Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Community > Feedback > Captcha to post a new thread?

Captcha to post a new thread?
Thread Tools
Simon
Posting Junkie
Join Date: Nov 2000
Location: in front of my Mac
Status: Offline
Reply With Quote
Jul 10, 2009, 05:46 AM
 
So I just reported 'how to get DVDs onto your iPod' thread no. 327,974.

That got me wondering. I'm assuming a lot of this board spam is automatized. How about requiring a captcha when somebody wants to post a new thread?
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Jul 10, 2009, 11:09 AM
 
Most captchas are not really bot safe.

Image recognition and human solver farms have made it an ineffective measure.

-t
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Jul 10, 2009, 02:52 PM
 
Yeah, captchas are just yet another arms race with the spammers. They are constantly being figured out.
     
Railroader
Banned
Join Date: Jun 2005
Location: Indy.
Status: Offline
Reply With Quote
Jul 11, 2009, 06:42 PM
 
For the sake and love of all that is decent and good, please, PLEASE, P L E A S E, do not instill captchas in starting a new thread.

I start about 2.3 threads per year, but I LOATHE captchas with all the fiber in my being. Satan taunts me with them.
     
ghporter
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Jul 11, 2009, 07:39 PM
 
If captcha was part of an arms race, the other side has already won. Half the time they present me with completely indecipherable gibberish-how can I tell if it's a digit one or a lower case "el" or an upper case "eye"? Zero and "oh" are similarly impossible to discriminate.

They DO have a place in ensuring that a person is registering a membership or doing some other very-seldom activity, but since they are both flaw-prone and a hassle, I don't think that this is the answer to our multi-post spammers.

Glenn -----OTR/L, MOT, Tx
     
Cold Warrior
Moderator
Join Date: Jan 2001
Location: Polwaristan
Status: Offline
Reply With Quote
Jul 11, 2009, 08:35 PM
 
Personally I wouldn't mind a moderator control that allowed instant emails based off of common but customizable spammer tactics and enabled during a mod's available times.
- 1-post member
- new registration
- links in post
- email alerts 1600-2200 MTWTF
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Jul 12, 2009, 12:49 AM
 
Originally Posted by Cold Warrior View Post
Personally I wouldn't mind a moderator control that allowed instant emails based off of common but customizable spammer tactics and enabled during a mod's available times.
- 1-post member
- new registration
- links in post
- email alerts 1600-2200 MTWTF
Well, how long does it typically take for a spam thread to be reported ? Doesn't that like happen almost immediately when someone views the new spam thread for the first time ?

I'd rather be for the first 3 -5 posts of a new member to be moderated.
Heck, create some pseudo-mods (limited access mods) that can do that moderation. I'm sure you'll find some trusted members here that wouldn't wanna be full mods, but wouldn't mind doing that kind of moderation.

-t
     
Simon  (op)
Posting Junkie
Join Date: Nov 2000
Location: in front of my Mac
Status: Offline
Reply With Quote
Jul 12, 2009, 02:10 AM
 
Spam threads here are usually reported and removed within minutes of appearing. I'd say I see and report on average 2-3 per week. Preventing these threads from being posted in the first place is more a convenience issue than a necessity. Any other ideas besides captchas? Obviously they're inefficient.
     
reader50
Administrator
Join Date: Jun 2000
Location: California
Status: Offline
Reply With Quote
Jul 12, 2009, 03:15 AM
 
For curiosity's sake, I went back and totaled up our spam reports over the past 30 days. I'd been seeing the same names doing many of the reports, and suspected a minority of members reported the majority of spam sightings.

13 Spheric Harlot winner
12 Simon
11 Andy8
7 AKcrab
7 turtle777
5 Big Mac
4 CharlesS
3 brassplayersrock
3 Jacke
2 64stang06
2 chabig
2 ChrisF
2 Laminar
2 Phileas
1 Cipher13
1 cybergoober
1 Dork.
1 és:
1 kylef
1 msuper69
1 Oisín
1 philm
1 residentEvil
1 rjenkinson
1 Rumor
1 shifuimam

There were 87 spam Reports over the last 30 days. The top 5 people caught 57% of the spammers.

Note: more than 87 spammers were caught, because when a mod spots spam, there is no Report.
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Jul 12, 2009, 03:34 AM
 
Gosh, Spheric, way to go

Hey, we should make this an official 'NN challenge, with leaderboard sticky and everything

-t
     
CharlesS
Posting Junkie
Join Date: Dec 2000
Status: Offline
Reply With Quote
Jul 12, 2009, 03:35 AM
 
Originally Posted by ghporter View Post
If captcha was part of an arms race, the other side has already won. Half the time they present me with completely indecipherable gibberish-how can I tell if it's a digit one or a lower case "el" or an upper case "eye"? Zero and "oh" are similarly impossible to discriminate.
Indeed. Captchas can be so hard to figure out that to me it seems that it's only a matter of time before the humans start employing technological means to decipher the captchas, because they're too hard to figure out by hand. It'll be a nice little twist of irony.

