Ask Your Question
8

Suggestions for antispam measures?

asked 2012-06-22 01:17:15 -0600

Evgeny gravatar image

updated 2012-10-26 19:49:48 -0600

What can we do to prevent posting of spam links? Have a reputation limit, minimum number of posts? Anything else?

Links show in posts, user profile "about" and the "website" sections.

edit retag flag offensive close merge delete

7 Answers

Sort by ยป oldest newest most voted
4

answered 2012-09-01 02:09:25 -0600

this post is marked as community wiki

This post is a wiki. Anyone with karma >100 is welcome to improve it.

A compilation of ideas:

  • disallow creation of accounts with certain email hosts that are common among spammers
  • disallow or apply higher reputation minimum for the users to post links and images anonymously
  • moderate users joining the site
  • require email validation before users can make posts (available in the repository as option)
  • add an option to prohibit or place a reputation barrier to post external links
  • track users IP addresses and be able to block offending IP's.
  • configurable minimum reputation to post links or embedded images anywhere (user profile, homepage link, content posts)
  • when new/low reputation user posts a link/hotlinked image it is not rendered as HTML, but shown in plain text
  • require "high quality" email address - not from mail server specializing on throwaway email accounts
  • block email alerts from low reputation users to be widely distributed, except for the moderators (available as an option in the repository)
  • force low reputation users to solve captcha when making posts
  • add conditions when posts are automatically placed on a moderation queue, based on the content and the user who makes the post
  • automatically place suspect posts on a moderation queue when content moderation is enabled and prevent the post from being published until approved or until user deletes the suspicious content
  • a tool for the administrator: find low reputation user profiles with external links
  • add a user action in the admin interface to block user and delete all created content, when user made an edit - try to delete their edits from the history.
  • tool for the admin: pattern-recognition based search for spammy posts
  • add flag reason for spam
  • support services for content checking services like Net Nanny, OpenDNS.
edit flag offensive delete link more

Comments

@pajju, sorry I have highjacked your post for the compilation, you actually had some original ideas, maybe if you want - you could re-post them separately?

Evgeny gravatar imageEvgeny ( 2012-10-26 20:54:57 -0600 )edit

its perfectly fine, not a problem at all. :)

pajju gravatar imagepajju ( 2012-10-27 00:45:41 -0600 )edit

How can I force low reputation users to solve captcha when making posts? Is this baked into a new version of askbot?

tom gravatar imagetom ( 2015-07-13 16:33:34 -0600 )edit
4

answered 2012-06-25 12:21:49 -0600

powlo gravatar image

Is the problem spambots or human spammers? Doesn't Askbot have a Captcha for certain reputation levels?

Also, perhaps you could disable url conversion for a certain reputation level.

This could be applied to both posts and profiles.

A more complex solution might be to have urls hidden in low rep posts (and profiles) pending approval from a moderator.

edit flag offensive delete link more

Comments

1

It sounds right to prevent URL conversion to links depending on the reputation level.

Evgeny gravatar imageEvgeny ( 2012-06-25 18:33:48 -0600 )edit
1

I like the idea of preventing URL conversion, at least until moderator review. But I suspect spammers would still post plain text links judging from my wiki and Trac systems. My "more complex" solution would be a category of post/comment that was only visible to the poster and moderators (or members with high karma) if it matched a regex blacklist, until explicitly made globally visible.

jimt gravatar imagejimt ( 2012-06-25 23:12:25 -0600 )edit
2

Disabling links for low rep users, esp in their profiles. In particular, rewrite the URL with spaces so it is human not computer readable. Also, nofollow links for medium rep users. This would be great!

Joseph gravatar imageJoseph ( 2012-07-13 15:03:44 -0600 )edit

I can tell you for a fact that spammers are googling for OSQA and askbot footer text, so they can drop links. Astrong antispam measure like I propose would be great!

Joseph gravatar imageJoseph ( 2012-07-13 15:08:39 -0600 )edit

@Joseph why might it be worthwhile to rewrite urls? in what situations? what if we just display link as plain text without the anchor tag?

