Supriyo Posted October 15, 2017 Share Posted October 15, 2017 I want to warn the moderators that the level of spam is alarmingly on the rise. Two days back, I saw two spam threads opened in the 'Business of Photography' forum. Today, there are 11. Its getting flooded. Why are these fake users allowed to post in forums without verifying their accounts? I am worried, these people (or bots) may be testing the water, and we may have a bigger attack soon that can take the site down. Can we make sure new account creation is made more secure by using advanced CAPTCHA and image based tests, plus limits are placed on how many threads one person can open in a particular forum at the same time? Also, some forum sites place additional safeguards on new members. For example, threads posted by new members have to be approved by a moderator before being displayed in the public forum. This can be done for a limited period for each new member before that person is trusted to post stuff without vetting. 5 Link to comment Share on other sites More sharing options...
Tony Parsons Posted October 15, 2017 Share Posted October 15, 2017 This can be done for a limited period for each new member before that person is trusted to post stuff without vetting. The kind of 'vetting' I would like to see applied is that used by veterinary surgeons on Tom Cats ! 3 Link to comment Share on other sites More sharing options...
Norma Desmond Posted October 16, 2017 Share Posted October 16, 2017 Supriyo, I'm sitting here on Sunday night watching spam roll into PN once again. I wasn't going to say anything, but I will now. I've asked Glenn at least three times in the last couple of weeks about using CAPTCHA for new accounts. I asked in threads he was currently active in, and I have no idea why he hasn't responded. Maybe he will respond to you. There may be a very good reason why CAPTCHA won't work but it's hard to imagine that a web site can't do better than this and come up with a solution or at least communicate to the users why a solution is elusive or impossible. This, as the error messages when posting a photo continue to be a problem for so many of us, now 10 months into the launch of PN2.0. 2 We didn't need dialogue. We had faces! Link to comment Share on other sites More sharing options...
sandra_mccabe Posted October 16, 2017 Share Posted October 16, 2017 Just looking at the site now, I wouldn't say it's on the rise any more .... I think it's grown a life of its own. Link to comment Share on other sites More sharing options...
Tony Parsons Posted October 16, 2017 Share Posted October 16, 2017 I think it's grown a life of its own. It's life, Jim, but not as we know it. Link to comment Share on other sites More sharing options...
Sandy Vongries Posted October 16, 2017 Share Posted October 16, 2017 "It's frankenSTEIN!" Link to comment Share on other sites More sharing options...
Tony Parsons Posted October 16, 2017 Share Posted October 16, 2017 I'll drink to that. Link to comment Share on other sites More sharing options...
Supriyo Posted October 16, 2017 Author Share Posted October 16, 2017 Supriyo, I'm sitting here on Sunday night watching spam roll into PN once again. I wasn't going to say anything, but I will now. I've asked Glenn at least three times in the last couple of weeks about using CAPTCHA for new accounts. I asked in threads he was currently active in, and I have no idea why he hasn't responded. Maybe he will respond to you. There may be a very good reason why CAPTCHA won't work but it's hard to imagine that a web site can't do better than this and come up with a solution or at least communicate to the users why a solution is elusive or impossible. This, as the error messages when posting a photo continue to be a problem for so many of us, now 10 months into the launch of PN2.0. Fred, I agree. I don't think its ever possible to make a site completely hack-proof, but using CAPTCHA and other measures can at least close the most vulnerable loopholes for hackers/spammers to target. It's likely that these people (spammers) look for weak points on the net to exploit, and PN just provides them with one. Now that the site has become more functional than before, security should be a priority for the admin, thats my opinion. From the time when I posted the OP until now, spam threads have grown even more in number. You said that you raised this issue several times in the past and no none responded. That makes it even more alarming, suggesting that the admin may not have a concrete action plan to protect our contents and postings. 1 Link to comment Share on other sites More sharing options...
Supriyo Posted October 16, 2017 Author Share Posted October 16, 2017 If Glenn or other admin personnel are reading this thread, I would suggest the following to reduce the chance of spam flooding: 1. Prevent automated creation of accounts by using CAPTCHA and other image based tests, plus email verification. 2. Prevent new accounts from posting in forums unless a moderator reads and approves the posts (this is standard practice in many other forum websites). The restrictions can be placed for the first 10 posts or so. 3. Place restrictions on creating multiple threads (e.g. limit to three at a time) in the same forum by any member at a given time. You have a fairly state of the art forum software, so these safeguards should not be difficult to implement. If anyone has any other suggestions, feel free to pitch in. 1 Link to comment Share on other sites More sharing options...
G-P Posted October 16, 2017 Share Posted October 16, 2017 the spam we're seeing get through are Korean and Chinese characters - we have just added additional filters using Korean and Chinese characters and we expect this will help address the issue. Link to comment Share on other sites More sharing options...
