You are not logged in.

#1 2010-09-14 11:43:32

Pierre
Developer
From: Bonn
Registered: 2004-07-05
Posts: 1,950
Website

Fighting spammers

It looks like spam in our forums and the wiki is increasing. The simple CAPTCHA does block most bots but the site is big enough that its worth for spammers to register and post manually. It's getting more annoying, especially on the wiki which doesn't really provide the deletion of pages or users.

So I just wrote and uploaded a new extension for you to test. ATM it only used in the wiki, but I might port it to the forums as well if it works fine. The idea is to make it less worth for human spammers to spend time registering an account.

If you want to register a wiki account you have to answer one out of a few questions which should be easy for an Arch user who wants to contribute to our documentation.  Of course a spammer could research the answers easily but my hope is that it just not worth the effort for them.

Btw: You'll see some examples when refreshing the account creation page: http://wiki.archlinux.org/index.php?tit … ype=signup

This is just a test for now. So let me know what you think. Please don't post answers to these questions here and if you have an idea for new ones just mail me.

Greetings,

Pierre

Offline

#2 2010-09-14 13:26:13

.:B:.
Forum Fellow
Registered: 2006-11-26
Posts: 5,819

Re: Fighting spammers

Looks good to me, and you're not limited to the content of the wiki to answer it smile.


Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy

Offline

#3 2010-09-14 14:33:05

KimTjik
Member
From: Sweden
Registered: 2007-08-22
Posts: 715

Re: Fighting spammers

That's a smart idea. Even if some questions would be slightly difficult it wouldn't matter, because real contributors to the Wiki obviously have a strong enough interest to make the effort. Making good contributions will anyway demand more effort than the initial answering of a few questions.

Offline

#4 2010-09-14 16:07:56

bernarcher
Forum Fellow
From: Germany
Registered: 2009-02-17
Posts: 2,271

Re: Fighting spammers

Basically a good idea. But some simple test runs revealed that I wasn't able to easily answer most of the more technical  questions.

Sure, all of them were resolvable with some minimum effort. But then I certainly would have forgotten why I wanted to log in in the first place.

I propose to take the time and let the community find a good set of questions being non-trivial yet solvable for the not so technically fluent user.

Last edited by bernarcher (2010-09-14 16:09:10)


To know or not to know ...
... the questions remain forever.

Offline

#5 2010-09-14 16:12:21

karol
Archivist
Registered: 2009-05-06
Posts: 25,428

Re: Fighting spammers

bernarcher wrote:

But then I certainly would have forgotten why I wanted to log in in the first place..

I just don't get it. Attention disorder? Can't you type / jot down a to-do list: fix XYZ, check ABC? How often you need to log in?

Offline

#6 2010-09-14 16:14:14

Inxsible
Forum Fellow
From: Chicago
Registered: 2008-06-09
Posts: 9,071

Re: Fighting spammers

There has definitely been an uptick in the number of spammers. So we definitely need this. Thanks Pierre.

@bernacher that's a classic catch22. If the questions are too easy, there is no point in having them either.


Forum Rules

There's no such thing as a stupid question, but there sure are a lot of inquisitive idiots !

Offline

#7 2010-09-14 16:24:21

bernarcher
Forum Fellow
From: Germany
Registered: 2009-02-17
Posts: 2,271

Re: Fighting spammers

karol wrote:
bernarcher wrote:

But then I certainly would have forgotten why I wanted to log in in the first place..

I just don't get it. Attention disorder? Can't you type / jot down a to-do list: fix XYZ, check ABC? How often you need to log in?

Too old (> 60), probably? wink
No, it is that I am the spontaneous type. Just to fix some typo I spotted or else a rather trivial fix every now and then. If some too awkward intermediate action interferes, such kind of short term actions tend to be forgotten (usually, it is a problem in learning theory).

Well, as yet I was not too active on the Arch wiki, but this may change. But I experienced similar difficulties elsewhere far too often for my taste.

