Nasty case of spam you've got there...

No_Ta_Doctor
No_Ta_Doctor Posts: 14,692
Is there a doctor in the house?
Warning No formatter is installed for the format
«1

Comments

  • marcusjb
    marcusjb Posts: 2,412
    Whatever they have done with the forum update does appear to not work with stopping them, we've had the dodgy passports ones growing over the past few weeks and now this!

    Looks like a busy weekend for someone because the forum is unusable like this.
  • Thought it was just me for a while. Looks like database has been subjected to sql injection attack. Why not restoring from back up though?
  • Jeff Jones
    Jeff Jones Posts: 1,865
    It's being addressed. The spam protection wasn't up to date after we moved the forum.
    Jeff Jones

    Product manager, Sports
  • bobmcstuff
    bobmcstuff Posts: 11,444
    I assume this covers all the junk that's just turned up in Pro Race (on top of the usual junk from the regulars ;) )
  • Dorset_Boy
    Dorset_Boy Posts: 7,610
    Jeff Jones wrote:
    It's being addressed. The spam protection wasn't up to date after we moved the forum.

    Some someone screwed up then!

    Any idea when we might get the forums back?
  • TheBigBean
    TheBigBean Posts: 22,025
    They're back! Can't you empower one of the regular mods to thread delete and ban?
  • No_Ta_Doctor
    No_Ta_Doctor Posts: 14,692
    Jeff Jones wrote:
    It's being addressed. The spam protection wasn't up to date after we moved the forum.

    Thanks, thought I might have to get an actual life there for a moment ;-)
    Warning No formatter is installed for the format
  • itboffin
    itboffin Posts: 20,072
    Back again and really bad this time
    Rule #5 // Harden The Feck Up.
    Rule #9 // If you are out riding in bad weather, it means you are a badass. Period.
    Rule #12 // The correct number of bikes to own is n+1.
    Rule #42 // A bike race shall never be preceded with a swim and/or followed by a run.
  • andy9964
    andy9964 Posts: 930
    At least 11 pages in most Road sections I've looked at.
    One spammer has 771 posts in 4 hours :shock:
  • NeXXus
    NeXXus Posts: 854
    Jeff Jones wrote:
    It's being addressed. The spam protection wasn't up to date after we moved the forum.
    Two weeks? a month? How long shall it be on the "to do" list this time? :(
    And the people bowed and prayed, to the neon god they made.
  • DrLex
    DrLex Posts: 2,142
    20 pages in commuter chat, 40+ in road buying advice. Remove Chinese glyph posting ability?
    Location: ciderspace
  • robbo2011
    robbo2011 Posts: 1,017
    could you as a temporary measure put a time delay of say 5 minutes between postings to slow them down a bit until a proper solution is found?

    I'm sure the members will put up with it for a while.
  • I confess I don't know hot this works, but, put in moderator approved registrations for a bit?
    My blog: http://www.roubaixcycling.cc (kit reviews and other musings)
    https://twitter.com/roubaixcc
    Facebook? No. Just say no.
  • Hi

    we put anti-spam measures in yesterday, before that we got hit hard we had approx 500 new registrations - the spam filters will protect new posts but not any 'existing' registrations, I tried to retrospectivly find spam registrations but ran out of time on Friday.

    The stats on the filter are reporting it caught well over 1000 posts this morning, so I tink the few bits getting through now are just irritating but not a serious issue.

    please report all spam to aid the mods locating it and adding it to our filters.

    thank you for understanding.

    Sam
  • imposter2.0
    imposter2.0 Posts: 12,028
    Put all 'new member' posts under embargo for mod/admin approval. Job done.
  • apreading
    apreading Posts: 4,535
    Andy9964 wrote:
    One spammer has 771 posts in 4 hours :shock:

    Thats less than BenderTheRobot does in 4 hours normally...! :mrgreen:
  • Road Buying Advice is full of spam, and they are still spamming.
    Almost couldn't find my post.
  • Pete
    Pete Posts: 9
    Imposter wrote:
    Put all 'new member' posts under embargo for mod/admin approval. Job done.

    Unfortunately that feature doesn't exist in the forum software (I wish it did!), so to get that "job done" would take some time to implement. Apologies for the onslaught of spam, and we're trying to combat it ad-hoc for the moment.
  • imposter2.0
    imposter2.0 Posts: 12,028
    Take a look at Xenforo...
  • Pete
    Pete Posts: 9
    Migrating the entire forum to a completely new platform would be a pretty drastic "solution", I'm afraid. Months of testing, development and migration, with no guarantee the situation would improve, and asking the forum community to adjust to a totally different user experience.
  • NeXXus
    NeXXus Posts: 854
    Pete wrote:
    Imposter wrote:
    Put all 'new member' posts under embargo for mod/admin approval. Job done.

