Fighting spammers

hokasch · 2010-09-19 16:49:27

What is th output of "date -u +%j(uname)|sha256sum|sed 's/\W//g'"?

trick question?

anonymous_user · 2010-09-19 16:58:24

You're missing a "$", it should be:

date -u +%j$(uname)|sha256sum|sed 's/\W//g'

thestinger · 2010-09-19 18:56:51

awesome.

arch: 1
spammers: 0?

hatten · 2010-09-19 19:38:06

I'll just say omfg at this one

The problem would be with members currently on windows, having problems installing arch, as they would not have a linux computer there. But those could always work around it by asking on IRC/whatever.

Pierre · 2010-09-19 19:53:51

Well, windows-only users are not our audience. And real Arch users compute that command in their mind. :-)

fsckd · 2010-09-19 20:26:30

If spammers are taking the time to manually register then this seems like a losing race. I wouldn't be too excited until you observe at least a month of greatly reduced spam.

Pierre · 2010-09-19 20:42:31

I am not excited, I am pissed. ;-) Of course we'll need to remove spam as soon as possible and change the "captcha" regulary.

Inxsible · 2010-09-19 21:33:15

I have seen a major improvement over the last few days. I see only 12 new registrations for today instead of the 25+ each day -- most of them being spammers.

Good riddance. and great job Pierre

crouse · 2010-09-20 00:49:36

Pierre wrote:

If I disable register.php nobody will be able to register; so I don't see the point. Its also not about bots here but humans (they might use some special tools though).

It's doubtful your going to stop a determined human user.

Pretty sure you didn't look at what my .htaccess protection looks like.

The username/password are actually "shown" in the password protection box.
They are required to register and login.

Your "spammers" may take the time to bypass the registration box, but they are automating the spam part I'm sure. (At least that's what I've noticed)

Their "automated" login won't work with their spambots... they still have to automate the .htaccess protection login... and as I've mentioned, while possible, probably not likely.

You really might want to take a look at opensuse.us/forum and click "register" or "login". I have implemented this at four of my forums, bot registrations are at zero. Bot postings are at zero.

karol · 2010-09-20 00:54:11

crouse wrote:

You really might want to take a look at opensuse.us/forum and click "register" or "login". I have implemented this at four of my forums, bot registrations are at zero. Bot postings are at zero.

How long have you been using it? It sounds almost too good to be true ;P

crouse · 2010-09-20 01:09:00

karol wrote:

crouse wrote:
You really might want to take a look at opensuse.us/forum and click "register" or "login". I have implemented this at four of my forums, bot registrations are at zero. Bot postings are at zero.
How long have you been using it? It sounds almost too good to be true ;P

Several years.

karol · 2010-09-20 01:11:45

crouse wrote:

karol wrote:
crouse wrote:
You really might want to take a look at opensuse.us/forum and click "register" or "login". I have implemented this at four of my forums, bot registrations are at zero. Bot postings are at zero.
How long have you been using it? It sounds almost too good to be true ;P
Several years.

Will a blind person be able to register?

crouse · 2010-09-20 01:15:24

I have no idea. I've not used any text to speech apps or had occasion to know. No one has mentioned any issues with registering, but to my knowledge none of the userbase on any of the forums are blind. That is actually a good question.

cmb · 2010-09-20 02:33:43

I'm blind, and the method used by the opensuse forum works for me.

karol · 2010-09-20 11:21:18

opensuse.us/forum is 8 times smaller in terms of registered users and 40 times smaller if we consider the number of posts, so it may attract less attention from spammers, but I think it's worth a try.

karol · 2010-09-24 11:29:45

Should I report new spam sightings here?
https://bbs.archlinux.org/viewtopic.php?id=105436 was a post by some spammer (it's already removed by the mods).

jasonwryan · 2010-09-24 11:33:17

No - just use the report button: we keep track of the spammers...

karol · 2010-09-24 11:34:54

jasonwryan wrote:

No - just use the report button: we keep track of the spammers...

