Welcome to NeoOffice developer notes and announcements
NeoOffice
Developer notes and announcements
 
 

Download or installation problems? Try these steps
Problems after upgrading to NeoOffice 2017? Try these steps


Support
· NeoOffice Support
· NeoWiki


Announcements
· Twitter @NeoOffice


Downloads
· Download NeoOffice


RSS Feeds
· Announcements Only
· All Posts


  
NeoOffice :: View topic - A possible solution to forum spam?
A possible solution to forum spam?
 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    NeoOffice Forum Index -> Server Outages
View previous topic :: View next topic  
Author Message
pluby
The Architect
The Architect


Joined: Jun 16, 2003
Posts: 11883
Location: California, USA

PostPosted: Sat Jun 06, 2009 1:42 pm    Post subject: A possible solution to forum spam? Reply with quote

Since forum spam has been on the increase lately - this time as manually setup accounts with a test post - and deleting the posts and disabling the accounts is becoming a more time consuming task, Ed and I have been trying to think of ways to eliminate this problem without preventing real NeoOffice users from posting.

One idea that we came up with is to disable posting on new accounts for 48 hours but let new accounts that have made a donation post immediately. New accounts with any donations (the amount does not really matter) get to immediately post for one simple reason: our guess is that spammers are not likely to pay a donation even as low as $1 and the spammers are not likely to bother to track that they need to go back and do their test post in 48 hours.

My thinking is that I can put the following on our posts when a user in the 48 hour waiting peiod presses the New Topic or Post Reply buttons:

1. A brief explanation of the 48 hour waiting period, how much time is left to wait, and why we are forced to implement such measures

2. An explanation that donors who donate at least a small amount can post immediately and display the same PayPal e-mail linking form that we display in the user's Profile page so that, if they have already donated or they donate after seeing the message, they know how to link their donations to their Trinity account

Thoughts?

Patrick
Back to top
View user's profile Send private message Visit poster's website
ovvldc
Captain Naiobi


Joined: Sep 13, 2004
Posts: 2352
Location: Zürich, CH

PostPosted: Sat Jun 06, 2009 4:10 pm    Post subject: Reply with quote

On one hand it seems perfectly reasonable. On the other hand, there will be people complaining that they need to pay to get support.

Of course, the latter will not be able to post their grievances until 48 hours later, at which point they no longer matter Wink.

Best wishes,
Oscar

_________________
"What do you think of Western Civilization?"
"I think it would be a good idea!"
- Mohandas Karamchand Gandhi
Back to top
View user's profile Send private message
Samwise
Captain Naiobi


Joined: Apr 25, 2006
Posts: 2315
Location: Montpellier, France

PostPosted: Tue Jun 09, 2009 6:04 pm    Post subject: Reply with quote

Now that the SQL attack is behind us, I'll resume posting this.

I don't like this solution. While it may discourage many spammers, it will also discourage legitimate users with legitimate questions. Support has been one of our main focus areas recently, and while I agree with giving some priority to donors, I think having non-donors have to wait 48 hours to post is giving them a very low priority (which isn't what we want).

As far as I can see, the number of posts from non-donors still outnumbers the number of manual spam posts, and delaying all valid non-donor posts by 48 hours seems too much for the benefit, IMO.

I have two possible alternatives to suggest. I don't know whether they can be easily implemented, and they don't really address the problem in the same way as Patrick's solution, but they might help keep the spam off the forums:

1) Post screening

That is, posts don't appear on the forum right away, they have to be approved by a moderator first. I've seen this on other forums, so hopefully there's something available that can make it work with our forum software. The idea being that donors, and people who reach a given number of posts, can post without requiring a moderator's approval.

That system would ensure that a) all spam posts are seen by moderators first, b) they can therefore be caught more quickly, and c) they never actually appear on the forums. Hopefully, that last bit will discourage some of the spammers that go through the trouble of manually creating an account.

2) Private section

A private subforum, accessible solely to moderators, where spam posts can be discussed, and more importantly, moved to (temporarily). That way, if a moderator finds a spam post (especially if it's difficult to classify as spam), it can be moved there (rather than being deleted right away), and moderators can discuss whether or not to delete it. The advantage being that it can easily be moved back if it turns out to be a valid post, so moderators don't have to worry too much about making a mistake.

Even if these solutions can't be implemented, I'm personally in favor of the status quo, as I think it's better to have our moderators deal with the burden of spamming, rather than imposing heavy restrictions on our users. While it's become more difficult, I don't think it's become unbearable as of yet.
Back to top
View user's profile Send private message
pluby
The Architect
The Architect


Joined: Jun 16, 2003
Posts: 11883
Location: California, USA

PostPosted: Tue Jun 09, 2009 7:12 pm    Post subject: Reply with quote

Samwise wrote:
1) Post screening

That is, posts don't appear on the forum right away, they have to be approved by a moderator first. I've seen this on other forums, so hopefully there's something available that can make it work with our forum software. The idea being that donors, and people who reach a given number of posts, can post without requiring a moderator's approval.

