incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rory O'Farrell <ofarr...@iol.ie>
Subject Re: Response to spam on the user forum
Date Mon, 23 Apr 2012 19:47:23 GMT
On Mon, 23 Apr 2012 21:35:18 +0200
Hagar Delest <hagar.delest@laposte.net> wrote:

> Just some figures:
> There was more than 1800 spam posts Sunday evening (few online mods this day - like me
- I guess).
> The top posters had about 135 posts then 70 (single accounts). IP seems to be in Bangladesh.
> Almost 200 accounts have been banned in 3 days (from Apr. 19to Apr. 22).
> 
> I've set a flood limit at 120 seconds and the posts were then following every 120s too,
so I think the denial of service is a good hint. It would confirm the shut down of the forum
(too many connections) on Apr. 18. I've reset twice the most users online count: has been
2100 on Apr. 18 then 1825 on Sunday! Max number has never been above 300 at normal time.
> 
> There are some MODs against spam so a pure phpBB solution should be enough. But we need
the right adminfor that. It's under progress with imacat.
> 
> Hagar
> 
> 
> Le Mon, 23 Apr 2012 17:46:09 +0100, Rory O'Farrell <ofarrwrk@iol.ie> a écrit :
> 
> > On Mon, 23 Apr 2012 10:23:28 -0600
> > "F C. Costero"<fjcc.apache@gmail.com>  wrote:
> >
> >> Thanks for the input Rob. I will pass it on to the forum. Some of the
> >> volunteers commented over the weekend that it was more like a denial
> >> of service attack. At one point the forum did become unavailable but
> >> Hagar contacted Infra and it was back on line promptly. A few spam
> >> messages are still coming in, at a rate I would have called high
> >> before last week, but things remain vastly better than the weekend.
> >> Francis
> >>
> >>
> >>>
> >>> What you are seeing is odd.  A successful spammer does not work this
> >>> way.  They want their posts to survive and persist, to have impact. To
> >>> build up Google Pagerank they want posts on 400 different websites
> >>> rather than 400 posts on one website.  It doesn't make sense to send
> >>> 400 to one website, since that will obviously draw attention from
> >>> moderators.  This sounds more like a denial of service attack than
> >>> spam.
> >>>
> >>> But a few ideas that might work, based on my experience running forums:
> >>>
> >>> 1) Change the CAPTCHA used in your registration.  What you have right
> >>> now is too easy.
> >>>
> >>> 2) Much forum spam is targeted at getting links to raise their search
> >>> engine position. You can remove that incentive by ensuring that all
> >>> links given by users are given the rel="nofollow" attribute.  Most
> >>> major sites, like Wikipedia, online newspapers, etc., do this in order
> >>> to reduce the incentive to add spam.   I have the impression that the
> >>> spammers search the web for high Pagerank websites that do not cloak
> >>> their URL's with nofollow.  These sites are targeted by spammers.   If
> >>> we get off that list, then we'll get less spam.
> >>>
> >>> 3) Longer term, maybe there is some way we can run forum posts through
> >>> Apache's SpamAssasin?  It would probably require some custom app dev
> >>> with phpBB, but it could result in a very sophisticated anti-spam
> >>> solution.
> >>>
> >>> -Rob
> >>>
> >>>
> >>>> Francis
> >>
> >
> > The situation is improved on what it was, but still unacceptable.  I have Moderator
privileges on the Forum and in 3.5 hours I have banned at least 15 spammers and directly deleted
their postings/topics rather than move them to holding locations, as I see no need to clutter
these up with undoubted spam; there have been sometimes as many as five or six postings by
a spammer. Acknak and Hagar have also been active during that period and I do not include
their totals; the moderator logs which are accessible to Apache Observers will show the extent
of the problem, which a visit to the main pages of the Forum will not, as we are trying to
keep the Forum running as normally as possible.
> >
> >
> 

For information: Hagar mentioned that the source of the current spam flood appeared to be
the India/Bangladesh area.  This news item on BBC seems to bear that out
http://www.bbc.com/news/technology-17813300


-- 
Rory O'Farrell <ofarrwrk@iol.ie>

Mime
View raw message