About a month ago, in the hopes of reducing forum spam, we disabled signatures for registered users. We also disabled bbcode across all publicly accessible forums.
The result was that the spam fell off a bit, and centered in the "music theory" forum.
It seems the spam comes from "forum spam companies" and that there is currently only one forum spam company targetting this site.
Given what could happen, this situation is not too bad. We have a lot of mods, and we all just check the music theory forum first thing every time we are here.
Today I am re-enabling signatures for register users. I also re-enabled bbcode in open discussion and several other forums.
Let's see how this goes. If we don't end up with new kinds of spam or new targets, we can keep these changes.
Thanks for your patience on this.
Jon
re-enabled signatures and some bbcode
# 1
Sounds good. They seem to be targeting the Music Theory section mostly anyways...plus the lack of vb code was making the other sections look a little messy because the 'quote' function wasn't working.
# 2
Any idea what the forum spam company is?
I'm curious if we asked them nicely that they might take us off their list considering that we always delete their posts as soon as they appear anyways.
And if that failed we could always file an abuse complaint with their ISP and get their account yanked. They must be violating their terms of service unless they're in some third world country or something.
I'm curious if we asked them nicely that they might take us off their list considering that we always delete their posts as soon as they appear anyways.
And if that failed we could always file an abuse complaint with their ISP and get their account yanked. They must be violating their terms of service unless they're in some third world country or something.
# 3
Today we got a spam in open discussion. Not a good sign... :mad:
# 4
It's pathetic. I've been surfing boards for years now, this is the only site i've ever seen get spammed like this. Was curious to know also, is there a way that people can setup their profile to not show deleted/locked threads? Would be nice to filter them out.
Thanks!
Thanks!
[U]Ricks Current Mystery Video[/U] - Updated Monday March/02/2015
# 5
Wish there was some way to deal with them. It's a daily thing having to delete between 5 and 10 spams and they're getting raunchier every time what with the porn stuff. Especially considering that this board is accessible by children.
I have noticed that the Music Theory Forum seems to be getting the automated posts while the occasional posts in the Open Forum almost look like they're posted by an actual person rather than a spam bot.
I'm confused as to how these guys managed to adapt so fast when we changed the forum name and address. You'd think that by renaming a forum area and changing it's page address, that the spambot would lose track but it just seems to automatically adapt somehow.
Any ideas would be definitely welcome...
When I was moderating these forums I was able to keep things to a minimum by filing abuse complaints with the ISP's. But these guys seem to be originating in Asia and other countries that don't have any strict rules on this sort of thing. So abuse complaints sometimes seem to have the opposite effect and end up increasing the spam rather than eliminating it.
Even my email inbox has had a significant increase in the last few months with spams bypassing 3 levels of spam blockers including SpamSieve, the ISP and Entourage Rules trying to catch them. Even writing in rules to delete anything with the words "Viagra" in the email headers doesn't seem to work. (I'm up to about 4000 spam emails a week now and luckily only about 50 of them make it through the spam blocks.)
I honestly don't know what the solution is. If you block their ISP number, they just use a different one. If you disable bbcoding, you lose formatting and quoting. If you require email verification on signup, they get by that somehow.
And yeah... it's pathetic. I don't know what these companies get out of it.
Nobody ever reads them and everybody is annoyed by them so why do they even bother.
I have noticed that the Music Theory Forum seems to be getting the automated posts while the occasional posts in the Open Forum almost look like they're posted by an actual person rather than a spam bot.
I'm confused as to how these guys managed to adapt so fast when we changed the forum name and address. You'd think that by renaming a forum area and changing it's page address, that the spambot would lose track but it just seems to automatically adapt somehow.
Any ideas would be definitely welcome...
When I was moderating these forums I was able to keep things to a minimum by filing abuse complaints with the ISP's. But these guys seem to be originating in Asia and other countries that don't have any strict rules on this sort of thing. So abuse complaints sometimes seem to have the opposite effect and end up increasing the spam rather than eliminating it.
Even my email inbox has had a significant increase in the last few months with spams bypassing 3 levels of spam blockers including SpamSieve, the ISP and Entourage Rules trying to catch them. Even writing in rules to delete anything with the words "Viagra" in the email headers doesn't seem to work. (I'm up to about 4000 spam emails a week now and luckily only about 50 of them make it through the spam blocks.)
