John_Betong - 08 May 2009 07:53 PM

 
How about having to wait a specified period, maybe 24 hours before a new member can post?
 
Also for the first three posts having to re-apply for a new password.
 

These and similar mechanisms discourage people from contributing.  Think of the user who downloads CI, discovers a bug, Tweets about it, and is pointed to the bug forum by a few people in Twitter.  He/she comes here, registers, and then sees that they aren’t trusted with the ability to post.  Think they’ll be back to post their bug report?

@Derek, 8 of the 10 most recent signups are spammers.

The point of this thread is to offer you some ideas so you might put something in place.

So don’t be jealous Derek just DO something about it, Please.

wiredesignz - 09 May 2009 12:09 AM

@Derek, 8 of the 10 most recent signups are spammers.

The point of this thread is to offer you some ideas so you might put something in place.

And that’s why I’m subscribed, listening, and taking the time to reply.

So don’t be jealous Derek just DO something about it, Please.

As Michael shared, we’re already doing quite a bit, which is why the forums are so clean of spam.  I’m merely offering a small reality check.  If you’re only encountering these spammers because you’re going through the member list looking for them - stop going through the member list looking for them…

Derek, It’s pretty foolish to say the problem will go away if we don’t look at it. Nice reality check.

Perhaps you or your team should not ask for ideas from the membership if you really don’t want us to tell you what we think.

If you can’t or won’t fix the profile spam issue just say so and that will be the end of it.

Chill out, I’m talking about the scope of the problem. If you are only encountering spam because you’re going and looking through the memberlist, then you are creating the impact for yourself.  Their existence is not harming anyones ability to use and benefit from the forums and wiki, so while I agree that it should be augmented, it’s not worthy of drama and panic, nor does my indicating why certain specific methods will not be implemented mean that we aren’t interested in other ideas.

The only real concern of spammers remaining members in the member list should be that most spammers will register so that they get the ability to peruse the membership listing, thereby being able to capture email addresses for use in spamming.

Since this forum does not give out email addresses directly, but instead forces users to use an email form to send out an email, this defeats the spammer on that count.

The other thing spammers use, is like wiredesignz said, they put links in their profile to the sites they want people to visit.  This does not directly effect the membership of the forum, but rather helps the spammers to increase their page rank by having more “links” to their site scattered throughout the web.  This, in effect, aids the spammers gain search engine ranking. 

I wouldn’t be worried about our membership getting zapped by visiting one of those sites.  I would hope our membership is of a more computer savvy variety and would not fall prey to such silliness.  My only concern is that this seems to be an aid for the spammer that helps make them successful.  I hate spammers. 

However, as an administrator of 3 forums and 2 blogs, I know that going after these types of spammers cost more manpower than it is worth when you weigh the cost/benefit factors.  The cost, of course, is primarily an administrators time.  Some of these are tricky, and will wait several weeks and sometimes over a month before they return to add the “advertisements” to their profile.  I’ve had that happen.  It makes it very difficult to track.

wow some people on here are getting ridiculous. chill out. they asked for any constructive ideas that the web professionals on here might have to combat spammers.

i think the askimet service is perfect both for the profiles and posts. you submit the data to askimet which has a db of millions of spam urls and spammer emails and if it returns positive then its flagged for review. shooting an email to the admins. from there they can ban the user or mark it as “Ham” for a false positive. this would work for the emails that users use to sign up also. the whole process would be transparent to the end user and would happen in the background. so no captchas that are annoying to the legit users. and no trial periods which deter users from contributing or getting much needed help

a report link for a user / profile would be useful too.

Are a lot of these issues coming from bots, or people physically registering? I also give a +500000 to the askimet service. I liked trs’s idea of only checking the intial x posts against the service. That way you don’t manage to get yourself classified as high traffic with them against users who are legit.

Also, I can’t remember, and I am not sure how exactly spammers go about managing this, but do you have to have your email address confirmed before allowing to post / update profile on this site? I assume this site is built with some type of permissions system and that until the email address is verified the user cannot post / update profile. Or have spammers already managed to completely tackle this feat as well?

Bleh… As for less spam in the mail box, no go for me. I am still receiving an average of 1 spam every 5 minutes :( Luckily, Gmail is the god of anti-spam.

drewbee - 09 May 2009 07:37 PM

Are a lot of these issues coming from bots, or people physically registering?

Also, I can’t remember, and I am not sure how exactly spammers go about managing this, but do you have to have your email address confirmed before allowing to post / update profile on this site? I assume this site is built with some type of permissions system and that until the email address is verified the user cannot post / update profile. Or have spammers already managed to completely tackle this feat as well?

Yes, you do have to self-confirm from a valid email address before your account is activated, which enables your profile and allows you to post.  Easily hundreds per week aren’t making it past this threshold, and remain in the “Pending” member group until they are pruned at a convenient time.  That’s most likely the bulk of the bots.  The vast majority of the ones that actually make it into the member list are humans.

Yes, you do have to self-confirm from a valid email address before your account is activated, which enables your profile and allows you to post.  Easily hundreds per week aren’t making it past this threshold, and remain in the “Pending” member group until they are pruned at a convenient time.  That’s most likely the bulk of the bots.  The vast majority of the ones that actually make it into the member list are humans.

Plus, it’s not very hard at all to write another script that checks an inbox and activates your bots.

drewbee - 09 May 2009 07:37 PM

Bleh… As for less spam in the mail box, no go for me. I am still receiving an average of 1 spam every 5 minutes :( Luckily, Gmail is the god of anti-spam.

yes it is! if only they would release the smtp support for addon accounts so my emails lose the “on behalf of” text. they did say they are working on it though so thats good news

The forum profiles have a cockroach infestation.

7 of the 10 most recent signup’s contain external links some of which are somewhat offensive in nature that the admin might like to review.

Actually the profiles are more interesting to read than the forums at present.

There is one step that you may not realize which would greatly reduce your spam.  If your forum php code generated links that are rel=“nofollow”, then your spam traffic would drop off.  What is happening is that people are trying to improve their website’s position in the search engine results by having lots of links to their website.  But if those links are rel=“nofollow” then they don’t count with the great Google god.

That being said, if you could keep MY profile links as rel=“follow”... I’d really appreciate it (couldn’t resist). 

I thought I would clue you in, because I once ran a forum that I had to stop because of the really disgusting SPAM many were placing on the site.  While I am guilty only of occasional, family-hour SPAM, still I am sympathetic to any who are trying to maintain a healthy community.

I also believe in making people type what they see on the screen, it will keep some automated systems away.

Good luck.

http://codeigniter.com/forums/member/93351/ <—this guy is “probably” one of ‘em. This didn’t actually post but rather just became a member.

Maybe some sort of captcha in the registration form would be fine?

bargainph - 11 May 2009 02:08 AM

http://codeigniter.com/forums/member/93351/ <—this guy is “probably” one of ‘em. This didn’t actually post but rather just became a member.

Maybe some sort of captcha in the registration form would be fine?

i have a feeling that a certain web developer just left them a very “nice”?? contact form submission. i dont know how i know this…..