incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Weir <robw...@apache.org>
Subject Re: Response to spam on the user forum
Date Mon, 23 Apr 2012 12:47:57 GMT
On Sun, Apr 22, 2012 at 10:22 PM, F C. Costero <fjcc.apache@gmail.com> wrote:
> The forum volunteers would like to inform the PPMC of recent events
> and actions on the user forum. I offered to write this initial message
> since the moderators have had a long and frustrating day. I hope I
> avoid missing any important details.
> Spam postings have been an increasing problem this year as noted in
> Hagar's summaries posted on Jan. 31, Feb. 29 and April 1.
> http://user.services.openoffice.org/en/forum/viewtopic.php?f=50&t=46497
>
> In the last week and especially the week end, the problem has gotten
> so bad that the forum became nearly unusable. Hundreds of message
> would be posted in a few hours. Nearly all of the posts were for
> streaming video sites, with absolutely no attempt to disguise their
> intent.   I personally saw more than 400 spam messages listed in
> response to the View New Messages link after being off line for less
> than 12 hours and moderators had probably been on line in the meantime
> deleting spam and banning users. Adding a dead time to user accounts
> so that messages could not be posted in rapid succession did not
> sufficiently reduce the spam. Today the registration process was
> briefly disabled to allow the moderators to remove messages and
> implement a user group for New Users. Hagar posted the following
> message:
>
> "I've taken some immediate action (sorry, unilateral but something had
> to be done to allow new users quickly):
> - I've reactivated the registration (by mail for the moment, not by mod)
> - I've activated the Newly registered and I'm restricting their
> permissions, preventing any BBCode
> - I've set the limit to 10 posts to get to the Registered status (not
> sure if it's automatic or not yet)
>
> Perhaps we should see how it works as a test. I think that the
> spammers do use BBCode for their links. If disabling it is enough,
> perhaps these basic counter measures will have some effect.
>
> Next step would be the moderation of posts from the Newly registered users."
>
> After these changes a few spam messages have appeared, but at a
> greatly reduced rate. This may be a result of the changes or just the
> time of day at the spam source. As Hagar stated in his message, the
> next step will be moderation of posts from new users. This is not a
> desirable action because it will make the forum less accessible and
> will greatly increase the moderator work load. If implemented, it may
> require the appointment of more moderators.
>
> I believe any suggestions from the wider Apache community for
> addressing this problem would be very welcome. Events have moved very
> quickly and there has not been time for the volunteers and moderators
> to have a thorough discussion of how to handle the new spam
> environment.
>

What you are seeing is odd.  A successful spammer does not work this
way.  They want their posts to survive and persist, to have impact. To
build up Google Pagerank they want posts on 400 different websites
rather than 400 posts on one website.  It doesn't make sense to send
400 to one website, since that will obviously draw attention from
moderators.  This sounds more like a denial of service attack than
spam.

But a few ideas that might work, based on my experience running forums:

1) Change the CAPTCHA used in your registration.  What you have right
now is too easy.

2) Much forum spam is targeted at getting links to raise their search
engine position. You can remove that incentive by ensuring that all
links given by users are given the rel="nofollow" attribute.  Most
major sites, like Wikipedia, online newspapers, etc., do this in order
to reduce the incentive to add spam.   I have the impression that the
spammers search the web for high Pagerank websites that do not cloak
their URL's with nofollow.  These sites are targeted by spammers.   If
we get off that list, then we'll get less spam.

3) Longer term, maybe there is some way we can run forum posts through
Apache's SpamAssasin?  It would probably require some custom app dev
with phpBB, but it could result in a very sophisticated anti-spam
solution.

-Rob


> Francis

Mime
View raw message