Spam fighting
186
vote
I'm planning whack-a-mole with a spammer, who only seems to be attaching comments to this post of Jani's: http://extra.wikitravel.org/blog/jani/cambodia_chronicles_index_and_lame...
Any thoughts on a more general solution to prevent blog comment spam?
Jonboy
Bookmark/Search this post with:
By Jonboy on 2007-04-18 03:04
admin
Some solutions
There a (as usual) some drupal modules that might help... but I'd rather not resort to forcing people to register just to comment.
We also have the option of user and IP bans if we want to go that way.
Hopefully we'll soon have more of a community here to spread the work around, wiki-like.
Admin maj
admin
User IP
It looks like it's 189.178.2.97... I can ban him if it gets too bad (actually, I think you can too... try http://extra.wikitravel.org/admin/user/rules/add) maybe we should add a complaints forum for discussing this type of issue?
admin
Duh-- moderation!
I just realized the simplest way to deal with this is to turn on moderation for anonymous comments. That's probably the easiest and least intrusive way to deal, at least until we have some other community policies and tools in place.
Let me know if this sounds like a good idea.
admin
Moderation
OK, I've plunged ahead and made comments by anonymous users moderated. Janitors can ok posts at http://extra.wikitravel.org/admin/content/comment
Jonboy
Cool.
This sounds like the right solution. We'll just have to remember to check the queue from time to time.
Jonboy
admin
We're getting popular...
As proof of our increasing site profile, we just got hit with our first spam-bot tonight. I've deleted all the offending comments and am in the process of testing a anit-spam suite on the dev site. I hope to roll it out tomorrow if all goes well.
All janitors are invited to visit http://extra.wikitravel.org/admin/content/comment/list/approval to approve comments in the queue. Feel free to contact me regarding janitorial status if you're interested.
Jonboy
Queue
Did the spambot just end up in the queue? I haven't seen anything in there in a while.
Jonboy
Jonboy
Forums, too.
Can we prevent anonymice from creating new topics, or kick them to a queue, or prevent them from doing any outside links? I'm trying to monitor this site using its RSS feed, and it's pretty much all spam. (Though when I get to the site, most of the stuff has been deleted.)
Jonboy
admin
Anonymous forum posts
I keep going back and forth on this issue: on one hand the spam is annoying (though it hasn't been unmanageable so far) but we're also linking directly to forum posting from Wikitravel pages and we don't yet have single sign-on. I feel like it's unwelcoming for new/potential users to get an 'access denied' page on their first visit.
Ideally, we'd have enough of a community to flag spam quickly plus some sort of blacklist / anti-spam filters or, at least, an approval queue like the one for comments. I'm still working on that angle on the dev site and will try to roll something out next week when I have a scheduled upgrade.
Now if the general consensus is that forum posts should be restricted to registered users, it's super easy to do. Just say the word...
admin
Captcha?
And how do folks feel about Captchas? Maybe only for anonymous users?
jani
Anon only
...sounds like a pretty good compromise. And you could ask users to fill out a Captcha once only when they register.
admin
Plan
OK, So I've rushed ahead and rolled out Captcha for comments by anonymous users and tightened the existing spam filter (it unpublishes posts with more than n links or n repeated links, etc). I've also restricted creating new forum posts to registered users, but I'd like this to only be temporary.
Next week I'll roll out moderation and captcha for forums and we play with different levels of restrictiveness to see if we can cut the spam down without being too unfriendly...
Jonboy
1) A number of anonymous
1) A number of anonymous forum posts are still showing up the RSS feed (but have usually been cleaned up by the time I get here).
2) Can we throw unverified registered users in the moderation queue? I'm thinking of our good friend qwrqwerwe here.
admin
RSS
I'll take a look at the module for rss feeds and see if I can filter out the unapproved posts. The spam filters seem to be catching close to 00% of the unwanted stuff, I'm not sure why you're still seeing some.
I'm trying to patrol new user registration to block user-spam. I'm waiting for a new feature on the capcha module that will also help block this.
[ETA] I see the problem -- I fixed the normal recent changes but not the rss feed to hide spam. I'll roll out a fix tomorrow and you should see all the junk disappear... Thanks
jani
Any progress?
This is getting out of control, I just nuked a good 20 posts by qweqwerwe...
admin
Err
All those posts you're seeing are being caught by the spam filter -- they only appear to janitors/admins. Feel free to ignore the spam / moderation list if it bugs you (I can make you a normal user if you don't want to even see them).
Otherwise, if you have any suggestions, short of not allowing anonymous posts, let me know.
admin
RSS
See also my comment below about the two different RSS feeds.
Thanks
admin
Compromise
OK, anonymous users can no longer create new forums, they can only comment on existing ones. I'm also going to look for a better captcha solution, since the one we have doesn't seem to be slowing these guys down enough...
thanks
Jonboy
qwrqwerwe
As a janitor, I don't see a way to ban qwrqwerwe. Would this help?
admin
not a real user...
It's not a real user, he's just putting "qwfrqwerwe" in the anonymous user name field (that's why it shows up as "unverified" in some places). I've been banning the IP as it shows up, but it's never the same twice...
I'll be rolling out a new, tougher, captcha module this afternoon... let's see if that helps.
Thanks,
Sapphire
I spammed Extra
I spammed Extra and my post which was not published because the filters successfully identified my intentions. I was also told my IP was blocked from editting or posting any new content, however, I'm not sure that's true because I then logged in as myself and posted a fake blog, which should not have happened unless my IP was unblocked. I did send Maj and email requesting my IP be unblocked about one - two minutes earlier, however, she'd really have to be on top of my request to have unblocked me in under three minutes.. Anyhow, my concern/question is: Is the site hypocritical?
admin
RSS feed - on second thought
So, there are two 'recent changes' -- /recent_changes and /tracker. Both have rss feeds. Recent changes is more of a log of everything happening on the site, with diffs, history, etc. The tracker is more of a 'what's new / updated'
So, if you're interested in seeing new, approved/non-spam stories, use the http://extra.wikitravel.org/tracker/feed feed. If you want a more unedited, system log, use the recent_changes/feed.
Now that I realize that there are two different needs and two different tools I can document it and provide some more helpful links / ui.
Lemme know if this isn't clear....
Sapphire
What happened to...?
What happened to my ability to approve and deny blogs? I still see the option to patrol comments, but the "content" option has disappeared. There haven't been any posts by non-janitors so I don't need to patrol blogs, but I'm curious about what's going on.
admin
moderation gone ... captach working
I've turned off moderation because a)the module was throwing a ton of errors and b)captcha seems to be working for filtering out spam posts.
Did you see something you wanted to deny? I'm still testing this stuff, but there seemed to be a demand for something new/better so I rolled it out...
thanks
Sapphire
No,
I was just curious. I'm not sure if I'd missed an update about moderation.
admin
12 hours: zero spam posts
Well, that seems to have worked...
Post new comment