|
Jeff
Owner
Oct 31, 2013, 11:44 AM
Post #1 of 6
(7506 views)
Shortcut
|
New site owner here (read details here: http://www.rockclimbing.com/...post=2637990#2637990) Spam sucks. I want to implement some better anti-spam measures into the software. I know it's somewhat whack-a-mole, but I'm also sure we can make this site harder to spam than it is now. However, my wife and I have zero experience designing anti-spam features, so before I go read up on it, any suggestions?? This feels like a problem that's been tackled before, so if you know of things that have been successful in other forums let me know.
(This post was edited by Jeff on Oct 31, 2013, 11:56 AM)
|
|
|
|
|
iknowfear
Nov 2, 2013, 3:13 PM
Post #2 of 6
(7454 views)
Shortcut
Registered: Sep 8, 2004
Posts: 670
|
Hi Jeff, first of all, welcome to our new overlords and all the best! Non software fixes: find some mods in non US timezones: euros and asians/australians, to fight spam manually during sleepytime in the states. Software fixes: - Posting limit for new users of 2 posts a day until cleared (see below) - New posts by new users need to be screened by level 2 mods (this could be anyone with over 800 or whatever number[ posts). - No hyperlinks in posts before clearance. Cheers & all the best iknowfear
(This post was edited by iknowfear on Nov 2, 2013, 3:14 PM)
|
|
|
|
|
JimC
Nov 4, 2013, 4:58 PM
Post #3 of 6
(7418 views)
Shortcut
Registered: Aug 16, 2013
Posts: 4
|
Unfortunately. this is a really hard one. Here are the "best" methods around these days: - Hidden captcha field honeypots or negative-captcha. Only bots who scrape the HTML see these fields, and ether OCR or use a human farm to fill them. Anyone submitting with this field filled is a bot. See here for some explination and implimentation ideas: https://github.com/subwindow/negative-captcha - Domain specific captcha. Have sets of rock climbing specific questions/answers to vet accounts. People who rock climb should know the answers, or be able to find them quickly via google. Bots are lost and human farms are much less reliable. The down here is alienating new climbers or people who are not native English speakers who many not know the answer or be able to find it easily. - Manual admin verification/approval for every new account. It's not automated, but it will stop most spam right at the gate.
(This post was edited by JimC on Nov 4, 2013, 5:02 PM)
|
|
|
|
|
Jeff
Owner
Dec 13, 2013, 9:44 AM
Post #4 of 6
(7310 views)
Shortcut
|
Jim--that is super useful. Negative captcha is brilliant, never would have thought of that. Right now we have no dev/staging server, so we went with manually validating new users as a band-aid, non-scalable solution, but once we get the servers setup a bit better I'll be exploring the possibilities more here.
|
|
|
|
|
rrrADAM
Jun 1, 2015, 5:48 PM
Post #5 of 6
(5812 views)
Shortcut
Registered: Dec 19, 1999
Posts: 17553
|
We had issues with this back in the day... My suggestions: "Tar-pit", limiting users 2 say, 1 post every 2 minutes. Or, if you can code, if a user copies and pastes the same data into the title and/or body of a thread or even a PM, over a certain period of time (good indicator of SPAM), that user's ability to "submit" should be temp-locked until validated not SPAM. This would very quickly stop someone from flooding threads and/or PMs with SPAM automatically.
|
|
|
|
|
rrrADAM
Jun 1, 2015, 5:52 PM
Post #6 of 6
(5811 views)
Shortcut
Registered: Dec 19, 1999
Posts: 17553
|
Oh, and limit usernames to only one email addy... Often SPAMMERS set up multiple usernames, but with only one email addy.
|
|
|
|
|
|