Page Index Toggle Pages: 1
Topic Tools
Hot Topic (More than 10 Replies) Let's Talk Spammers (Read 1,646 times)
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,562
Location: Los Angeles

YaBB 2.4
Re: Let's Talk Spammers
Reply #10 - Mar 13th, 2014 at 12:58am
Post Tools
Agreed, and I can't believe I haven't mentioned the following yet:

With applause still going to ggn for his anti-spam CAPTCHA hack, and to Derek Barnstorm for authoring it as a mod, it seems that the SliderCaptcha Mod xonder authored achieves the same results without having to use an actual CAPTCHA modification.

If so, that would be so great! Cool

  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
Dandello
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Online



Posts: 2,174
Location: Earth

YaBB 2.6.0
Re: Let's Talk Spammers
Reply #9 - Mar 13th, 2014 at 12:51am
Post Tools
Basically, anything that requires them to take time to solve throws their process off - Putting the registration agreement on a different page, adding extra non-used characters to a captcha, asking questions that can't be looked up on Google, extra mandatory fields to be filled in, requiring mousemoves, requiring critical thinking on an input, blocking registration input that's inhumanly fast - all these will block nearly all spambots and most hubots - they don't have time to figure it out or they'll keep bashing their little programmed heads against the wall because they can't figure it out.
  

If you only have one solution to a problem you're not trying hard enough!
Back to top
WWW  
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,562
Location: Los Angeles

YaBB 2.4
Re: Let's Talk Spammers
Reply #8 - Mar 13th, 2014 at 12:06am
Post Tools
I agree with Ron about how easy it is to decipher CAPTCHA. That on its own simply won't work these days. However, the CAPTCHA I use is an original of what Dandello uses, except that hers is far better because it was updated as a mod by Derek Barnstorm.

I didn't mention this is my most recent posts because I've mentioned it far too many times already, which of course means that Jon is well aware of it. My bad.

Also well aware of it are those admin who have actually implemented it in their respective forums. But speaking for myself, in a little over 3 years of using this incredibly effective YaBB anti-spam option, not a single spam-bot has been able to automate a single registration, nor has a single post been made by spam-bot automation.
Spam-bot automation has been stopped cold! Smiley

Edited:
FWIW, our forum's error log will often break 12,000 entries a day. In the last hour, for instance, it's already broken 500 ... again!
« Last Edit: Mar 13th, 2014 at 12:14am by Bill Myers »  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
RonS2
Senior Member
Beta Testers
****
Offline



Posts: 516

YaBB 2.5.2
Re: Let's Talk Spammers
Reply #7 - Mar 12th, 2014 at 10:00pm
Post Tools
FWIW, my forum has a high google standing. I'm always in the top three. My Error Log breaks 2000 entries a day.

For a long time I did not use CAPTCHA, I hate having to type in stupid characters and expect others do too. One of my admin thought I was nuts, so to make him happy I it set to 3 characters (YaBB won't let me do just 1 otherwise I would have). After reading Jon's post I turned it back off.

OCR is very good today and if evil-doers can decode 3 characters they can decode 44 characters.

Thanks to D, I only allow upper and lower case letters and my board is unusual in the fact that I require each member use their real name for the UserID and screen name. Her simple "mod" catches about 25%.

I do use Honeypot, Spam Fruits and Anti-Spam Question. Spam Fruits catches about 70% and Questions catches about 5%. I don't remember the last time Honey or CAPTCHA caught one.

I get anywhere from 2 to 10 real new members each day (1000 new members in the last 9 months) and I can not remember when I had to reject an obvious bad guy. In the last 5 years that I've been running the forum not one single spam message on my board. But then I don't allow guest posting and never will. 

So Jon, yeah, I have to agree with all your comments.

I applaud the all people that has made YaBB what it is today.
Thanks to all of you for all your good work.
  
Back to top
 
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,562
Location: Los Angeles

YaBB 2.4
Re: Let's Talk Spammers
Reply #6 - Mar 12th, 2014 at 8:02pm
Post Tools
JonB wrote on Mar 12th, 2014 at 6:38pm:
yfa

Seriously? Cheesy

Jon, that's the thing. However you've configured this forum still allows for the automated posting from spam-bots because of their sophisticated methods that continue to fool, and defeat even the most intelligent of administrators.

The silliest, and most obvious thing about our chats regarding an effective way to stop spam-bot automation cold is that you haven't even given it a try in this forum to know what some of us admin already know. Spam-bot postings have been stopped cold in our forums.

As for Dandello's good point about forums that get hit hard with spam-bots, the YaBB forum I've operated since 2002 continues to be heavily hit. But that's of little concern to me because of how well YaBB is able to stop spam-bot automation cold.

So again, until you actually give it a try here in this forum, how credible can you really be about this issue? Please think about it. How can an admin like me keep spam-bots out of a YaBB forum when you aren't able to do the same? That makes no sense. After all, you are far more intelligent than I am about this stuff.

Lastly, and I say this in good humor with the hope that you'll appreciate the point I'm making about your ability to stop spam-bot automation here in this forum (because you do have that ability), I will quote an otherwise very wise man.

"I find your lack of faith disturbing."


By the way, I have been testing the beta version as an ordinary user. I just haven't found any problems at that level. Smiley

As for this distraction regarding the ability to defeat spam-bot automation, please don't sweat it. You've made your choice not to use YaBB's effective, and proven anti-spam measures. That will simply mean this forum will continue to see spam-bot posts even as other YaBB forums have happily made them obsolete.