Ticking sound coming from a .pkg package? Don't let the .bom go off! Inspect it first with Pacifist. Macworld - five mice!
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Jul 12, 2009, 03:39 AM
 
Originally Posted by CharlesS View Post
Indeed. Captchas can be so hard to figure out that to me it seems that it's only a matter of time before the humans start employing technological means to decipher the captchas, because they're too hard to figure out by hand. It'll be a nice little twist of irony.
Funny thing is, the spammers actually have an advantage.

When you outsource these things to human farms, you get multiple "reads" from different people on it, and thereby, get a much higher chance of getting it right.

I agree with the "twist of irony" statement.

-t
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Jul 12, 2009, 05:08 AM
 
Do you guys have Akismet installed? If not, that would help filter out a good percentage of spam I'd bet.
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Jul 12, 2009, 05:18 AM
 
Originally Posted by besson3c View Post
Do you guys have Akismet installed? If not, that would help filter out a good percentage of spam I'd bet.
I didn't know there was Aksimet for vBulletin. They should give it a try.
I'm using it for WordPress, and it really works well.

-t
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Jul 12, 2009, 08:58 PM
 
Here is the link to a version of Akismet for vBulletin (don't know whether this is the latest or how it works out in the compatibility matrix, if there is one, but...)

Akismet Anti-Spam - vBulletin.org Forum

It does indeed work very well, at least for blog comments. I would imagine the patterns it would match on would be similar.
     
ghporter
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Jul 12, 2009, 10:01 PM
 
I don't think it would be a good idea for us to discuss what we may and may not have installed to interdict spammers or spammer registrations. One of the beauties of our forums is that they are a real community. Just as you might let your neighbor know that his back fence had been defaced by graffiti, members here let us know when they spot spam. As reader50 noted, mods catch spam too-I've caught several over the weekend. But our eyes can't be everywhere, and that's why it's important to report spam when you see it, or suspect it.

However, suggestions like besson's are welcome, because we're always interested in improving both our performance in moderation and the overall performance of our forums.

Glenn -----OTR/L, MOT, Tx
     
AKcrab
Moderator Emeritus
Join Date: Apr 2001
Location: Wasilla, Alaska
Status: Offline
Reply With Quote
Jul 12, 2009, 10:13 PM
 
Originally Posted by reader50 View Post
For curiosity's sake, I went back and totaled up our spam reports over the past 30 days. I'd been seeing the same names doing many of the reports, and suspected a minority of members reported the majority of spam sightings.
I think my time zone gives me an advantage.
Interestingly, this list makes me want to be even more diligent.
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Jul 13, 2009, 01:30 AM
 
Originally Posted by ghporter View Post
I don't think it would be a good idea for us to discuss what we may and may not have installed to interdict spammers or spammer registrations. One of the beauties of our forums is that they are a real community. Just as you might let your neighbor know that his back fence had been defaced by graffiti, members here let us know when they spot spam. As reader50 noted, mods catch spam too-I've caught several over the weekend. But our eyes can't be everywhere, and that's why it's important to report spam when you see it, or suspect it.

However, suggestions like besson's are welcome, because we're always interested in improving both our performance in moderation and the overall performance of our forums.

Not to sound too argumentative ghporter, but I really don't think it matters what we discuss here. These spamming machines are just brainless bots, probably compromised machines. There is most likely nobody plotting to spam MacNN.

Besides, even if the spammers knew that we were entertaining installing Akismet it still wouldn't do them good. Akismet is bundled with WordPress, all the WP owner has to do is plug in their free Akismet key. It has been like this for years and it hasn't done the spammers much good despite the countless number of WP blogs out there (including on prominent sites like the NYTimes and CNN) that predictably are using Akismet - Akismet remains highly effective. I can't vouch for how it would work on a forum, but it is *damn* effective on blogs, and I have many blogs on my servers that receive countless number of spam comments correctly identified by Akismet. I see no reason why it wouldn't also work well on a forum such as this.

Akismet is obviously not an absolute spam prevention measure, but it will definitely capture the bulk of spam for you - take a load off you guys (unless you wish to go through all of the messages it identities as spam). That's really all you can do, just have something that will catch the bulk of spam, much like Spamhaus and SpamAssassin on a mail server.
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Jul 13, 2009, 01:53 AM
 
Glenn, Besson is right.

