Jump to content
 
Search In
  • More options...
Find results that contain...
Find results in...

We have been visited by the smartphone spam fairy!

SansFin

By SansFin,
in General Discussions

 Share

Recommended Posts

cmovieviewer Advanced Member

cmovieviewer

Posted
Posted

If you consider how much time and effort must be spent by the message board operators in cleaning up spam that is left day after day, I find it frustrating that at least some effort seemingly has not been made to prevent the spam in the first place.

 

Before I continue let me say how much I appreciate the fact that we have this resource that is free for us to communicate most all of our opinions on the movies and related aspects that we love to discuss.  But it is the very appreciation for this resource that also makes me wish that something could be done to stop it from being defaced on a regular basis.

 

I am most likely unaware of all of the related aspects, but in my humble opinion things could be improved by

 1. Limiting the number of message threads that a user can create in a specified time period.

The goal is to stop a user or a limited number of users from creating multiple threads with the same or similar title over and over within a short amount of time.  It is apparent from the spam that is left that multiple message threads is a main goal of the spammers.  If new message threads by a given user are limited per day, then a related step that must be taken is

2.  Insure that the process for adding new users is such that it cannot be automated.

(The CAPTCHA method is a common example of one way to do this.)  The goal is to allow real people that want to contribute to be able to make a new account without too much trouble, but to block or slow down robo-accounts.

 

For item 1, would it really be a big deal for the rest of us if we were limited to say, 4 new threads a day? (Just picking a number out of a hat.)  I would be very surprised if that didn't cover most if not all of the legitimate activity on the boards.

For item 2, I have read on the internet that there are freely available systems that can be used to 'de-automate' the new user process.  It's been a while since I signed up, but the new user process may already have such safeguards in place.  Not sure if they would need to be enhanced once item 1 was implemented.

 

I shouldn't presume to tell the board operators how to do their business, but at least they should be permitted to try something.  The system in place now is akin to allowing graffiti to be painted on the walls of your business, and periodically having someone come in and paint over it, only to repeat the cycle the next day and so on.

 

In thinking this through, the one counter to the argument I can think of is that once you start the 'war' by retaliating, then perhaps things could escalate and you might have to take additional steps to continue the fight.  Other techniques that quickly come to mind are blocking specific IP addresses from joining the board (I believe there are publicly available lists), blocking non-Roman characters for message text, etc.  But my guess is that the spammers go after the low-hanging fruit and would hopefully move on once things become more difficult for them.  With all the message boards we see on the internet, surely the defense of a message board is a common activity with known techniques that can be achieved without too much effort.

 

Whew, okay I feel better now that I got that off my chest.  I very much hope I have not offended the operators.  I realize that I am completely unaware of the parameters they have to work with.

Link to comment
Share on other sites
SansFin Advanced Member

SansFin

Posted
  • Author
Posted

 1. Limiting the number of message threads that a user can create in a specified time period.

 

 

Modern software for generating spam detects rejected posts and automatically creates a new account so as to continue posting.

 

It is by this that limiting the number of posts simply makes more work for moderators because they must then delete twenty-five users with four posts each rather than one user with one-hundred posts.

 

 

2.  Insure that the process for adding new users is such that it cannot be automated.

(The CAPTCHA method is a common example of one way to do this.)  The goal is to allow real people that want to contribute to be able to make a new account without too much trouble, but to block or slow down robo-accounts.
 

 

Any protection performed by an automated process can be defeated by an automated process. The newest software for spamming is capable of defeating the picture-captcha in which you are to select which are images of flowers or houses or etc.. It is fortunate that this software is still closely guarded and quite expensive. It is my understanding that it remains at the level that people use it to create accounts at a variety of sites and then sells lists of those accounts to those wishing to post spam. 

 

I doubt that limiting spam on this site has a high priority as I am quite sure than plans have been made to change it over to the exclusive playground of the: backside or whatever it is they call their: "we only listen to people willing to pay us" subscription cadre which they formed recently.

 

There is no greater deterrent to spam than to charge people to have a username.

Link to comment
Share on other sites
cmovieviewer Advanced Member

cmovieviewer

Posted
Posted

SansFin,

 

I have seen the argument before that any measure to prevent spam can be defeated.  But does that mean that no effort to stop spam should be made?  As you state, such countermeasures from the spammers have a cost.  The message board wins if the cost for the spammers is higher than they are willing to pay or if they don't have access to the additional necessary tools, or if there are easier targets elsewhere.  I visit several other message boards and I never see the level of spam there that I see on this board.  I doubt there is any reason why TCM's message board would specifically be targeted, other than the fact that it is more easily vulnerable to attack.

 

It is clear that stopping spam has almost no priority on this board, and I agree that it is likely due to budget constraints.  I would argue that a cost/benefit case could be made that a little prevention might actually be the same or less cost than repeated cleanup, but I'm in no position to prove that.

 

I also realize that such argument is wasted breath without consideration by TCM, but I mostly just wanted to voice my frustration.

