dvgrn wrote:Yikes, this is a relatively scary one. At least one of those posts was on-target enough that it didn't immediately make me suspicious (though it was also vague enough that I wasn't tempted to try to answer it).
All cleaned up for now. Here's hoping whoever-it-is gives up and goes elsewhere -- that bot managed almost a dozen posts in a few minutes, and that kind of thing from too many different sources could start to challenge our collective cleanup capacity.
Thanks for mopping up after that one. (And I'm glad to hear I wasn't the only one who was tempted to reply --- when I read the post in the CACoin thread, I thought, hey, Calcyman's already answered that; it was only when I went back that I saw the new post was literally a repost of part of what'd been said earlier.)
Majestas32 wrote:Limiting the number of posts by new users (like only 1 post in the first day) is good
This would hurt genuine users while not keeping spambots out; spammers would likely just have the bots create more accounts and make posts with those instead. If anything it would create more work, as there'd be more spam users to ban.
On other phpBB forums that have had spam problems, I've seen the following attempted solutions that could also be useful here:
- Force new users to wait a certain time period before they're allowed to post
- Moderate all new users' posts; new users will require a certain number of positively moderated posts before they're allowed to post unmoderatedly
- Limit the number of posts by new users, or disallow them from creating new threads
- Automatically block posts that contain certain terms (i.e. those commonly used by spammers)
The former three are better solutions, I feel; for Wikipedia, semi-protection and autoconfirmation (basically, "is the account older than 4 (or whatever the exact number is these days) days?") has worked well. We should still take care to not throw out the baby with the bathwater, of course, and not scare new potential good contributors away. (And moderating all posts by new users might ultimately create more work for the admins than cleaning up after spammers does.)
Automatically holding posts containing certain keywords likely won't work. Forum spam isn't typically used to get people to click on the links it contains, it's used to try and fool search engines into thinking a site is genuine, by virtue of having other genuine sites link to it. In fact, spambots are actively trying to camoflage (as in the case of the aforementioned user), so as to blend in on the site and perhaps escape notice for that little bit longer. So -- long story short -- content blocking won't work, as spambots intentionally try to avoid using terms not already commonly found on the forum/site in question.
TL;DR --- as usual, it's probably best to leave decisions about policy (how should
we fight spam?) and the most effective approaches (how can
we fight spam?) to the admins. Doubly so if we don't have any spam problem to speak of at the moment.