Forum ADMIN experience and Advice

[gohighvoltage]

If you run and admin a forum, do you allow instant access after email verification, or do you moderate each new member before making them active?

do you moderate all posts, or just allow people to post, and remove spam if it happens?

[Bell thorpe]

If you run and admin a forum, do you allow instant access after email verification, or do you moderate each new member before making them active?

Yes, no.

do you moderate all posts, or just allow people to post, and remove spam if it happens?

The former would require three shifts, each with two or three moderators full time.

Our anti-spam tools aren't bad. And a couple of times a day I have a scan at all pending registrations. A great number of valid registrations are easy to spot, from the email addresses and IPs. Some scammers are obvious, and are flagged as such. Some are doubtful, and are just put on moderation status until after they've posted a couple of times.

Those that get through are invariably reported by members within members, and one of the moderators will delete and flag them. So overall, it's not a major problem for us.

[gohighvoltage]

That is great Bell Thorpe, thank you. Right now, I moderate everything, but eventually I will have to just let it be automated, once I get many more members.

One thing I did to eliminate 95% of the spammer registrations was ask two questions with the use of expressions.

Like, What is the capital of the United states, or What year did columbus come to america.

None of the automatic spammers can get by it. Works pretty good cause it only accepts the exact answers.

I know I won't be able to moderate everything forever once it becomes a burden though.

[Bell thorpe]

It's a pity I can't edit my posts, to fix the missing /quote tag, and fix "reported by members within members" which should read "reported by members within minutes".

We also have a variety of sign-up questions. Some require a numerical entry; some a text entry; and one is a randomly rotating question from a pool not unlike the one you've mentioned. You might go through our registration phase without making it final if you want to see what we're doing. Yes, to a large extent the automatic bots have been eliminated. Spammers that do get through now seem to be real people. Often the spammer registration IP is not from the same country as a subsequent spam post, so my guess is that the spammers are paying low wage people to do forum registrations. Often the answers to the questions, for example 'Location' = 37 will give the game away.

Another neat feature of IP.Board is that if we flag someone as a spammer, it bans them, deletes their posts, and reports them to a central database, thus flagging them at any other IP.Board forum. Each week we get an two or three alerts to spammers who have tried to register and been denied by the system. I've seen just one such in error, and that's because the registrant sent an email saying "hey, I've registered but can't post". Spammers don't do that. In any case I over-rode the automatic ban and he proved to be a bona fide member.

CoolRunning Forums

[gohighvoltage]

It's a pity I can't edit my posts, to fix the missing /quote tag, and fix "reported by members within members" which should read "reported by members within minutes".

I Fixed your quote error above.

We also have a variety of sign-up questions. Some require a numerical entry; some a text entry; and one is a randomly rotating question from a pool not unlike the one you've mentioned. You might go through our registration phase without making it final if you want to see what we're doing. Yes, to a large extent the automatic bots have been eliminated. Spammers that do get through now seem to be real people. Often the spammer registration IP is not from the same country as a subsequent spam post, so my guess is that the spammers are paying low wage people to do forum registrations. Often the answers to the questions, for example 'Location' = 37 will give the game away.

I agree, it seems that I get more and more attempts from real people nowadays. It is really crazy. You are probably right, they are paying people really low wages to sit there and fill the registrations out, so then the auto bots can log in and start posting.

Another neat feature of IP.Board is that if we flag someone as a spammer, it bans them, deletes their posts, and reports them to a central database, thus flagging them at any other IP.Board forum. Each week we get an two or three alerts to spammers who have tried to register and been denied by the system. I've seen just one such in error, and that's because the registrant sent an email saying "hey, I've registered but can't post". Spammers don't do that. In any case I over-rode the automatic ban and he proved to be a bona fide member.

CoolRunning Forums

This is a great feature!!! I wish Vbulletin did this as well. It would be great if all the forum programs could communicate like that, or have all use Honeypot, stopspammer, etc. Automatically. It is tough keeping up with the spammers!!!

[thecoalman]

If you run and admin a forum, do you allow instant access after email verification, or do you moderate each new member before making them active?

do you moderate all posts, or just allow people to post, and remove spam if it happens?

