Recent spam attacks on main page articles
-
Is anyone monitoring main page comments? Is there any plan to put any spam protection in? The older ones are rapidly being inundated under waves of spam. Everything from the last week has at least a half-dozen spam comments at the end: http://thedailywtf.com/articles/comments/do-while-false/2, http://thedailywtf.com/articles/comments/robotic-implementation, etc, and I'm sure it goes back way farther.
-
@foxyshadis said in Recent spam attacks on main page articles:
Is anyone monitoring main page comments?
we still have a main page?
we still have comments on the main page?!
I thought they removed that shite when the deleted the comments category of the forums.......
-
in the "do-while-false" article's comments, one spam link looks as
<p><a href="http://example.com/">tempat sampah besar lion star</a></p>
I know at some time adding rel="nofollow" to comment links was in vogue at WordPress blogs, supposedly to lower the SEO value so the spammers don't bother.
Is that totally ineffective?
(I admit to know nothing web, )
-
@cabrito said in Recent spam attacks on main page articles:
in the "do-while-false" article's comments, one spam link looks as
<p><a href="http://example.com/">tempat sampah besar lion star</a></p>
I know at some time adding rel="nofollow" to comment links was in vogue at WordPress blogs, supposedly to lower the SEO value so the spammers don't bother.
Is that totally ineffective?
(I admit to know nothing web, )
I didn't change anything. It was always like that.
runs away
-
@cabrito Spammers are too indiscriminate to care, whether they're going for SEO or clicks. Search engines mostly ignore them already.
-
Hmm, maybe I need to add a moderation queue for comments with links in them or something.
-
@ben_lubar that queue will grow fast, but you could detect duplicated links and comments
Nofollow also may not stop the generic bots, but it can stop people from customizing one to spam tdwtf.
-
@ben_lubar How about a captcha with 4 potential answers, all of which will end up saved in autocomplete?
-
@ben_lubar said in Recent spam attacks on main page articles:
Hmm, maybe I need to add a moderation queue for comments with links in them or something.
Or just stick this in
-
@RaceProUK not WTF enough
-
@RaceProUK said in Recent spam attacks on main page articles:
@ben_lubar said in Recent spam attacks on main page articles:
Hmm, maybe I need to add a moderation queue for comments with links in them or something.
Or just stick this in
not-logged-in users already have reCaptcha v2.
-
Show 10 images from our uploads folder and ask: does it contains PII? The images should be balanced, so for half of them the answer would be yes. Show 5 that we know the answer and 5 that we don't. This way you filter bots and find out if people are mistakenly uploading PII at the same time.
-
Well, yesterday's comments got two whole pages of spam. C'mon, at least try to put in some filtering?
-
@foxyshadis I agree, something does need to be done: it's clear the reCAPTCHA isn't doing its job
-
@RaceProUK reCAPTCHA v2 was long since broken. The new checkbox one is much more effective. (For now)
-
@Arantor said in Recent spam attacks on main page articles:
The new checkbox one is much more effective
Isn't that what the front page uses? I'm sure I've had the whole "click all pictures of velociraptors riding unicycles" thing when commenting on the front page without logging in
-
@Jaloopa I don't do the front page thing, but I took Ben at his word when he said v2 as "noCaptcha" is technically v3...
-
@Jaloopa I tend to get road signs, shop fronts, and petrol stations when I have to do a reCAPTCHA.
Does it know something about me?
-
Looks like the spam is Google accounts. Are captchas disabled for logged in users?
-
@Jaloopa said in Recent spam attacks on main page articles:
Looks like the spam is Google accounts. Are captchas disabled for logged in users?
Correct
-
-
-
@RaceProUK those two keys have always been too clise together
-
So much for reCAPTCHA...
-
From what I heard from the grapevine, there are some bots that circumvent the checkbox thing by feeding the images into Google's reverse image search and looking for target phrases in the results.
Which I, although I'm not happy with it, find hilarious.
-
@Onyx we should make our own TDFWTF-based captcha with images:
Question: which of these images mean the poster is trolling?
:
Question: Which of these images mean the poster is angry?
-
@wharrgarbl Question: Which one of these users is notorious for deleting posts and necroing topics:
-
@NedFodder You forgot misbehaving alts.
-
@wharrgarbl said in Recent spam attacks on main page articles:
@Onyx we should make our own TDFWTF-based captcha with images:
Question: which of these images mean the poster is trolling?
Potentially all of the above.
Question: Which of these images mean the poster is angry?
Potentially all of the above.
-
@Arantor That's why we also should put in the βobviousβ ones. Nobody who fits in here would pick them.
-
@Onyx said in Recent spam attacks on main page articles:
From what I heard from the grapevine, there are some bots that circumvent the checkbox thing by feeding the images into Google's reverse image search and looking for target phrases in the results.
Which I, although I'm not happy with it, find hilarious.
Given the evidence that some of the spam on here was copy-pasted from Excel, I'd say that the spam is probably done by minimum-wage humans, not robots.
-
@ben_lubar said in Recent spam attacks on main page articles:
I'd say that the spam is probably done by minimum-wage humans, not robots.
These people aren't making anything near American minimal wage.
-
No, no one monitors. I've been manually bumking spam comments from my article.
Here's a thought-- how about a non-logged in user can't post links. And a logged in user can't post links for the first 30 days.
If they do, put up a warning "If you post links again I will ban you".
Then when they do again, they get IP banned.
There's a 0.001% chance you'll ban a real user, who will then tweet @TheDailyWTF asking to be unblocked.
-
@Lorne-Kates said in Recent spam attacks on main page articles:
Here's a thought-- how about a non-logged in user can't post links. And a logged in user can't post links for the first 30 days.
I'm not familiar with the average spammer's behaviour, but I guess that you could put the limit at 1 day (or even maybe 1 hour) and that would work? I guess that spammers are just mass-creating accounts and using them immediately, so even a small block will be enough. And it's much less of an annoyance for a real user to have to wait 1 day than 1 month.
Apart from that, that does seem fairly simple and probably effective? This will not avoid text addresses (e.g. "go to www.example.com") but I'm guessing these ones 1) are not so frequent and 2) are not so effective for spammers (which would be the reason for number 1).
-
@Lorne-Kates said in Recent spam attacks on main page articles:
Then when they do again, they get IP banned.
Dynamic IPs are dynamic. But the rest of that is a good idea. Users gaining trust only after a while. Maybe we could have different trust levels for a user that get increased as they use the forum.
-
@wharrgarbl maybe once they've been around a bit, say the third trust level, we'll let them move and rename topics to keep the forum clean and tidy.