That system would ensure that a) all spam posts are seen by moderators first, b) they can therefore be caught more quickly, and c) they never actually appear on the forums. Hopefully, that last bit will discourage some of the spammers that go through the trouble of manually creating an account.


I like this idea. This not only would keep spammers off of the forums, but since the moderators tend to be answer 95% or more of the support questions, I don't think this will cause any slowdown in how fast support requests from new users get answered.

If nobody has a problem with Samwise's proposeal, when I can get some of my backlog of bug fixing and security work done in the next weeks few weeks, I will take a look see if anyone has writtent a patch to the phpNuke code that we can make use of.

Patrick
Back to top
View user's profile Send private message Visit poster's website
sardisson
Town Crier
Town Crier


Joined: Feb 01, 2004
Posts: 4588

PostPosted: Tue Jun 09, 2009 7:30 pm    Post subject: Reply with quote

I'm more-or-less in agreement in Samwise. I think the current proposed solution will hurt our reputation for support and possibly create an impression of "bait-and-switch" ("Sure, NeoOffice is free, but to get support you have to pay"). (Obviously, a free product with paid support is a legitimate business structure for open source; it's just not the one NeoOffice has heretofore chosen.)

In addition, I worry about us not hearing about crashes and other problems users have (not that we don't get enough crashes for Patrick to fix already, but…) if users feel they have to either pay or wait for support. Users who experience problems will quit using NeoOffice and/or rant on blogs/twitter/etc. about crashes, and until we have clones to monitor all of those channels for us, we get a public opinion hit, and stability of the application suffers for everyone.

The other thing I have to add is that it doesn't seem to me like the "deleting" part of the process is particularly time-consuming; that is, there are a lot of us with power to do this step, and it takes a couple of minutes to get the IP, delete the post, and post in the Spam forum (slightly more if you make a link to the username and to the pre-spammed thread).

The place where I can see that it creates a burden is disabling accounts and banning IP addresses of repeat offenders; I assume this is limited to Patrick, Fran, and Ed. It's been a while since I've had admin rights at a phpBB board, but is there a way that The Council could have access to these tools (or even just disabling the accounts, since so far I don't think we've had a lot of repeat-IP-offenders) to help share that load, while not necessarily exposing the rest of the trinity setup to us? If so, this could be a third alternative (in addition to the two from Samwise).

Smokey

Edit: Patrick's post wasn't up before I started writing mine Wink but that sounds good, too. I assume it's just the first post from account (without a donor address) gets put in a queue; once we've approved a post from that user, their posts are not queued anymore?

_________________
"[...] whether the duck drinks hot chocolate or coffee is irrelevant." -- ovvldc and sardisson in the NeoWiki
Back to top
View user's profile Send private message Visit poster's website
Lorinda
Captain Mifune


Joined: Jun 20, 2006
Posts: 2051
Location: Midwest, USA

PostPosted: Wed Jun 10, 2009 6:32 am    Post subject: Reply with quote

I appreciate Patrick raising the issue and a potential solution, even though I share Samwise and Smokey's discomfort with going that route.

I'm comfortable with either solution Samwise suggests.

The OpenOffice Community Forums use have a Quarantine section along the lines of the 2nd option Samwise's second suggestion. There have been several times lately when I have been uncertain of a post and let it go, on the assumption that someone else will deal with it. If we had a quarantine section, I could easily move the post there.

That said, the first option would seem to be a better one if it can be implemented. If not, the "quarantine" idea could be a fallback position.

Lorinda
Back to top
View user's profile Send private message
Samwise
Captain Naiobi


Joined: Apr 25, 2006
Posts: 2315
Location: Montpellier, France

PostPosted: Wed Jun 10, 2009 7:43 am    Post subject: Reply with quote

We could also combine both options. If a moderator is unsure about a post, he/she could still approve the post but immediately move it to "quarantine" for review…
Back to top
View user's profile Send private message
James3359
The Merovingian


Joined: Jul 05, 2005
Posts: 685
Location: North West England

PostPosted: Wed Jun 10, 2009 8:36 am    Post subject: Reply with quote

As the newest kid on the Council, I'm not sure how much I have to contribute to this discussion. I agree that to many users a 48 hr (or even 24 hr) wait might seem quite a long time - and would be a significant increase in the response time for most users. OTOH it's a pity if Patrick and others are having to waste time on this.