Link to comment
Share on other sites
JamesJazGuitar Advanced Member

JamesJazGuitar

Posted
Posted

SansFin,

 

I have seen the argument before that any measure to prevent spam can be defeated.  But does that mean that no effort to stop spam should be made?  As you state, such countermeasures from the spammers have a cost.  The message board wins if the cost for the spammers is higher than they are willing to pay or if they don't have access to the additional necessary tools, or if there are easier targets elsewhere.  I visit several other message boards and I never see the level of spam there that I see on this board.  I doubt there is any reason why TCM's message board would specifically be targeted, other than the fact that it is more easily vulnerable to attack.

 

It is clear that stopping spam has almost no priority on this board, and I agree that it is likely due to budget constraints.  I would argue that a cost/benefit case could be made that a little prevention might actually be the same or less cost than repeated cleanup, but I'm in no position to prove that.

 

I also realize that such argument is wasted breath without consideration by TCM, but I mostly just wanted to voice my frustration.

 

Would you trade TCM running ads on this website (not on the actual station) to pay for the cost of better website maintenance and monitoring?   

Link to comment
Share on other sites
cmovieviewer Advanced Member

cmovieviewer

Posted
Posted

Would you trade TCM running ads on this website (not on the actual station) to pay for the cost of better website maintenance and monitoring?   

 

One of the things I love most about TCM is the fact that they so far have resisted running advertisements (other than for their own or directly related programming / services), so I don't want to go down that path, if you want an honest answer.

 

I may be missing your point (if you are trying to make one).  Are you implying that we are not paying for the message board and therefore we are not entitled to hope for a spam-free experience?  An underlying assumption I have is that someone is currently being paid to run the message board (probably among other duties) and there is a certain time/cost budget for them to do so.  It might be possible for them to improve the system to reduce the spam within the currently allocated budget so no additional costs would be necessary.

 

I have a software background so in that context I have seen many examples of spending extra time up front to create tools that simplify processes later.  In these cases you make an extra investment in the beginning which ends up saving you time/effort in the long run.  This is the type of trade-off I am thinking of.  If you block spam from being added in the first place then the admin doesn't have to log on at 3 am to clear out the 7 pages of spam.  If you multiply this by however many days in a year that happens, then that might add up to more work than it would take to implement/maintain some spam reduction methods.

Link to comment
Share on other sites
Dargo Advanced Member

Dargo

Posted
Posted

Saaay, speaking of "cost effective use of spam blocking"...

 

Does anybody here know if any of this stuff ever shows up over there where people pay 87 bucks to be one of those TCM "Insiders" and hang around the "Backlot"?

 

(...you know...where you might have a chance to rub elbows with Ben, Tiffany and the Czar of Noir, and ALL for just 87 bucks...shipping and handling extra, of course)

Link to comment
Share on other sites
Dargo Advanced Member

Dargo

Posted
Posted

Sorry Dargo, I'm feeling really dense now.  Are you asking if any of the Backlot members ever bring up message board spam during their visits with the TCM people?

 

Hmmm...actually cmv, perhaps it's a case of me being a little dense here. You see, I was under the impression that Backlot member had their own separate forum in which to communicate to one another and with TCM "authority".

 

(...and just by the manner in which you posed your question, I'm now getting the impression that that impression was a faulty one...yes? no?)

Link to comment
Share on other sites
SansFin Advanced Member

SansFin

Posted
  • Author
Posted

I have revolutionary idea.  Don't allow messages that have more upper ASCII characters than the usual lower ASCII characters or foreign character sets to post.  This isn't exactly ever visited or used by them.

 

 

Знать один язык никогда недостаточно

Link to comment
Share on other sites
cmovieviewer Advanced Member

cmovieviewer

Posted
Posted

Here is some sample text from the AVChat website that describes steps they recommended for addressing spam registrations using the same IP.Board software that TCM uses for their message board system.  The AVChat approach used a combination of techniques, including CAPTCHA variations and publicly available spam IP address checks.  Note the final graph which shows such registrations reaching near zero after previously being as high as 100 per day.  I'm not implying that this approach is impenetrable or that TCM could easily do the same.  The point is that this demonstrates there are established methods that can produce effective results for specific cases.

 

 

These days we faced some annoying spam attacks on our forum and had to take some security measures that will share with everybody here.

stop_forum_spam.png?resize=197%2C106

IP.Board spam prevention

As first quick measures:

1) You have to ensure that the registration page contains at least a “Questions and answers challenge” and a CAPTCHA code. For those who don’t know, this area can be found in the AdminCP under the menu System->System Settings->Security and Privacy.

We used to have re-captcha from Google before, but the bots were still getting in, so we switched to “Are you human PlayThru” to see if something changes.

Here’s a graphic of user registrations due the past months where we can notice abuse of users registered:

Screen-Shot-2013-03-01-at-6.35.19-PM-300

2) The e-mail validation after user’s registration is also recommended. We already had it enabled, but it seems that the spammers found a measure to pass this so we’ve searched for other good measures.