I honestly don't know what the solution is. If you block their ISP number, they just use a different one. If you disable bbcoding, you lose formatting and quoting. If you require email verification on signup, they get by that somehow.
And yeah... it's pathetic. I don't know what these companies get out of it.
Nobody ever reads them and everybody is annoyed by them so why do they even bother.
# 6
Hi All!
This is my first post on the site and I do apologize if it seems out of place. I just thought that since the site is sharing it's musical knowledge with me, I would offer up my insight and experience into the SPAM issue.
One thing I noticed when I signed up is that the GT site/forum registration system is wide open. If there are bogus accounts being created for spamming, my educated and experienced guess is that the lack of "human factor authentication" is a large part of the cause.
Having an open system such as how GT is currently configured allows bots to register and post. How they do it exactly, I can't say as I have never reverse engineered a spam bot before, I just know that they can be programmed to find and fill in known fields, fields which all systems like v Bulletin for example, have.
To Address a post made by Kevin...
The way these bots usually work is by tagging the root domain, in this case guitartricks.com. The problem with moving the board is that you have to link to it somehow from the main site without being to complicated. The second you link to it with a hyperlink, anywhere from the root domain, the spam bots, because they read source code and not rendered code, will find it again and regardless of where you put it... they will access it and spam it again.
I implement and maintain content management systems for small businesses and one thing I have found, especially with any widely used system such as a content management system or forum application, is that SPAM in general can be reduced by doing one or both of two things...
1. - implement a system where the [U]USER[/U] has to verify their email account by clicking a link or entering a code. Based on experience with at least one of my sites that gets several bogus sign ups a day, most SPAM bots and automated systems can't follow email instructions to click a link or enter a code as far as I know so the bogus account they create to be able to post doesn't get approved...no approval, no ability to post.
2. Implement a Captcha system and make users enter the characters they see in the box. SPAM bots can't read or type...yet...so this is usually quite effective. Care needs to be taken though to have an audible option available or make the characters easy enough to see for people with vision issues. It isn't the complexity of the characters that makes Captcha effective, it's the fact that spam bots can't see picture content... just a gif/jpg/png file.
Generally if you explain to people WHY you do something and how it BENEFITS them. they won't have a problem with the extra step.
Just my two cents in an area where I have some experience.
All the best and keep up the AMAZING work!
G.
This is my first post on the site and I do apologize if it seems out of place. I just thought that since the site is sharing it's musical knowledge with me, I would offer up my insight and experience into the SPAM issue.
One thing I noticed when I signed up is that the GT site/forum registration system is wide open. If there are bogus accounts being created for spamming, my educated and experienced guess is that the lack of "human factor authentication" is a large part of the cause.
Having an open system such as how GT is currently configured allows bots to register and post. How they do it exactly, I can't say as I have never reverse engineered a spam bot before, I just know that they can be programmed to find and fill in known fields, fields which all systems like v Bulletin for example, have.
To Address a post made by Kevin...
The way these bots usually work is by tagging the root domain, in this case guitartricks.com. The problem with moving the board is that you have to link to it somehow from the main site without being to complicated. The second you link to it with a hyperlink, anywhere from the root domain, the spam bots, because they read source code and not rendered code, will find it again and regardless of where you put it... they will access it and spam it again.
I implement and maintain content management systems for small businesses and one thing I have found, especially with any widely used system such as a content management system or forum application, is that SPAM in general can be reduced by doing one or both of two things...
1. - implement a system where the [U]USER[/U] has to verify their email account by clicking a link or entering a code. Based on experience with at least one of my sites that gets several bogus sign ups a day, most SPAM bots and automated systems can't follow email instructions to click a link or enter a code as far as I know so the bogus account they create to be able to post doesn't get approved...no approval, no ability to post.
2. Implement a Captcha system and make users enter the characters they see in the box. SPAM bots can't read or type...yet...so this is usually quite effective. Care needs to be taken though to have an audible option available or make the characters easy enough to see for people with vision issues. It isn't the complexity of the characters that makes Captcha effective, it's the fact that spam bots can't see picture content... just a gif/jpg/png file.
Generally if you explain to people WHY you do something and how it BENEFITS them. they won't have a problem with the extra step.
Just my two cents in an area where I have some experience.
All the best and keep up the AMAZING work!
G.
# 7