Evgeny gravatar imageEvgeny ( 2012-10-26 19:58:42 -0600 )edit
3

answered 2012-06-27 10:30:06 -0600

Jtrain gravatar image

updated 2012-08-31 16:28:39 -0600

todofixthis gravatar image

I just went through an exercise of removing the spam from the profile sections. Sneaky spammers putting links to really unrelated websites. Here is the query that i used

update auth_user set about = '' where reputation = 1 and about != '';

idea What if we disallow users to edit the "about" and "website" sections of their profile unless they have greater than 1 (or configurable) reputation.

Some alternative/supplementary ideas:

  • Things that can have links like the personal website or profile description when edited could come to the attention of the admin.

  • At the moment, I do a regular manual check myself of the profile descriptions to see and ban people posting spam in there.

  • Banning a user could also delete all of their posts. But that is less of an issue right now.

edit flag offensive delete link more

Comments

that's a one spam-busting query!:)

Evgeny gravatar imageEvgeny ( 2012-10-26 20:03:42 -0600 )edit
2

answered 2012-08-31 13:10:28 -0600

I Like AskBot gravatar image

I'd like that every link has changed in a default text ( for example LINK SUGGESTED ) with mouseover event that show the link inside.

In this way i prevent the reading of classic spam url and the automatic click that some users do without thinking ( especially to shorted url ).

The best solution would be that this link excpet to be changed in the way that i suggest is that an internal antispam system and analyzer of dangerous url identify the url suggested showing it in :

red color if dangeorous

yellow if not sure but ..

green if ok

I know that is a big work but when we suggest a solution why not to suggest the best way?

Obviously if in the comment or answer or question will be also other kind of flag and not only OFFENSIVE but also SPAM could be useful to categorize it with other type of informations.

edit flag offensive delete link more

Comments

1

+1 interesting idea. Would be a major plus if there was already a content evaluation service with an API we could hook into to make the red/yellow/green determination (e.g., Net Nanny or OpenDNS content filters).

todofixthis gravatar imagetodofixthis ( 2012-08-31 16:27:31 -0600 )edit
2

answered 2012-10-29 14:30:25 -0600

todofixthis gravatar image

updated 2012-10-29 14:32:29 -0600

Please also log the IP address used to create the account so that an admin can review for clues to see if the user is posting where they say they're posting from.

For example, I got a one-line question on my hosted site asking about health insurance in NJ. This is borderline but probably off-topic for an expat forum. I posted a comment asking him to clarify, but I never got a response, so I closed and eventually deleted the question.

His account fits one pattern that makes me suspect it was a spam bot:

  • Username is in "Firstname Lastname" format, which is VERY unusual for my target audience; most expats I've encountered are extremely protective of their personal information.

However, I can't be sure.

If I knew the IP address that created the account, I could be more confident in deciding whether this is a legit account.

This would also be useful for detecting sockpuppet behaviors.

edit flag offensive delete link more

Comments

Great suggestion! I think to have the IP of the user is a must have.

Toms gravatar imageToms ( 2012-10-30 02:49:29 -0600 )edit
2

answered 2012-06-23 13:59:56 -0600

zaf gravatar image

One suggestion would be to allow only openID services for login and not local ones, as discussed here. This way you can eliminate spammers, because users will have to give a valid account.

Now, for those who do give valid accounts but are still spammers and post questions with offensive content, there is always the community to flag and vote them down (I think afrer few flags, post is automatically removed from homepage, right?).

Last, for those who add a spam URL in their profile, I think you should just require some 50 points of karma to allow adding personal website or profile description.

edit flag offensive delete link more

Comments

1

We could hide the url by showing link text instead of the actual link and tell the user that it is hidden until their reputation reaches some threshold.

Evgeny gravatar imageEvgeny ( 2012-06-25 18:35:51 -0600 )edit

Unfortunately spammers register "throw away" OpenID accounts.

jimt gravatar imagejimt ( 2012-06-25 23:27:13 -0600 )edit
0

answered 2016-01-08 05:21:24 -0600

updated 2016-01-08 05:26:55 -0600

Some antispam measures taken for Ask-Sage (an askbot-powered Q&A site for the Sage Mathematical Software System) recently (2016-01) were discussed in this sage-askbot-devel thread. Hopefully they can be useful more widely.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

4 followers

Stats

Asked: 2012-06-22 01:17:15 -0600

Seen: 38,351 times

Last updated: Jan 08 '16