Yeah, I already did that. I was asking if Pierre wants to know if anyone got through the defenses he set up :-)
If he knows, it's OK.

Last edited by karol (2010-09-24 11:35:27)

Pierre · 2010-09-24 12:31:05

That was hopefully some special case; there was no real advertisement. OK, we could block every IP from China or the Windows user agent. ;-)

flamelab · 2010-09-24 13:07:54

Pierre, does the new way to stop spammers work for now ?

Pierre · 2010-09-24 13:16:00

Looks good so far. I am still removing some accounts but they all were created before the new implementation. Spammers think if they add their signature spam a few weeks after registering I wouldn't notice.

stefanwilkens · 2010-09-24 14:09:45

have a weekly script check all signature fields against a list of known baddies? might lift some of the load. I'm sure the same can be done with the wiki, but the massive amount of queries might warrant a "maintainance" period where the forums / wiki are periodically unavailable.

spammers should be banned from life

Pierre · 2010-09-24 14:53:21

If it were just that easy...they use ips, email and urls mostly only once.

Edit: Just had to delete a new spammer. He first tried with Windows and then switched to Ubuntu (obviously to enter the Bash script). He spent about 5 minutes to update his spam signature. I wonder how much those people are paid that it worth this effort.

I'll probably add some more variations to the "captcha". On the other hand I'll improve the tools to detect such spam. If there is only one per week that would be acceptable. (10min for them to spam us; one click for us to delete their account is still a good balance)

panthe0n · 2010-09-27 04:24:43

Pierre wrote:

(obviously to enter the Bash script).

If it was not for that one line right there, I would not have had a single clue as to how to answer the question on the register page.

ngoonee · 2010-09-27 08:03:22

Pierre wrote:

Edit: Just had to delete a new spammer. He first tried with Windows and then switched to Ubuntu (obviously to enter the Bash script). He spent about 5 minutes to update his spam signature. I wonder how much those people are paid that it worth this effort.

More importantly, how knowledgeable the person must be to know what a bash script is and how it should be run....

THE MONGOLS ARE COMING!!!

Damn this is scary in a way.

Arch Linux

#51 2010-09-19 16:49:27

Re: Fighting spammers

#52 2010-09-19 16:58:24

Re: Fighting spammers

#53 2010-09-19 18:56:51

Re: Fighting spammers

#54 2010-09-19 19:38:06

Re: Fighting spammers

#55 2010-09-19 19:53:51

Re: Fighting spammers

#56 2010-09-19 20:26:30

Re: Fighting spammers

#57 2010-09-19 20:42:31

Re: Fighting spammers

#58 2010-09-19 21:33:15

Re: Fighting spammers

#59 2010-09-20 00:49:36

Re: Fighting spammers

#60 2010-09-20 00:54:11

Re: Fighting spammers

#61 2010-09-20 01:09:00

Re: Fighting spammers

#62 2010-09-20 01:11:45

Re: Fighting spammers

#63 2010-09-20 01:15:24

Re: Fighting spammers

#64 2010-09-20 02:33:43

Re: Fighting spammers

#65 2010-09-20 11:21:18

Re: Fighting spammers

#66 2010-09-24 11:29:45

Re: Fighting spammers

#67 2010-09-24 11:33:17

Re: Fighting spammers

#68 2010-09-24 11:34:54

Re: Fighting spammers

#69 2010-09-24 12:31:05

Re: Fighting spammers

#70 2010-09-24 13:07:54

Re: Fighting spammers

#71 2010-09-24 13:16:00

Re: Fighting spammers

#72 2010-09-24 14:09:45

Re: Fighting spammers

#73 2010-09-24 14:53:21

Re: Fighting spammers

#74 2010-09-27 04:24:43

Re: Fighting spammers

#75 2010-09-27 08:03:22

Re: Fighting spammers

Board footer