But at least spam posts are usually swatted away in a relatively speedy fashion, and that is what counts in the end.

« Last Edit: Mar 12th, 2014 at 8:04pm by Bill Myers »  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 3,785
Location: Land of the Blazing Sun!

YaBB 2.6.0
Re: Let's Talk Spammers
Reply #5 - Mar 12th, 2014 at 6:38pm
Post Tools
Bill

Let me know when you think a BOT has posted here, and what forensics you used to determine it was a bot, and not a human spammer. There's a reason bots don't post, at least here.

If a bot can post, I will have all the evidence I need to develop a counter-measure right in the access log.  And, Bill, YOU will have the satisfaction of actually being right.

I guess I could suggest you actually help us (rather than distracting us)  by doing that 'Beta testing as an ordinary user' you volunteered for.

Wink

« Last Edit: Mar 13th, 2014 at 1:09pm by JonB »  

I find your lack of faith disturbing.
Back to top
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 3,785
Location: Land of the Blazing Sun!

YaBB 2.6.0
Re: Let's Talk Spammers
Reply #4 - Mar 12th, 2014 at 6:29pm
Post Tools
Bill,

I stand by my statements, as they apply to this forum, configured as it presently is.

Let me know when you have some actual evidence I am wrong (and I could be). I'll be happy to investigate.

Thanks
Smiley
  

I find your lack of faith disturbing.
Back to top
IP Logged
 
Dandello
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Online



Posts: 2,174
Location: Earth

YaBB 2.6.0
Re: Let's Talk Spammers
Reply #3 - Mar 12th, 2014 at 6:00pm
Post Tools
Ah, but Bill - you forget that my forums don't have high search engine ratings that would make my forums a target. (My WP blog, however, is always getting spammed - but since all comments are moderated nobody sees them.)
  

If you only have one solution to a problem you're not trying hard enough!
Back to top
WWW  
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,562
Location: Los Angeles

YaBB 2.4
Re: Let's Talk Spammers
Reply #2 - Mar 12th, 2014 at 5:06pm
Post Tools
JonB wrote on Mar 12th, 2014 at 2:30pm:
I even sometimes hear that a spam-bot posted something (virtually impossible, BTW)

I still find it surprising that you believe this, especially with all that you know about computers, and YaBB in particular.

Quote:

Sensibly, discussions about this become moot when it's a fact that YaBB admin are indeed able to keep spam-bots from posting in their respective forums even while this forum continues to allow it.

The key to stopping spam-bot automation cold is using YaBB's anti-spam measures. A good example of this is what Dandello has done in her test bed forum. Even with guest posting enabled, spam-bot automation is blocked.

  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
Elrick.
YaBB Moderators
Beta Testers
***
Offline



Posts: 161
Location: Edge of the Abyss

YaBB 2.6.0
Re: Let's Talk Spammers
Reply #1 - Mar 12th, 2014 at 3:07pm
Post Tools
Quote:
OTAY?  Let's give a big hand to YaBB and its developers, this is basically a stock install.





I have noticed a substantial reduction in the daily rate of ‘New’ registrations.
You’ve been tweaking things? Cool

~*~

  

~ Elrick ~
There is no direct experience of reality without interpretation; and all interpretation is corrupted by the cultural and personal prejudices or prejudgments of the interpreter.
Back to top
 
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 3,785
Location: Land of the Blazing Sun!

YaBB 2.6.0
Let's Talk Spammers
Mar 12th, 2014 at 2:30pm
Post Tools
From time to time, comments are made here about Spam-bots, and spammers defacing the site, how Spam Fruits & Anti-spam Question defeat robo-registrations, etc. I even sometimes hear that a spam-bot posted something (virtually impossible, BTW)

I can tell you the story is quite different than you may believe. The reason I say that is I have access to the facts, and the commentators are relying on idle speculation.  The 'YaBB Next/3.0' that is installed here has most of its built-in defenses turned on and tweaked pretty well. There is no Honeypot, Spam Fruits or Anti-Spam Question installed.

Yesterday, i had to field a question about removing spammers from registration logs.  So, I did some looking on a server of mine to recall how it all fits together.

Last night, I looked at one of my own YaBB Sites (basically hidden) with closed registration. It is in a default configuration, and has the honeypot installed.  We don't use a CAPTCHA (too many squinty-eyed real people), but we do use Admin approval. Even where there is no external linking it still gets hundreds of visits a day. And enough of them get through to the registration process where they wind up awaiting approval, probably about 2-3 a day.

Then I looked on YaBBforum.com.  This is a well indexed site on Search Engines, so the forkers know we are here.

Some Stats:

The Error Log here is set for 8192 max entries. It takes less than two days to get to that point.

In that time frame EXACTLY NINE made it to the Registration Log.  At least three were genuine registrations.

I would say that is pretty freakin' effective  Smiley

  • Error Log Summary
    New Members
    Registration Log


I edited the IP's of real or potentially real members

OTAY?  Let's give a big hand to YaBB and its developers, this is basically a stock install.

Cool
« Last Edit: Mar 12th, 2014 at 3:11pm by JonB »  

next_is_ok_too.png (Attachment deleted)
this_weeks_yabbforum.png (Attachment deleted)
yabbforum_reg_log.png (Attachment deleted)

I find your lack of faith disturbing.
Back to top
IP Logged
 
Page Index Toggle Pages: 1
Topic Tools
Bookmarks: del.icio.us Digg Facebook Google Google+ Linked in reddit StumbleUpon Twitter Yahoo
 
  « Board Index ‹ Board  ^Top