If you spend much time here you’ll know that for the last few years we (like most forums) are fighting an ongoing battle with spammers. We are banning hundreds a month and they still keep coming.
We have tried several measures with limited success – no-follow for all links, no-follow for signature links, signatures not visible to guests, a 90 day stand-down period before allowing signatures – but nothing seems to really be making a dent.
So last month at SP HQ we tabled a few new ideas and I’d like to get your feedback on them. I have to warn you, some of them are pretty radical. I also have to make it clear that we have not decided to implement any of these ideas at this stage, they have just been tabled for feedback.
How bad do you think this issue is? Which of the following does it warrant?
No signatures at all in problem areas (like the SEO forum)
No company or product names in usernames
Block open proxy registrants
A karma points system (ie you need a certain number before posting in problem areas)
A blanket ban of all IP addresses from problem areas (like India)
The first option is logical. The second will cause issues, cause how will you tell? What would you do with older members with violating names? Karma may increase more fluff posts in forums, esp if you continue not counting posts in General Chat.
On another forum I frequent, we have class C IP address blocks put into place for some extremely problematic foreign IPs (so long as there weren’t any legitimate active users in that IP range)
I don’t like the karma idea solely because new users who might have legitimate questions wouldn’t be able to ask them initially.
I have dynamic IP, so no, a blanket ban of all IP addresses from problem areas it’s not fair or practical, unless you really want to close down the doors to some potentially valid future and present users.
No signatures at all doesn’t seem to stop them from using fake sigs.
No company or product names in usernames should be enforced, regardless.
Ultimately, I guess a programming effort to generate some filters for content in the posts would be the answer.
You know, like ****
Or, one other rule: anything resembling a URL in posts should be verified, and, if it falls in a certain range of IP addresses, like India IP ranges, those URLs should be **** first If it’s a valid url, then a moderator could un-**** it, upon request It would be less work than deleting spam.
A blacklist of some sort: IPs, URLs, ISPs, would be beneficial also, but also used as a helper for the filtering ****-system, to raise the first warning flag. The spammer can post all he likes, but its efforts are put down by the presence of the **** instead of its valuable links, that’s all I’m saying. A big turn off for a spammer, right? Content handling, rather than user handling, that’s where the problem resides. So, focus on content filters.
I think a class C block wouldn’t be a bad idea if you can isolate it to specific problem areas which have high amounts of illegitimate traffic.
However, it’d be nice to add an exception to that, since I’m sure there are some valid users in India. What might be a good idea would be to do a blanket ban on -registrations- coming from problem areas, but have some kind of exception request where they’re registration has to be approved. Then you could look and see if there are any more accounts for that IP. If so, deny the registration.
However, the perk of this would be that you can still let seemingly legitimate people through. Also, if someone legitimate travels to a problem area and gets on Sitepoint, they aren’t blocked.
This blacklist could be contributed from around many forums, not just SPF, a collective response from their part to spam. Maybe even Google will sign up to this
Spam keywords, spam blacklist, spam tactics databases. All these just wait for a classification. Let’s make their strength be their weakness: the speed with which they spread around the web be their doom. One legitimate report from a forum, like SPF, will make it impossible for the spammer to even try in other places over the web.
You know, like bank reports for bad credit. You get your name in there, it’s pretty hard getting it out, and all the banks can see that.
From what I gather there used to be a reputation system but it was flawed so you could make yourself get enormous amounts of reputation (basically cheating), which is why it was ultimately disabled.
I like the idea of class C registration banning (proposed in post #6), and also like open proxy registration banning.
I honestly don’t think you can fix a broken model, hence the reason I don’t really participate here any more - since this fora operates mostly as a QnA by users, the threaded approach is flawed. Only surfacing the cream approach seems to work (ala StackExchange model). I hope you do manage to find a solution, but I think it would have been done by now…
Forums are designed to facilitate discussions. While StackExchange sites are great for some things, it’s difficult to have a linear discussion on a topic with the way posts are voted upon and move up and down the list.
We just basically have a running list of IPs that have generated spammers, and when/if they start to accumulate without having any legitimate users in the block, the block gets banned from allowing new registrations.
Most of the banned blocks originate from from India, Pakistan, and Russia.
I also seem to recall that the IP ban is only in place for new registrations, and not existing users who want to make posts, but I’m not 100% sure on that since I gave up my admin rights some time ago.
Another little trick I recently started using on personal forum was to automatically ban ....*@gmail.com addresses. I haven’t seen any legitimate users actually use more than one or two periods in a gmail address.
[edit]: spamBuster is also used for moderating and flagging spam, so that might be something to look into.
Bingo! It seems to me that this could be one of the most effective solutions. I suspect that any custom and unique filtering or validation should prove more useful than generic bans and so forth.
http://www.stopforumspam.com/ might be worth looking at, if you haven’t already. Very handy to check new users against to see if they’ve been reported as being bad by other forums.
I’ve had forum owners who are friends tell me that they had a lot of issues regarding false positives with that service. For the record, though, I have no first hand experience with it.
Spammers and spam are annoying, but spam blockers which interfere with a legitimate user’s experience is arguably more annoying.
Can I ask, are these spammers human or robots? I’d imagine they’re human if your previous less drastic efforts have failed?
Do we know why spammers are posting spam to the sitepoint forums? Is it for SEO reasons, blatant advertisement, etc. What’s their motivation in other words?
Obviously, you want to make sitepoint as unattractive to spammers as you can, without effecting legitimate users, new or old.
see, i don’t think actual spam has ever been a problem – it gets noticed immediately, reported, deleted, and the perp is permabanned
while i believe real spam will always be with us, i’m confident we will continue to deal with is as effectively as we have been doing for years, with a team of responsive moderators around the various time zones
it’s the fluff and signature issues that, as far as i can tell from your post, represent the more troublesome area
i have a suggestion that might sound like it’s coming from left field but i’d like you to give it some thought
you know how we have “no sig for 90 days” right now? change it to “no sig until vouched for”
who would do the vouching – all staff from mentors up
there are lots of new members who not only make positive contributions, but also identify themselves clearly, and these are the people we want
those who want to hide behind anonymity, and/or who can never do more than post mindless, over-generalized pap, should never get a signature
Not a fan of the blanket IP ban, as another mentioned it’s just not fair. I am in agreement of product names in usernames, though I do think those with already existing usernames like such shouldn’t have to change. They have an identity on this forum and would probably like to keep it, lampcms comes to mind :P.
How bad do you think this issue is? Which of the following does it warrant?
No signatures at all in problem areas (like the SEO forum)
No company or product names in usernames
Block open proxy registrants
A karma points system (ie you need a certain number before posting in problem areas)
A blanket ban of all IP addresses from problem areas (like India)
Why would you remove signatures at all? I know as a webmaster I like to help other people out, and use my signature, as a way for other people to get to know me, or find more information about me, or how to contact me,.
Personally, I believe that signatures should be allowed everywhere - and that users need to be a member of 30 days or longer, or need their signature approved by staff - so that it yields out those trying to spam Sitepoint for backlinks or anything of that nature.
Do we know why spammers are posting spam to the sitepoint forums? Is it for SEO reasons, blatant advertisement, etc. What’s their motivation in other words?
Obviously, you want to make sitepoint as unattractive to spammers as you can, without effecting legitimate users, new or old.
I believe its quite obvious why spammers are posting spam on Sitepoint forums - just like its the same as any other webmaster forum on the web - they want links, and they’ll do it at any costs, they do not care about spam - but the motivation behind stopping them would be to remove their link, and stop the user for having a signature.
If it’s a valid url, then a moderator could un-**** it, upon request 