenge questions. If you have 10 challenge questions, the spambot will need at least 10 attempts to answer all challenge questions. With the randomness of challenge questions, it actually becomes exponentially harder for the spambot to capture all of the answers as you increase the number of questions. Expand Fair question there. The reasoning behind this, is its simple to code a bot to read the answered question at the top of google (or indeed other search areas). So if you put something like "what is 2+2" it will actually give you the answer, rather than you needing to click through search results. With the second part on making it easy for users, I completely agree. However, that is going completely the other way of thinking. You don't have to put a hard physics question in order to avoid the answers being given simply by Google. As an example, if you ran a site fourpaws.com which is a site for dogs, you could put the question "What animal is this site about?" which Google cannot possibly guess as it doesn't know the context. "What is the number in the title of this site" is another good example. Both very simple for a user, but impossible for Google to know without being given more context. Joel R 1
Combat_Pilot_Jason Posted May 26, 2023 Posted May 26, 2023 Just a suggestion, but it might be easier for Invision to use or invest in AI to simply scan posts of new users for bullfaeces spam content and then auto-ban or suspend the account if detected. If they can use AI why can't we? For instance - the fist post of a new account is automatically held while it is scanned and if it passes it is then posted. If the post is spam it is automatically held for manual review by the forum owner who can then delete. To me this is what Captcha should be focused on not puzzles. Jason
Arthmoor Posted May 26, 2023 Posted May 26, 2023 On 5/26/2023 at 7:16 PM, Combat_Pilot_Jason said: Just a suggestion, but it might be easier for Invision to use or invest in AI to simply scan posts of new users for bullfaeces spam content and then auto-ban or suspend the account if detected. If they can use AI why can't we? Expand No need for AI, they just need to incorporate support for Akismet. That's already wildly effective even for first time posts. It's why I keep pushing on this every time the subject of what to do comes up. G17 Media 1
Recommended Posts