Arthmoor

I'm assuming that since bbpress is a Wordpress product that it's protected by Akismet. IPS doesn't have this ability, but it's something I've suggested they implement.

Man, that's a pretty buried option if you ask me. It should be something more prominent, but I'm not a UI designer so I don't know what would be.

It would also be very helpful if the notification was made outside of the ACP, on the site front page as a notification on the world icon. I don't particularly want the notifications via email.

Ok, part of the problem is that there doesn't appear to be an actual link to bring you to this menu.

Second thing is those options are showing as enabled, with no way to toggle it.

Third, despite them showing as enabled, we've had requests that were filed that never triggered one.

So it looks like there maybe some sort of bug here.

Unless I'm missing it, there doesn't seem to be an option of any sort anywhere to have PII requests generate a notification to either the admins or the moderation staff.

At the very least there should be a way to set it so that something shows up on the notifications icon on the main page. Probably optionally email someone as well, though I'd personally leave that one off.

Thank you.

Hi,

Now that there is an official method for deleting user accounts, I'd like to know how to go about canceling the license for this.

4 hours ago, Combat_Pilot_Jason said:

Just a suggestion, but it might be easier for Invision to use or invest in AI to simply scan posts of new users for bullfaeces spam content and then auto-ban or suspend the account if detected. If they can use AI why can't we? 

No need for AI, they just need to incorporate support for Akismet. That's already wildly effective even for first time posts. It's why I keep pushing on this every time the subject of what to do comes up.

16 hours ago, Marc Stridgen said:

Of course feel free to post that up as a suggestion in our feedback area, as mentioned

I did, back in January, but there's been no indication of any interest from IPS at all.

My basic point is that Akismet would never have allowed those airline spammers everyone is getting hit by to post anything, even right out of the gate on a fresh account. The current system in IPS appears to be almost entirely defensive/reactive in nature and has proven wholly ineffective at handling the problem.

Even when setting up hCaptcha at "difficult" level, the problem remains. The only other advice I've seen you guys or anyone else give is to pay $20 for the CleanTalk app. While I'm sure that's an effective solution, it's one that raises the expense of running the package as a whole and not all of us want to do that.

If there's something more you guy have to suggest on the subject, I'm sure we'd all appreciate knowing.

I've been using Akismet for years on non-standard packages it wasn't even meant to be used on, and it's proven solid and reliable. Spammers have yet to succeed in bypassing it for posting, and only occasionally get past it for initial account registration.

11 hours ago, Marc Stridgen said:

The reality is, in order to prevet spam, they need to first of all be known to be spam.

This is where the Akismet proposal I suggested comes into play. The spammers will indeed be known because the system will have detected already. They don't rely on waiting for assaulted forum admins to mass report things. Their algorithm is good enough to detect it on the first encounter in nearly all cases and then everyone using the same system benefits from that.

It's a long standing issue with IPS and their "anti-spam" that doesn't actually prevent spam. Even with hCaptcha.

It would be better to press them on enacting my suggestion from January when I got hit by the same spammers:

The other often mentioned "solution" is to spend an additional $20 to install ClearTalk, but IMO one should not require additional paid apps to run an already expensive package.

Get IPS to implement this:

Akismet is extremely effective and costs nothing to use. It would be a win-win for IPS and everyone who uses it.

I did, hence why I linked it here. Maybe more interest in the suggestion will help nudge it along. Besides, I think I made it pretty clear what I was linking when I said "get IPS to implement this".

Better yet - get IPS to implement this:

There should be no good reason to have to spend additional money at the price the IPS package sells for. Especially when a solid working anti-spam system exists that's easily implemented into the package.

Well it's been 2 weeks now and your system wants me to mark a solution - but that hasn't happened.

These entries persist in the notification on the support page claiming that they're still repeating and showing up in the logs. I know it supposedly isn't indicating a problem but I'd like to see them gone and there's apparently no means to fix it on my end of things.

Recently as part of the ongoing spam problem we've been having, I had the site do a forced password reset on member accounts older than 6 months. That worked fine and they got the message, but it was a rather generic message that most people would probably mistake for spam (and indeed some mail servers treated it as such).

It would be nice if instead of whatever generic message is buried in the system, we could optionally choose to write a custom one of our own for each event. I would have liked to explain the reasoning behind why the site was suddenly asking so many people to change passwords out of the blue. Yes, posting something on the forum itself is well and good but having that information in the email itself would have gone a long way to easing minds and soothing the wrath of various anti-spam systems out there.