I have active behind the scenes methods but I'm not going to do anything that will interfere with the users experience. If you going to require admin activation or moderate new posts most of you new members are most likely going to go bye-bye as they sit and wait for activation or moderation.

As far as preventing spammers in the first place you need multi-layered approach. You can filter out a lot of them by catching patterns. For example on a phpBB forum the user is presented with the default forum time preselected when they register. They can change this to whatever they want. A lot of bots select the first option in the drop down list which is UTC-12, this time zone is conveniently is uninhabitable. Those regitrants appear to go through with confirmation but the script just exits. I'll note this is modification.

The next step to stop the smarter and more aggressive bots is uniqueness, this is one thing phpBB is good for because you can choose from a variety of captcha plugins or even create your own.

[thecoalman]

The former would require three shifts, each with two or three moderators full time.
.

Guess it would depend on how many new registrants you have, I don't use this feature and probably never will but on phpBB you can send new members post to a moderation queue which has to be approved by a moderator. The maount of posts required before moderation is not required is set in the ACP.

I was member of the phpBB moderation team but recently left because I don't have the time. I'm not at liberty to go into specifics but there's a lot of great new features coming in new releases that address he spammer issues.

[thecoalman]

so my guess is that the spammers are paying low wage people to do forum registrations.

This is big business in India and other Asian countries.

Inside India's CAPTCHA solving economy | ZDNet

How serious is the CAPTCHA solving business in India? The following Indian advertisements of their CAPTCHA services clearly speak for themselves - business is good and they are in fact competing for projects :

* 24/7 support still like. We have 30 pc 90 worker & we have 300 captcha team. Your any captcha project we done quickly. We have high experience captcha worker
* Sir, We have 10 systems with good typing skill workers. We can easily do 25k per day
* I have 40 PCs and 55 Persons working in my office for data entry work. As 1 person can do 800 captcha entry per hour. We can deliver you good quantity with quality
* Hello Sir, I will kindly introduce myself.. This is shivakumar.. we have a team to type capcthas 24/7 and we can type more than 200k captchas per day

[gohighvoltage]

This is big business in India and other Asian countries.

Inside India's CAPTCHA solving economy | ZDNet

That is insane!!!

[Bell thorpe]

Here's an interesting sign-up obfuscation, on a mailing list to which I just subscribed.

[Ron]

Here's an interesting sign-up obfuscation, on a mailing list to which I just subscribed.

That's a tough one! I have a very simple one. Now granted my forum doesn't attract the kind of volume that Japaninc probably draws, but here's the concept of what mine says:

What is the middle word in "go high voltage"?

Seems to work. I have other spam defenses in place from the very simple to the very complex. The very simplest one prevents spam posts under certain circumstances, and simply asks the poster to check a particular box which is made to stand out quite obviously. The human spammers I'm stopping don't seem to understand English, so I'm lucky. The complex ones stop somewhere around 99.9% of all spam registration attempts. 321,000 attempts so far, 2 false positives of which I'm aware and perhaps 1 or 2 gets in per week, except occasionally when a new approach is discovered and I have to add a new "business case" to the rules engine.

Too bad the phpBB challenge middle word thingy is sooo simple and sooo darn effective! My rules based anti spam registration system coulda been da bees knees!

[gohighvoltage]

Right now I have two questions:


The Liberty Bell is located in what city (no abbreviations)

What year was the Declaration of Independence signed?




Those two questions took my 100+ spam new user accounts a day, down to 1-2 every month or so.

[the_ancient]

Right now I have two questions:


The Liberty Bell is located in what city (no abbreviations)

What year was the Declaration of Independence signed?




Those two questions took my 100+ spam new user accounts a day, down to 1-2 every month or so.

Indianapolis and 1920 right?

[Ron]

You make people spell Philadelphia...
...and you do realize that the Declaration of Independence is a US thing, and it was signed over the course of about five years, right?

You have some seriously tough questions.

[gohighvoltage]

True, but the main thing is, the stuff is easily looked up online, too much hassle for someone getting paid for doing captcha's.