Supriyo Posted October 16, 2017 Author Share Posted October 16, 2017 This is just a slap in the face. Hello Photo.net :) We are being targeted by a ring of hackers, who are challenging the security of this site. Link to comment Share on other sites More sharing options...
Norman 202 Posted October 17, 2017 Share Posted October 17, 2017 the spam we're seeing get through are Korean and Chinese characters - we have just added additional filters using Korean and Chinese characters and we expect this will help address the issue. until they start spamming in english O_o 2 Link to comment Share on other sites More sharing options...
Supriyo Posted October 17, 2017 Author Share Posted October 17, 2017 until they start spamming in english o_O Or in hexadecimal. Link to comment Share on other sites More sharing options...
G-P Posted October 17, 2017 Share Posted October 17, 2017 i believe we're solid against bots we have a number of ways to catch those - so this most recent string of attacks are from humanoids logging in and doing their thing - we're limiting new users ability to post until we see they are here for the right reasons. there is no 100% solution to this when we're a CGC (consumer generated content) site however excellent moderation (which we have) and numerous filters to limit them is the best you can do. As you can imagine - I've done a fair amount of research on this subject and that is my conclusion so far but open to suggestions from those that have been there and done that. Link to comment Share on other sites More sharing options...
G-P Posted October 17, 2017 Share Posted October 17, 2017 until they start spamming in english o_O haha, that was me testing Link to comment Share on other sites More sharing options...
Norma Desmond Posted October 18, 2017 Share Posted October 18, 2017 Here's some new spam in the ABSTRACT forum. It's in the B&W thread. Not a new thread, but posts within a thread this time. And, weirdly, only these spam posts have a SPAM link next to the REPORT link at the bottom of the post. The legitimate posts don't have the SPAM link under them. I didn't want to click on the SPAM link for fear of not knowing what might happen. We didn't need dialogue. We had faces! Link to comment Share on other sites More sharing options...
Tony Parsons Posted October 18, 2017 Share Posted October 18, 2017 And, weirdly, only these spam posts have a SPAM link next to the REPORT link at the bottom of the post. This does occur, infrequently, on other posts, although I have not yet detected any discernible pattern. Are they possibly there for when a new member has fewer than a certain number of posts, to assist the Moderators in detecting Spam more readily ? Link to comment Share on other sites More sharing options...
G-P Posted October 18, 2017 Share Posted October 18, 2017 Spam is a lot like Porn - you know it when you see it. Fear not - click spam on posts like that :) Link to comment Share on other sites More sharing options...
G-P Posted October 18, 2017 Share Posted October 18, 2017 I want to warn the moderators that the level of spam is alarmingly on the rise. Two days back, I saw two spam threads opened in the 'Business of Photography' forum. Today, there are 11. Its getting flooded. Why are these fake users allowed to post in forums without verifying their accounts? I am worried, these people (or bots) may be testing the water, and we may have a bigger attack soon that can take the site down. Can we make sure new account creation is made more secure by using advanced CAPTCHA and image based tests, plus limits are placed on how many threads one person can open in a particular forum at the same time? Also, some forum sites place additional safeguards on new members. For example, threads posted by new members have to be approved by a moderator before being displayed in the public forum. This can be done for a limited period for each new member before that person is trusted to post stuff without vetting. Captchas are meant to catch bot spammers - and we feel we're OK there. We're dealing with a few humans that are getting a kick out of posting and there is never an absolute 100% solution to that regardless of what you might read or hear. We are limiting posts by new users until we can see they are here for the right reasons, we have filters set up to catch most common spam not only posted here but as well as on other sites (xenforo add ons built for this) so for now - we're better than we were this week and much better than we were two weeks ago - next week we'll probably be better than this week - so we believe the spam trend is heading in the right direction - now will we be 100% spam free - no...but we'll be getting better every day. Link to comment Share on other sites More sharing options...
Supriyo Posted October 18, 2017 Author Share Posted October 18, 2017 Great! Thanks. I hope the new measures play out well in reducing the spam volume. As PN becomes more visible to the online world, it will draw the attention of more rogue elements I think. So the security measures have to be continuously adapted as well. Link to comment Share on other sites More sharing options...
G-P Posted October 18, 2017 Share Posted October 18, 2017 Here's some new spam in the ABSTRACT forum. It's in the B&W thread. Not a new thread, but posts within a thread this time. And, weirdly, only these spam posts have a SPAM link next to the REPORT link at the bottom of the post. The legitimate posts don't have the SPAM link under them. I didn't want to click on the SPAM link for fear of not knowing what might happen. [ATTACH=full]1214856[/ATTACH] this was likely the human spammers testing our filters - there is a special place in hell for these people, I'm sure of it. 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now