The basic Idea of mine is to keep the questions down to a level solveable with some minor reasoning if you do know Arch on an at least basic level. And being not too technical because not everybody who could contribute to the wiki is a software guru.

@Inxsible: I am aware this could be a catch22. This is why I propose to take enough time to build up a sufficiently large set of non-trivial(!) questions.

Last edited by bernarcher (2010-09-14 16:28:30)


To know or not to know ...
... the questions remain forever.

Offline

#8 2010-09-14 16:28:14

karol
Archivist
Registered: 2009-05-06
Posts: 25,428

Re: Fighting spammers

bernarcher wrote:
karol wrote:
bernarcher wrote:

But then I certainly would have forgotten why I wanted to log in in the first place..

I just don't get it. Attention disorder? Can't you type / jot down a to-do list: fix XYZ, check ABC? How often you need to log in?

Too old (> 60), probably? wink
No, it is that I am the spontaneous type. Just to fix some typo I spotted or else a rather trivial fix every now and then. If some too awkward intermediate action interferes, such kind of short term actions tend to be forgotten (usually, it is a problem in learning theory).

Well, as yet I was not too active on the Arch wiki, but this may change. But I experienced similar difficulties elsewhere far too often for my taste.

The basic Idea of mine is to keep the questions down to a level solveable with some minor reasoning if you do know Arch on an at least basic level. And being not too technical because not everybody who could contribute to the wiki is a software guru.

But if the questions are too easy, we're getting flooded by spammers. Yes, I'm aware it can be a PITA to hunt for answers for a CAPTCHA when you just want to reword a paragraph.

Offline

#9 2010-09-14 16:32:34

bernarcher
Forum Fellow
From: Germany
Registered: 2009-02-17
Posts: 2,271

Re: Fighting spammers

The questions must not be too easy! Yet this should be feasible wiithout forcing somebody to a hard hunt for the answer.

And perhaps some combination of methods could help. Captchas don't really, I know.

Last edited by bernarcher (2010-09-14 16:32:58)


To know or not to know ...
... the questions remain forever.

Offline

#10 2010-09-14 16:35:10

Pierre
Developer
From: Bonn
Registered: 2004-07-05
Posts: 1,950
Website

Re: Fighting spammers

Sure, you have to find some kind of tradeoff. We might loose some people who just fix a typo (but for those registering itself is probably not worth their effort) but if on the other hand we would get rid of this spammers I would be fine with it.

Even if you don't know the answer to this questions instantly you should be able to look them up within a minute. If you think a specific question is too hard, feel free to send me a mail. Of course I am probably blind to some problems being an active member of the Arch community for some time.

And in general, just send me suggestions for new questions by mail. Just make sure they are not too hard to look up and the answer is canonical.

Offline

#11 2010-09-14 16:37:33

Inxsible
Forum Fellow
From: Chicago
Registered: 2008-06-09
Posts: 9,071

Re: Fighting spammers

We are probably under attack today. I just banned 38 spammers...

Pierre we need this on the forum as well..... and probably YESTERDAY !!

Not trying to rush you wink

Now...going back to finding those dammed spammers and banning them


EDIT: MAke that 45 spammers. I just finished everyone that registered today. There are lots which registered yesterday and maybe before that as well.


Forum Rules

There's no such thing as a stupid question, but there sure are a lot of inquisitive idiots !

Offline

#12 2010-09-14 17:24:50

hokasch
Member
Registered: 2007-09-23
Posts: 1,461

Re: Fighting spammers

bernarcher wrote:

But then I certainly would have forgotten why I wanted to log in in the first place.

karol wrote:

Yes, I'm aware it can be a PITA to hunt for answers for a CAPTCHA when you just want to reword a paragraph.

You only need to answer the captcha once (when you create an account), not each time you log in. The questions I've seen could be easily answered by checking the Download- or some general Wiki pages. A reasonable annoyance, imho.

