Jump to content

Recent spam floods

comment

By comment
in FM Forums Feedback & Site News

 Share

This topic is 3258 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Lee Smith

Lee Smith

Posted
Posted

Hi thong127, 

 

maybe same person is doing this like in fmdev.filemaker.com

Why would you say this?

 

FYI, Ocean West started looking into this yesterday. It seems that the bad guys have found a way around our current practices.

 

In the meantime, please report any suspicious threads or post using the Report button. 

 

Lee

Link to comment
Share on other sites
Ocean West Grand Master

Ocean West

Posted
Posted

I have increased the levels in the anti-spam system to hopefully curtail this, as Lee suggested please report any spam and it will be handled. When someone is identified their IP/Email/Usernames are added to a honeypot for this site and others that use the same system to assist in combating forums spam. -  

 

I have not turned on auto moderation for every new member as trying to approve every new post can get tedious. 

Link to comment
Share on other sites
Rick Whitelaw Mentor

Rick Whitelaw

Posted
Posted

Josh, I suspect anyone running a bot has the expertise to spoof ad infinitum. I doubt any of these attacks originate from the same ip address. That would be too easy. The next time this happens, and it's likely to happen tomorrow morning, I'm going to copy the user name and do a google search to see if the user name shows up on countless other sites. If this isn't the case I'll begin to suspect this jerk has an axe to grind with this forum (and TechNet as well I hear).

Link to comment
Share on other sites
Josh Ormond Mentor

Josh Ormond

Posted
Posted

Well, some spammers are actually hired by companies to post links. The more click-thrus and/or posts they make, the more they get paid. So it is likely a bot of some kind. But there is a also a chance it is not.

 

We have one technique that is very effective to prevent spammers. Not sure how easy it would be to implement here. But it has effectively halted spam being submitted on some of the public company forms, from bots.

Link to comment
Share on other sites
Lee Smith

Lee Smith

Posted
Posted

Here is one of them. unfortunately, I didn’t keep the two from Rick sent me after I banned them and deleted their posts. I think there is a way that Ocean West can look back and see their names?

 

jjpankaj
 
sultanjiali
 
babaji056
 
laxmijyotish
 
babauk
 
laxmijyotish
 
gofurali12
Link to comment
Share on other sites
Ocean West Grand Master

Ocean West

Posted
Posted

when a user registers they are asked a basic challenge question  (i plan to add more questions)  and requires a KeyCapcha  that requires a human to actually solve a puzzle - then it requires a valid email address that they must be able to click a validation link in that email to activate the account. 

 

During signup also they are tested against the honeypot to prevent known spammers. 

 

when we flag a spammer and ultimately ban them the account remains in the database so we have a record to compare against to deny future access or registration.

Link to comment
Share on other sites
comment Grand Master

comment

Posted
  • Author
Posted
i plan to add more questions

 

I just hope this is not going to make it too difficult or off-putting for "real" folks to join. It only takes one jerk to spoil it for everybody (and I suspect the jerk will eventually figure it out anyway).

 

I wonder how expensive can it be to hire a hitman in India?

Link to comment
Share on other sites
Josh Ormond Mentor

Josh Ormond

Posted
Posted

Bots can be pretty sophisticated. I've seen them get past a lot of Captcha implementations.  OW, I'll send you in a PM how we handled the bot thing. It may help with both the account sign-up and posting.

Link to comment
Share on other sites
  • 2 weeks later...
pixi Mentor

pixi

Posted
Posted

wouldn't it be an alternative to manually confirm new registrations? and/or the first posts until the account is confirmed?

i do this with all my websites and have very few attempts.

Link to comment
Share on other sites
comment Grand Master

comment

Posted
  • Author
Posted

wouldn't it be an alternative to manually confirm new registrations? and/or the first posts until the account is confirmed?

i do this with all my websites and have very few attempts.

 

 

I have not turned on auto moderation for every new member as trying to approve every new post can get tedious. 

Link to comment
Share on other sites
Josh Ormond Mentor

Josh Ormond

Posted
Posted

I think you underestimate the number of users we get here. ;)

 

wouldn't it be an alternative to manually confirm new registrations? and/or the first posts until the account is confirmed?

i do this with all my websites and have very few attempts.

Link to comment
Share on other sites
Josh Ormond Mentor

Josh Ormond

Posted
Posted

48 in the past 7 days. Overall, not an unmanageable number.  However, how would you feel if you needed fast help from one of the quality developers on the site, but had to wait for one of the moderators to "approve" your post.  All that for the occasional spammer or 2 we actually get.

 

What if each new user posted an average of 5 posts in a week. You are now talking about us approving 48 * 5 posts ( 240 posts ). Now we are spending more time approving posts, and less time helping answer questions. The unintended consequences of such a thing can not be understated.

 

Additionally, would a human looking at a new user have anyway to know if someone is actually a spammer until they actually post. As with your recommendation, bots CAN verify their account. And us looking at a registration, it's almost impossible to know if someone is legit or a spammer. Comment's recommendation would be more user friendly and more effective. Just limit the number of posts initially. So even if there was a spammer he couldn't post more than 5? posts per day until a certain time. That would help. Though, I am in favor of a measure that combines Comment's suggestion, and the one I PM'd to the administrator. It would virtually eliminate all spammer's access via a bot. And for those nefarious humans getting through, would limit their reach.

 

you mean there are more than 10 NEW users/registrants each day?

Link to comment
Share on other sites
  • 8 months later...
Charity Proficient

Charity

Posted
Posted (edited)

Don't all of the topics begin with garbage?  Is there a way of using patterncount and if more than 5 non-word characters at the beginning, don't let them post.  Just a thought.  Probably dumb.

Edited by Charity
  • Like 1
Link to comment
Share on other sites
LaRetta Grand Master

LaRetta

Posted
Posted

Hey Charity, good thinking!

I am not sure if there is enough consistency in their inconsistency to determine a pattern but it would be a fun thing to study.  :-)

Link to comment
Share on other sites
Ocean West Grand Master

Ocean West

Posted
Posted

thanks for your patience and perseverance - more bits were flipped and settings changed both in this software and on the server end, hoping this resolves this.

 

 

Link to comment
Share on other sites
LaRetta Grand Master

LaRetta

Posted
Posted

I agree, Tom, until now!  It seems it might have been tweaked ... just today in last few hours, things have gotten very snappy unlike prior when I counted 15 seconds to switch to Forums tab.  Thank you, Stephen!

Link to comment
Share on other sites

This topic is 3258 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept