*Warning - Overnight Spam Attack?*

[moorfield]

I'm sure the mods will pick it up soon - looks like the forum has suffered a large spam attack overnight.

My own immediate advice would be NOT to click onto any of those hypertext links.

The translation of the Russian text is rather pornographic in nature.

[Raptor]

There are hundreds of posts and we are working our way through them. Hopefully as more mods log on we will be able to clear them faster.

Raptor.

[csearle]

I'm sure the mods will pick it up soon

Yes, we're on to it, hopefully won't be too long before the carnage is cleared up.

Chris

[swill453]

There are hundreds of posts and we are working our way through them. Hopefully as more mods log on we will be able to clear them faster.

I don't know anything about the board software, but would it be possible to create some kind of macro to delete a user and obliterate anything they ever posted?

Scott.

[Itsallaguess]

I should probably add a 'Thank-You!' here to all the posters who've been reporting the huge amount of SPAM the board has seen in recent days.

It's not as easy to reply to the originators of post-reports with this board software, but please be assured that the mods are very grateful for the diligence of the many people willing to swiftly report these posts as they appear on boards that they follow.

That continues to be the best way that we'll be able to tackle these issues, so thanks to everyone who's made the effort to highlight these posts.

Cheers,

Itsallaguess

[DiamondEcho]

I mentioned on another topic a mechanism we had when I was a Mod on another forum. A new member subscribed and their first [IIRC] 5 posts went into a form of quarantine queue. Those 5 posts were released to be published once approved by a Mod. I think that from day-1 set the expectations as to what was expected and what oversight was on hand. The post>publish delay was a suitably dissuasive [vs spammers] time period, say 12-36hrs to put off all but the extremely calculating spammer. I don't know if anything like that is possible in this forum's software, but thought I'd mention it in passing.

The other route spammers there used was writing say ten or more valid replies to existing topics, and then later going back and editing all of them to contain a spam-link [often 'search engine spam' posted by bots, or people posting commission-generating URLs]. The clues there were innocuous looking but value-free posts from newbies. 'Yes I think so too', or 'Yes I agree with you' were sure give-aways. Three such post-quarantine period messages in say 10 minutes and they'd be pre-emptively vapourised. BUT, TLF has an edit lock feature which although frustrating at times when you made a silly mistake in a post and only realise later, should prevent against such 'retro-spamming'.

Encouraging people to report posts is another approach. I mean reporting apparent mal-intent, rather than ... simply something that conflicts with their opinions etc. Harnessing people-power via 'Report this post' is very useful for the Mods, and IME regular members should be reminded of it's benefit to the sanity of the board as a whole and encouraged to use it [but only] where appropriate.

[/NNTR.]

[csearle]

I don't know if anything like that is possible in this forum's software, but thought I'd mention it in passing.

It is. So far we are trying to manage things without having the inevitable extra workload imposed upon us.

TLF has an edit lock feature which although frustrating at times when you made a silly mistake in a post and only realise later...

Cant speak for fellow mods but I'm happy to correct any late-spotted typos in self-reported posts.

Encouraging people to report posts is another approach.

We do. I agree this is our best way of covering all posts with limited resources.

Cheers,
Chris

[PinkDalek]

... and 22 more memberlist.php?mode=viewprofile&u=2400

[Raptor]

We are working on it, seems a sleeper

[Clariman]

Thanks everyone and especia9to the mods. Stooz and I can remove all posts of a user if we delete the user. Been deleting and banning the ip addresses just now.

[PinkDalek]

For those who find their Notifications are full of replies by what is now described as "Anonymous", that was the latest spammer. I only mention the name to avoid genuine replies being missed, when fools are using the Mark Read function.

[beeswax]

Why do they do it?

[kiloran]

I get the feeling that the majority of spam attacks that I have seen are in russian (don't know why they expect us to understand the posts).
Might it be possible to prevent a post being published if it contains any of the cyrillic characters? And perhaps restrict posts to a single url link?

--kiloran

[Gengulphus]

And perhaps restrict posts to a single url link?

Much too restrictive. E.g. it not infrequently happens that in answering a taxes question, I want to refer to two or more of HMRC's taxpayer-oriented pages, their technical manuals and/or the underlying legislation. They don't link to each other, and even the references to legislation in the technical manuals are highly abbreviated ones. E.g. a page refers to "S.107(1)", which someone like me who knows the ropes will know is a section reference to the legislation and find on an earlier page that the relevant Act is "IHTA84", guess (due to which manual it's in) that the "I" stands for "Inheritance" and look up Acts from 1984 containing the word on http://www.legislation.gov.uk. But it's totally unreasonable to expect most TLF readers to know the ropes to that extent - and indeed, if the person asking the question knew them that well, they would probably not have asked the question, being able to answer it for themselves!

So basically, in that sort of case, producing an answer that is well backed up with facts people can check for themselves requires two or more links.

And "report" and "survey" type posts can want a lot more - e.g. viewtopic.php?f=15&t=4349 has a dozen or so, and http://boards.fool.co.uk/gdhyp-year-8-report-13397971.aspx getting on for 40... Not saying that those numbers are absolutely essential - they're not, and indeed when I produce the year 9 version of the latter in about a couple of months' time, it will probably only need about half as many links due to the different set-up here on TLF.

Not saying there's no mileage in the idea, though: there might well bne, but it needs to be done in a more sophisticated way. E.g. have quite a low limit on the number of links in a post by default (not quite as low as 1, I think, but not much higher), and a higher limit for 'trusted' posters. When a non-'trusted' poster tries to post something with more links than the low limit, the post is held up pending moderator approval. Depending on what the moderator sees, they can do anything from banning the user (if it's a 'sleeper' spammer breaking cover) through simple rejection or acceptance of the post to accepting the post and making the poster 'trusted'.

Gengulphus

[wickham]

I get the feeling that the majority of spam attacks that I have seen are in russian (don't know why they expect us to understand the posts).
Might it be possible to prevent a post being published if it contains any of the cyrillic characters? And perhaps restrict posts to a single url link?

--kiloran

On a forum I run I banned the IP codes for China which worked a treat, then on another forum I did the same for all Russia which also worked too well. Several members complained that they had been banned. I didn't realise that Russia is in the same zone as Europe!

It is possible to ask a question which requires a correct answer and I have found that this stops virtually all spammers from registering, so they can't post at all. However, it doesn't stop a human spammer knowing the answer and registering and causing trouble, but it does reduce the frequency of spamming.

[Halicarnassus]

Good work all.

[DiamondEcho]

I get the feeling that the majority of spam attacks that I have seen are in russian (don't know why they expect us to understand the posts). Might it be possible to prevent a post being published if it contains any of the cyrillic characters? And perhaps restrict posts to a single url link?

--kiloran

On a forum I run I banned the IP codes for China which worked a treat, then on another forum I did the same for all Russia which also worked too well. Several members complained that they had been banned. I didn't realise that Russia is in the same zone as Europe!

It is possible to ask a question which requires a correct answer and I have found that this stops virtually all spammers from registering, so they can't post at all. However, it doesn't stop a human spammer knowing the answer and registering and causing trouble, but it does reduce the frequency of spamming.

Is it possible to identify visitors by nationality of ip? Similarly is there any identifiable correlation with the sources of spam? Perhaps blocking whole problem countries might limit spam. How much would it matter if you blocked problem-country A, if no legitimate member lived there or logged in from there? Would it be possible for a future legitimate member in a blocked country to request an over-ride giving access to their ip [presumably a fixed ip address?]. Or could it be suggested they use a VPN to route via the UK? Not sure, but I haven't heard of a spammer going to the trouble of avoiding geographic blocks by using a VPN.

IME spam posts in a foreign language are usually 'search engine spam' posted in the cause of spamdexing https://en.wikipedia.org/wiki/Spamdexing
AFAIUI that's to get a site into the top hits from a Google search, much of this is posted by spambots rather than humans, this is why registration challenge questions [for example a visual Captcha Code] stops them in their tracks. So it doesn't matter if you understand the language in a spam post, it gets the spammer up the Google search rankings for readers searching in that particular language.

Come to think of it another ground-rule we had on the forum I was a Mod of, in a linguistic melting pot in Asia, was 'Posts are only permitted in the English language. Any posts in other languages will automatically be deleted, and such posters barred' [or in fact it was semi-automatically, via 'report this post' from regular users].
That got the message through, and we got little spam, despite as an expat-forum being something of a prime-target demographic for spamming out in that part of the world. That said as a linguistic melting-pot there were legitimate discussions of foreign words, phrases, and so on, but as they were between established posters no one would report them.

If you get a spam-storm in say Russian. You could add a banner above the text-box where a spammer would enter their post, perhaps in double-sized red-font reading 'Any posts that are not in English will automatically be deleted and the posters banned'. Spammers tend not to read the T+Cs so during a bad patch, being up-front and clear pre-empts a snowballing of any trouble. That was only used once or twice during bad weeks. IME you need to balance the welcome with appearing overtly hostile, and newbies looking at a forum can be more nervous about registering and posting than established members might imagine. You'll have seen newbie posts like... 'Ok, I've read the forum for quite a while, done background research, and here's my first post, please be gentle with me...'. Then of course by about their 50th post they're entirely chilled out and being as beery and gobby as some of the oldsters