Patterns of registration like that don't generally span large numbers of locations. They tend to have IP addresses associated with registration from the same part of the world.

Plus there's numerous discussions on numerous sites about this same IP conducting a widespread campaign using compromised old user accounts. This isn't just about IPB, and it doesn't do anyone any good to try and dismiss the obvious out of hand.

5 hours ago, RocketFoot said:

I'm getting hammered by new registrations that post 50 or more posts in seconds after they register!  It's all airline related air fare posts.  I've flagged over 8 pages of new members so far!  I changed my challenge questions to something a little harder and it slowed them down.

I was getting these for the entire period just before Christmas and right after New Years. They eventually gave up and haven't been back.

These new crypto spammers rose up in their place right after the 4.7.6 update to IPS. Which seems to be when the word filtering just stopped working because adding their keywords to it has done nothing for my own site. They kept getting through without even being slowed down.

In the course of digging around, the IP 109.107.166.230 came up. Which led to needing to block the network range 109.107.166.0/24. Mark's suggestion of 109.107.160.0/19 is probably better though. I've got it blocked off in IPTables now so we'll see.

Unfortunately it appears as though the compromised accounts came from some sort of data breach somewhere because every single one of them that's been spamming has been in the last 2 days using accounts that are all over 6 months old and had no activity on them.

I'd also just like to point out that in the official support section I got nothing but BS responses about spam defense, word filters, and group promotions. This one thread here has had a lot more useful information than I've gotten from the devs in 2 weeks time. Which is sad, because none of us are paying for the package to end up being each other's tech support.

So are you saying that the post filtering is relying on client side javascript rather than being processed server side?

If so then I'd have to agree with a number of posters in the other topic you guys suggested that the feature is basically useless bloat and ought to be removed to make room for something that actually works.

But we haven't established how they're able to bypass the filters. Where did this ever get mentioned? Seems to me if "X" is blocked, it should be blocked. Not ignored and allowed anyway for a select set of random individuals when moderator and admin testing claims the posts would have been blocked.

So you're now seriously suggesting that we implement measures that are only going to piss of legit members?

7 hours ago, Marc Stridgen said:

Please see the following, which I believe may be what you are facing here.

https://invisioncommunity.com/news/invision-community/new-feature-a-friendly-reminder-before-posting-r1249/?tab=comments#comment-228962

Its not really meant to stop bots, but to encourage better posting

Yes, I am aware of what it's intended for. The problem is that you've got no actual spam filtering at all so this is what we're left to attempt in desperation to keep them from posting this crap. They're doing it anyway now, so even filtering has become useless.

I've given you examples of what we're facing. So has the other person responding here. Neither of us are getting adequate responses for the kind of money this package costs. You've suggested no actual solutions to the problem. Flagging the users is worthless. Especially if they're from sleeper accounts who registered quietly months and months ago with your "spam defense" doing nothing about it. At this stage of things even setting the site to require admin approval for all registrations won't do any good and will only piss people off who are legitimately wanting to join.

What's even worse is that there's a dirt simple solution to this that should take a team of professionals such as yourselves about a week to implement properly, but the impression I'm getting is that you've never even heard of it despite it being ubiquitous in the Wordpress community.

Yes, I get it, it's not meant to stop bots. What is? Does IPB literally do nothing at all about that?

Oh, and by the way, I'm going to remove the spam now since leaving it up for you guys to look at clearly hasn't done anything useful other than annoy our users and moderators both.

Here's 2 more of them:

https://www.afkmods.com/index.php?/topic/8843-permission-to-post-to-afktracker/&do=findComment&comment=187357
https://www.afkmods.com/index.php?/topic/6030-permissions/&do=findComment&comment=187356

2 hours ago, Jim M said:

Unfortunately, this isn't something which we can reproduce based on any of the text here.  Additionally, the example we were looking into here has been removed. Please provide us with a URL and please leave that in place till we are through with our support here.

Alright, I'll leave the next one up that comes along. After you told me the contents aren't being checked I removed it.

Glad to see I'm not the only one seeing this problem now though. Hopefully we can figure this out.

So here's an example of one of the spam posts. They've been identical up to this point. Word filtering isn't stopping them at all.