If the spammers had ways to make Aksimet less successful, they'd do it anyways.
And since Aksimet is the de facto standard, for sure they have already optimized their attacks against that, no matter if you use Aksimet or not.

Your argument is along the lines of "security by obscurity", not a very effective measure.

-t
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Jul 13, 2009, 02:11 AM
 
Why don't you guys do a mysqldump of the current board, setup a test VM/domain running a copy of this forum (which I'm sure you have anyway for testing stuff), and write a little script that will transfer over posts (specifically spam) from this server to your test server? This way, you can experiment with the success rate of Akismet against spam that you would normally delete. If there is a "run Akismet on current posts" option you could also have it run through our existing posts to see if it produces any false positives.
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Jul 13, 2009, 02:13 AM
 
I bet that aforementioned script would literally be a few lines of code, it would just need the post ID of the spammy post as an argument. This would be a simple command line script.
     
Big Mac
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status: Offline
Reply With Quote
Jul 13, 2009, 05:57 AM
 
Great list, reader50. I'm glad I'm in the top 6 - feels like a real accomplishment to me.

Captchas to post a new thread doesn't sound very good. Moderation of a member's first five posts sounds more reasonable, but now that spam reporting is a MacNN achievement I'll be happy to see spam around here.

"The natural progress of things is for liberty to yield and government to gain ground." TJ
     
ghporter
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Jul 13, 2009, 08:23 AM
 
Originally Posted by besson3c View Post
Not to sound too argumentative ghporter, but I really don't think it matters what we discuss here. These spamming machines are just brainless bots, probably compromised machines. There is most likely nobody plotting to spam MacNN.
Originally Posted by turtle777 View Post
Glenn, Besson is right.

If the spammers had ways to make Aksimet less successful, they'd do it anyways.
And since Aksimet is the de facto standard, for sure they have already optimized their attacks against that, no matter if you use Aksimet or not.

Your argument is along the lines of "security by obscurity", not a very effective measure.

-t
My concept on this was that there should be some person selecting where spammage should occur, and that they'd do some homework to see if a forum is open to attack before they pointed their bots at it. Since I have never understood the spamming intellect in the first place, this sort of thinking may be incorrect or at least overthinking the situation. But there's a difference between "security through obscurity" and not divulging the details of one's security system. Obscurity in itself is simply ineffective. It's at best setting up a puzzle for your adversary to solve, and some people really like puzzles... Not discussing your security system is different; while it conceals what you do for security, it is by definition a strategy on top of an existing security strategy. While Akismet may not be vulnerable to specific attacks (that are known, anyway), pointing out that a site uses Akismet may at the same time divulge other potential vulnerabilities.

Yeah, I am thinking of this in terms of a fairly high level systems security approach, and it's most likely that spammers are either not sophisticated enough or not interested enough in taking on real security systems to bother with a protected site after being repelled by its security, but "defense in depth" is THE computer security method that works.

Finally, I was not at all suggesting that Akismet wasn't useful or a good idea. Just that extended discussion of a feature like that might give the bad guys ideas about how to get around such features or ways to cripple a site that uses them. And remember, Cliff Stoll found and later helped capture and convict a serious hacker that was getting into DoD systems through Berkley because he noticed a billing discrepancy of less than a dollar... With the 'Net so interconnected, it's never safe to assume that any part of it is insignificant, or that a small problem can't be leveraged into a very large problem for nefarious purposes.

Glenn -----OTR/L, MOT, Tx
     
CharlesS
Posting Junkie
Join Date: Dec 2000
Status: Offline
Reply With Quote
Jul 13, 2009, 11:07 AM
 
Originally Posted by ghporter View Post
My concept on this was that there should be some person selecting where spammage should occur, and that they'd do some homework to see if a forum is open to attack before they pointed their bots at it.
My guess would be that their spiders would crawl the Internet looking for pages that show telltale signs of being part of a forum. I think from the spammers' POV, this would find them a lot more forums to spam than doing it by hand. With that said, I think the mods/admins are doing a pretty good job of dealing with spam right now - usually when I report a spam post, it's deleted within minutes, and it seems most of them get deleted before I see them (looking at that list, 4 spams in a month really isn't much, and even with just that I'm #7 on the list).

About that list though, if this is going to be a contest, then I want to know the ground rules. Do multiple posts from the same spammer count? I used to try to track down all of a spammer's posts and report all of them, but eventually one of the mods told me I didn't really have to spend time doing that, as once they determine a user is a spammer they tend to just nuke all of that user's posts, so just reporting one of them is enough. So is the list going by spammers reported, or posts reported? Because if it were the latter, I'm pretty sure I could have beat Spheric's 13 fairly handily.