Samwise's post looks like a good way forward to me, and if moderation like that is possible then it can likely be notified to new users who will likely understand the need for it.

Also Smokey's suggestion about extending the power to ban might be a way forward - even if only to a few members of the Council - if banning is a significant issue.
Back to top
View user's profile Send private message
Samwise
Captain Naiobi


Joined: Apr 25, 2006
Posts: 2315
Location: Montpellier, France

PostPosted: Wed Jun 10, 2009 9:13 am    Post subject: Reply with quote

James3359 wrote:
Samwise's post looks like a good way forward to me, and if moderation like that is possible then it can likely be notified to new users who will likely understand the need for it.


Where I've seen this, after a post, you'd see a message like (can't remember exactly, I'm way past the minimum number of posts now):

"Your have posted successfully. Your post is not visible yet, it will have to be approved by a moderator first."

Then you'd just have to wait (no notification). If we're only going to do this for a small number of posts though, maybe an automatic email notification of "your post has been approved and is now visible" could be sent…
Back to top
View user's profile Send private message
pluby
The Architect
The Architect


Joined: Jun 16, 2003
Posts: 11883
Location: California, USA

PostPosted: Wed Jun 10, 2009 9:22 am    Post subject: Reply with quote

Samwise wrote:
Where I've seen this, after a post, you'd see a message like (can't remember exactly, I'm way past the minimum number of posts now):

"Your have posted successfully. Your post is not visible yet, it will have to be approved by a moderator first."

Then you'd just have to wait (no notification). If we're only going to do this for a small number of posts though, maybe an automatic email notification of "your post has been approved and is now visible" could be sent…


Is this on a phpNuke or phpBB forum? I really don't have much spare time so I would like to merge an existing phpNuke or phpBB open source mod like we did to add the attachments feature.

Patrick
Back to top
View user's profile Send private message Visit poster's website
Samwise
Captain Naiobi


Joined: Apr 25, 2006
Posts: 2315
Location: Montpellier, France

PostPosted: Wed Jun 10, 2009 9:38 am    Post subject: Reply with quote

It's phpBB:

http://forum.handbrake.fr/index.php
Back to top
View user's profile Send private message
pluby
The Architect
The Architect


Joined: Jun 16, 2003
Posts: 11883
Location: California, USA

PostPosted: Wed Jun 10, 2009 9:44 am    Post subject: Reply with quote

Samwise wrote:
It's phpBB:

http://forum.handbrake.fr/index.php


Any idea where they got their code from? Or do you think they custom developed it?

Patrick
Back to top
View user's profile Send private message Visit poster's website
pluby
The Architect
The Architect


Joined: Jun 16, 2003
Posts: 11883
Location: California, USA

PostPosted: Wed Jun 10, 2009 9:58 am    Post subject: Reply with quote

pluby wrote:
Any idea where they got their code from? Or do you think they custom developed it?


I think I answered my own question: Handbrake is using phpBB 3.x. Since that feature wasn't added until phpBB 3.0.4 and phpNuke uses one of the last phpBB 2.x releases, I will try integrating the following similar mod in our test environment:

http://sourceforge.net/project/showfiles.php?group_id=169772

Patrick
Back to top
View user's profile Send private message Visit poster's website
ovvldc
Captain Naiobi


Joined: Sep 13, 2004
Posts: 2352
Location: Zürich, CH

PostPosted: Wed Jun 10, 2009 12:55 pm    Post subject: Reply with quote

I think the problem with approvals is that you create a massive bottleneck.

We now have sufficient numbers to approve postings, but if Fran were to spend her time on other things and one other councilmember would be away, it could turn into a time trap for Patrick..

Ideally, we would expand the council a bit, to make sure coverage is not a burden on individual members.

Best wishes,
Oscar

_________________
"What do you think of Western Civilization?"
"I think it would be a good idea!"
- Mohandas Karamchand Gandhi
Back to top
View user's profile Send private message
pluby
The Architect
The Architect


Joined: Jun 16, 2003
Posts: 11883
Location: California, USA

PostPosted: Wed Jun 10, 2009 4:20 pm    Post subject: Reply with quote

So far, this is not a hassle for Fran or I as the moderators have usually deleted most of the spam before we start work each morning.

If everyone is OK with the current process, then that is no problem for us and we can relook at moderating first posts if the problem gets worse.

Patrick
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    NeoOffice Forum Index -> Server Outages All times are GMT - 7 Hours
Goto page 1, 2  Next
Page 1 of 2

 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum

Powered by phpBB © 2001, 2005 phpBB Group

All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © Planamesa Inc.
NeoOffice is a registered trademark of Planamesa Inc. and may not be used without permission.
PHP-Nuke Copyright © 2005 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.03 Seconds