Last edited by hokasch (2010-09-14 17:25:10)

Offline

#13 2010-09-14 17:32:24

chris-kun
Member
From: SF Bay Area
Registered: 2010-09-07
Posts: 235
Website

Re: Fighting spammers

hokasch wrote:
bernarcher wrote:

But then I certainly would have forgotten why I wanted to log in in the first place.

karol wrote:

Yes, I'm aware it can be a PITA to hunt for answers for a CAPTCHA when you just want to reword a paragraph.

You only need to answer the captcha once (when you create an account), not each time you log in. The questions I've seen could be easily answered by checking the Download- or some general Wiki pages. A reasonable annoyance, imho.

exactly. should be harder, if anything tongue


[home page] -- [code / configs]

"Once you go Arch, you must remain there for life or else Allan will track you down and break you." -- Bregol

Offline

#14 2010-09-14 17:35:38

karol
Archivist
Registered: 2009-05-06
Posts: 25,428

Re: Fighting spammers

hokasch wrote:
bernarcher wrote:

But then I certainly would have forgotten why I wanted to log in in the first place.

karol wrote:

Yes, I'm aware it can be a PITA to hunt for answers for a CAPTCHA when you just want to reword a paragraph.

You only need to answer the captcha once (when you create an account), not each time you log in. The questions I've seen could be easily answered by checking the Download- or some general Wiki pages. A reasonable annoyance, imho.

Exactly, that's why I asked how often do you need to log in https://bbs.archlinux.org/viewtopic.php … 24#p826024

It can be an annoyance for the first-timers that have to register and prove they're human but we don't really have a choice.

Offline

#15 2010-09-16 13:29:24

ThatWhistlepainter
Member
Registered: 2010-09-16
Posts: 2

Re: Fighting spammers

As I was just now creating my ArchWiki account, I was asked what license the Linux kernel is released under. I appreciate it taking me back to my days of playing X-com (enter the code from page __ of the manual to play) and, like that game's primitive DRM, I'm guessing that this leading question was designed to only let in 'those who should be here' (in this case humans, leaving the bots out in the cold). I can deal with that. I double-checked with wikipedia just to confirm my answer, and I filled in the box with 'GPLv2'. When I submitted the form, I was told that my answer was wrong (but it wasn't!), my account was not created, and I got to fill out my passwords again. What? This just doesn't fit with my general experience of the Arch community (which I like very much) and especially with the very helpful nature of the ArchWiki. This is just heaping abuse on the users, and Arch is not sadistic.

If you're going to have people go and fetch some information in order to create an account then please make sure:

  1. The right answer is accepted as correct.

  2. There is only one right way to answer(a), or else be flexible if at all possible(b).

    1. The second go-round asked for an MD5 sum of one of the Arch ISOs. No confusion there.

    2. In the case of the license of the Linux kernel license, accept 'GPL' and 'GPLv2', maybe even 'GNU General Public License version 2'.

At Your Service,
That Whistlepainter

Offline

#16 2010-09-16 13:43:56

litemotiv
Forum Fellow
Registered: 2008-08-01
Posts: 5,026

Re: Fighting spammers

Merged ThatWhistlepainter's thread.


ᶘ ᵒᴥᵒᶅ

Offline

#17 2010-09-16 13:53:25

ThatWhistlepainter
Member
Registered: 2010-09-16
Posts: 2

Re: Fighting spammers

Thank you for placing my post here. I did perform a search prior to posting, but didn't turn up anything that seemed germane.
I would like to add that I support the mechanism as a concept. I didn't realize it was so new. I'm sure things will smooth out if it's left in place. Perhaps an explanatory note along side of it to state its purpose would be good. My first thought was that a certain level of Linux/technical knowledge was desired of anyone who had an account.

Last edited by ThatWhistlepainter (2010-09-16 13:53:55)

Offline

#18 2010-09-16 14:06:26

karol
Archivist
Registered: 2009-05-06
Posts: 25,428

Re: Fighting spammers

ThatWhistlepainter wrote:

My first thought was that a certain level of Linux/technical knowledge was desired of anyone who had an account.