Ticking sound coming from a .pkg package? Don't let the .bom go off! Inspect it first with Pacifist. Macworld - five mice!
     
ghporter
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Jul 13, 2009, 11:19 AM
 
If this is going to be a contest, we'll have to set it up. And we haven't yet, so there ARE no rules yet. I started a separate thread for contest ideas, so please feel free to chime in with serious ideas and suggestions there. It may turn out that discussion produces a really fun game, or that it winds up being too complicated to participate in or manage. But we won't know until we start talking about it.

Glenn -----OTR/L, MOT, Tx
     
Simon  (op)
Posting Junkie
Join Date: Nov 2000
Location: in front of my Mac
Status: Offline
Reply With Quote
Jul 24, 2009, 03:53 AM
 
So what's with the contest? And how about updated standings?
     
Spheric Harlot
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status: Offline
Reply With Quote
Jul 24, 2009, 04:59 AM
 


I (apparently) spend way too much time here already, as it is.
     
Simon  (op)
Posting Junkie
Join Date: Nov 2000
Location: in front of my Mac
Status: Offline
Reply With Quote
Jul 24, 2009, 05:01 AM
 
Originally Posted by Spheric Harlot View Post
I (apparently) spend way too much time here already, as it is.
You're not alone there, my friend.
     
ghporter
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Jul 24, 2009, 09:06 AM
 
We're working on introducing a new forum (iPhone apps), and discussing the contest. Give us some slack though-it's summer vacation time!

Glenn -----OTR/L, MOT, Tx
     
Clewis
Fresh-Faced Recruit
Join Date: Aug 2009
Status: Offline
Reply With Quote
Aug 5, 2009, 03:20 PM
 
I want to have a captcha for registration to my forum, but not have a captcha appear ever time someone wants to make a post. I'm in VB 3.8.3... I may be not seeing a setting that will do this. Right now the captcha appears for registration and posts.
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Aug 5, 2009, 03:45 PM
 
Originally Posted by Clewis View Post
I want to have a captcha for registration to my forum, but not have a captcha appear ever time someone wants to make a post. I'm in VB 3.8.3... I may be not seeing a setting that will do this. Right now the captcha appears for registration and posts.
Uhm, yeah, look here:

http://www.vbulletin.com/forum/

-t
     
ghporter
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Aug 5, 2009, 05:10 PM
 
Beat me to it, turtle.

Glenn -----OTR/L, MOT, Tx
     
Andy8
Mac Elite
Join Date: Apr 2003
Location: Hong Kong
Status: Offline
Reply With Quote
Aug 5, 2009, 09:16 PM
 
lisylin - more footwear spam this morning! arrrh

Perhaps moderating the first few posts or limiting links at least may help or worth a try perhaps?
( Last edited by Andy8; Aug 5, 2009 at 09:17 PM. Reason: i can not spell!)
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Aug 5, 2009, 10:40 PM
 
Or, Akismet. It may ruin the whole contest game though....
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Aug 5, 2009, 10:44 PM
 
Any July standings available yet ?

-t
     
Simon  (op)
Posting Junkie
Join Date: Nov 2000
Location: in front of my Mac
Status: Offline
Reply With Quote
Aug 6, 2009, 03:12 AM
 
Yeah!

Originally Posted by Simon View Post
So what's with the contest? And how about updated standings?


     
ghporter
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Aug 6, 2009, 08:09 AM
 
Nothing yet. Still working on it...

Glenn -----OTR/L, MOT, Tx
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Aug 6, 2009, 08:11 AM
 
Originally Posted by Simon View Post
Yeah!





a.k.a. bump

-t
     
Simon  (op)
Posting Junkie
Join Date: Nov 2000
Location: in front of my Mac
Status: Offline
Reply With Quote
Aug 6, 2009, 12:03 PM
 
Bumptastic!
     
ghporter
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Aug 6, 2009, 04:45 PM
 
Let's keep things on topic, shall we? I'm currently working on a post for the Contest Ideas thread-let's keep things about the contest IN that thread.

Glenn -----OTR/L, MOT, Tx
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Aug 6, 2009, 09:47 PM
 
I want captchas....


... for reporting spam.



NOT.

-t
     
Simon  (op)
Posting Junkie
Join Date: Nov 2000
Location: in front of my Mac
Status: Offline
Reply With Quote
Aug 7, 2009, 03:53 AM
 
But how about spam for reporting captchas?

(sorry, Glenn)
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 07:38 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,