    Unfortunately that feature doesn't exist in the forum software (I wish it did!), so to get that "job done" would take some time to implement. Apologies for the onslaught of spam, and we're trying to combat it ad-hoc for the moment.
    No?

    azBDNd9.png

    BsTHc5k.png
    And the people bowed and prayed, to the neon god they made.
  • Pete
    Pete Posts: 9
    NeXXus wrote:
    No?
    No. I'd be interested to know which version of phpBB that screenshot is from, because the Misc permissions tab I'm looking at currently does not have the same settings list.
  • NeXXus
    NeXXus Posts: 854
    Pete wrote:
    NeXXus wrote:
    No?
    No. I'd be interested to know which version of phpBB that screenshot is from, because the Misc permissions tab I'm looking at currently does not have the same settings list.
    Honestly don't know, I found it and don't currently have my wee quiet slice of webspace running phpBB. What is the current flood limit set to? Changing it to something realistic like 60 seconds and disallowing the Newly Registered group from ignoring it may be a cheap fix for now.

    Obviously the other user groups (Registered) would be better off allowed to ignore flood limiting

    Enable "By Admin" in User Registration settings/ Account Activation ?


    End of the day no matter what you do. Being Proactive in preventing spam is easier to do than being reactive to spam. Less time consuming to not approve an account registration that is clearly going to spam, than it is to allow it and end up deleting 60 posts.
    And the people bowed and prayed, to the neon god they made.
  • Pete
    Pete Posts: 9
    Jeff's increased the flood limit again today, and Newly Registered Users are already unable to ignore it.

    Ultimately please rest assured that we're being both reactive and proactive - obviously the stuff that's getting through is visible, and frustrating, but there's a lot that's never making it to the forum because of the proactive measures we have in place. Unfortunately we are being hammered quite hard at the moment, and some spam will inevitably slip through.
  • Jeff Jones
    Jeff Jones Posts: 1,865
    NeXXus wrote:
    Pete wrote:
    NeXXus wrote:
    No?
    No. I'd be interested to know which version of phpBB that screenshot is from, because the Misc permissions tab I'm looking at currently does not have the same settings list.
    Honestly don't know, I found it and don't currently have my wee quiet slice of webspace running phpBB. What is the current flood limit set to? Changing it to something realistic like 60 seconds and disallowing the Newly Registered group from ignoring it may be a cheap fix for now.

    Obviously the other user groups (Registered) would be better off allowed to ignore flood limiting

    Enable "By Admin" in User Registration settings/ Account Activation ?


    End of the day no matter what you do. Being Proactive in preventing spam is easier to do than being reactive to spam. Less time consuming to not approve an account registration that is clearly going to spam, than it is to allow it and end up deleting 60 posts.
    I set the flood limit to 2mins - it needs to be for registered users as well in case a spammer gets to that point in future. It would be very bad if they could ignore the flood limit.

    It doesn't help in cleanup though as the bot just moves to a new username (deleting n posts from one user is easy) but it probably helps keep the forum cleaner.

    We're trying to track the source of the registrations in order to block from registering in the first place. It's not that easy as each account posts from a different IP so we have to trace things back to as common a source as we can.
    Jeff Jones

    Product manager, Sports
  • NeXXus
    NeXXus Posts: 854
    Why not also turn on Admin activation of new accounts? Spam accounts are generally easy to spot, delete it before it can complete the process and register to spam / get round flood limits.
    And the people bowed and prayed, to the neon god they made.
  • Jeff Jones
    Jeff Jones Posts: 1,865
    NeXXus wrote:
    Why not also turn on Admin activation of new accounts? Spam accounts are generally easy to spot, delete it before it can complete the process and register to spam / get round flood limits.
    Not all of them are necessarily easy to spot (I nearly deleted a few normal users this morning) unfortunately.

    We've put some more measures in place for both registering and posting. We'll monitor and see if that stops the problem.
    Jeff Jones

    Product manager, Sports
  • NeXXus
    NeXXus Posts: 854
    There's always collateral ;)
    And the people bowed and prayed, to the neon god they made.
  • Pete
    Pete Posts: 9
    A lot of the spam accounts that have been created recently have been using legitimate looking usernames and email addresses (Hotmail, Gmail, etc). Though it's true they can sometimes be easy to spot, the unfortunate truth is that many are passable as genuine, and we'd have to err on the side of caution to avoid deleting accounts of legitimate users. It's a tricky balance to strike, and in my experience you often end up accidentally penalising a few legitimate signups while seemingly innocent spam accounts still make it through.

    The issue is that often the collateral is a high cost for an intangible and unreliable impact on the spam.
  • NeXXus
    NeXXus Posts: 854
    Yes Pete, I've done it a time or two :) Still a new account deleted in error isn't going to have as big an effect on users or the forum as a forum that is barely readable due to spam driving users and thus content + discussion away to a land free of spam.

    Fine balances, but sometimes you have to take one on the chin to preserve what you have.
    And the people bowed and prayed, to the neon god they made.