I think that's a completely unintentional side-effect ;P

Offline

#19 2010-09-16 15:14:35

Pierre
Developer
From: Bonn
Registered: 2004-07-05
Posts: 1,950
Website

Re: Fighting spammers

@ThatWhistlepainter: Thanks for the suggestions. And yes, there is quite some room for improvements. I made these questions up in a few minutes to be able to stop the spam right now.

I am stil accepting suggestions for some good questions by mail. :-)

Last but not least: this is mostly to block spam made by humans not bots. The latter can be more or less fought by using some kind of captcha (which we had before). That's why the questinos need to be hard enough that only linux users are able to solve them easily.

Offline

#20 2010-09-16 17:14:17

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 12,937

Re: Fighting spammers

Looks pretty good.  It gave me cause to create a wiki account.  Now I have a 'Full House' of arch logins.

There may be a legitimate reason for someone who cannot answer a question on an arbitrary topic unrelated to their expertise to be able to create an account.  (I said may)  This is especially true if this technique were extended to the Forums. 

I might suggest an option to request an off line review by a human in lieu of answering a technical question.
The only problem I see with the technical question approach is that it is, of course, vulnerable to "Mechanical Turk" attack.  Hopefully the micro-payment will be enough to dissuade spammers.

Last edited by ewaller (2010-09-16 17:15:25)


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Like you, I have no idea what you are doing, but I am pretty sure it is wrong...Jasonwryan
----
How to Ask Questions the Smart Way

Online

#21 2010-09-16 17:17:37

karol
Archivist
Registered: 2009-05-06
Posts: 25,428

Re: Fighting spammers

ewaller wrote:

Looks pretty good.  It gave me cause to create a wiki account.  Now I have a 'Full House' of arch logins.

There may be a legitimate reason for someone who cannot answer a question on an arbitrary topic unrelated to their expertise to be able to create an account.  (I said may)  This is especially true if this technique were extended to the Forums.

If you refresh the page you will get another question, e.g. about md5sum, which you should understand and be able to answer.

Offline

#22 2010-09-16 19:19:39

Pierre
Developer
From: Bonn
Registered: 2004-07-05
Posts: 1,950
Website

Re: Fighting spammers

Looks like someone still came through: https://bbs.archlinux.org/viewtopic.php?id=105039

So, let's be more creative here. How can we make it even harder for non-Arch users? I am just thinking about packaging an app that outputs a key you have to enter into the registration form. We could assume a wiki author has a working Arch system and is able to install a package.

Offline

#23 2010-09-16 19:20:53

Inxsible
Forum Fellow
From: Chicago
Registered: 2008-06-09
Posts: 9,071

Re: Fighting spammers

I guess that would be reasonable. The articles are readable anyway, so its not like a user needs to create an account before installing Arch


Forum Rules

There's no such thing as a stupid question, but there sure are a lot of inquisitive idiots !

Offline

#24 2010-09-16 19:33:16

codycarey
Member
Registered: 2009-08-21
Posts: 154

Re: Fighting spammers

Pierre wrote:

Looks like someone still came through: https://bbs.archlinux.org/viewtopic.php?id=105039

So, let's be more creative here. How can we make it even harder for non-Arch users? I am just thinking about packaging an app that outputs a key you have to enter into the registration form. We could assume a wiki author has a working Arch system and is able to install a package.

Not necessarily, I sometimes edit other wiki's (gentoo for instance) if I see errors, misinformation, or areas that need improvement. Not all information provided on the wikis is distribution-dependent.

Out of curiosity I would take a look at the logs for the IP of that user to see where they went, what they did, and how much time passed between their actions.

Last edited by codycarey (2010-09-16 19:36:50)

Offline

#25 2010-09-16 23:21:28

pyther
Member
Registered: 2008-01-21
Posts: 1,395
Website

Re: Fighting spammers

Do the wiki and forums require email activation?


Website - Blog - arch-home
Arch User since March 2005

Offline

Board footer

Powered by FluxBB