3) As spammers are studying security bugs for software versions, you might want to hide your IP.Board version located in the footer.

4) Also, you need to make sure that your license is active, otherways the spam monitoring service from IP.Board will not be active.

5) What seemed to be a good tool is Forum Spammer IP & Email Check via Stop Forum Spam 2.1.5 .
This adds a check during registration submission that checks the registers IP address and email address against a known list of spammer IP’s and emails from stopforumspam.com.
If it returns true for a spamming IP or email the registration is declined and the IP and email address can be added to IPB’s ban filters.

Here’s the actual registration graph which shows a descending line:

Screen-Shot-2013-03-01-at-6.38.13-PM-300

Link to comment
Share on other sites
Tikisoo Advanced Member

Tikisoo

Posted
Posted

cmovieviewer said: The point is that this demonstrates there are established methods that can produce effective results for specific cases.

 

Uh, I have suggested several times this forum adopt an even easier spam blocker-only allow 3 threads to be created per day, per user name.

I had thought that restriction was already in place when joining this group, thought it was part of the "agreement". But that was over 10 years ago and they've changed formats a few times since then.

 

That software's been around for a long time and rather successful elsewhere.

 

Still wonder what is to be gained by the spammer? NO ONE looks at their posts.

  • Like 2
Link to comment
Share on other sites
cmovieviewer Advanced Member

cmovieviewer

Posted
Posted

cmovieviewer said: The point is that this demonstrates there are established methods that can produce effective results for specific cases.

 

Uh, I have suggested several times this forum adopt an even easier spam blocker-only allow 3 threads to be created per day, per user name.

I had thought that restriction was already in place when joining this group, thought it was part of the "agreement". But that was over 10 years ago and they've changed formats a few times since then.

 

That software's been around for a long time and rather successful elsewhere.

 

Still wonder what is to be gained by the spammer? NO ONE looks at their posts.

 

Limiting multiple threads is a start, but it will quickly put the focus on multiple registrations, which is why there is the emphasis on stopping spammers from creating new users in the example I showed.  3 topics per user is no good if they just create 10 times as many user IDs.

 

I believe the goal for creating multiple messages is because search engines like Google will scan a site every day and raise scores for internet links they find there.  The more hits they find for a given site the higher the score.  So a Korean gambling site can raise their score for Google web searches by spreading the same message throughout the TCM message board.  It doesn't matter if we read it or not, it is the Google search engine data collectors that are being targeted.

 

Which raises the question if a message board could reduce the incentive for such messages by blocking Google from using their web pages in their scans.  There are /noindex and /nofollow tags that can be added to the TCM web pages to do this.  But TCM's message board software would have to be aware of this when it creates its own ability to search for our messages.  We could lose our own search capability in the process.  I'm sure TCM would not want the internet to go blind to all of the messages here, so it would have to be done carefully.

 

But again that involves changes to the board and that's probably way beyond the scope of what would be supported.  Ultimately the simplest and most direct way to keep out the spam is to stop the spammers from registering in the first place.

Link to comment
Share on other sites
Tikisoo Advanced Member

Tikisoo

Posted
Posted

It doesn't matter if we read it or not, it is the Google search engine data collectors that are being targeted.

 

That's why I avoid Google & Amazon like the plague. People find them so "wonderful" and finally Google gets slapped with a fine for "results favoring their paid sponsors".

 

Was anyone surprised by that? 

 

The internet....just another great idea working against people and for the almighty dollar.

  • Like 1
Link to comment
Share on other sites
Sepiatone Advanced Member

Sepiatone

Posted
Posted

I don't necessarily avoid  Amazon,  it's just not my main "go to" for anything.  And since my AOL home page is "powered by Google", I rarely, if ever, use IT beyond that scope.  I usually just go online to look stuff up(like on WIKI), send e-mails and partake in forums like this to intermingle with good folks like you all.  And once a month check my bank balance.

 

All in all, I probably spend no more that TWO HOURS a day online, and NOT all in one sitting.

 

And I figure since there's NO fee for joining any of the other "message boards" and forums I belong to( four in all) that the spammers we're enduring here see using these sites as some opportunity for FREE advertisement.  Costs them nothing, and if it DOESN'T generate any new revenue, it's no loss.

 

 

Sepiatone

Link to comment
Share on other sites
Movie Collector OH Advanced Member

Movie Collector OH

Posted
Posted

I don't necessarily avoid  Amazon,  it's just not my main "go to" for anything.  And since my AOL home page is "powered by Google", I rarely, if ever, use IT beyond that scope.  I usually just go online to look stuff up(like on WIKI), send e-mails and partake in forums like this to intermingle with good folks like you all.  And once a month check my bank balance.

 

All in all, I probably spend no more that TWO HOURS a day online, and NOT all in one sitting.

 

And I figure since there's NO fee for joining any of the other "message boards" and forums I belong to( four in all) that the spammers we're enduring here see using these sites as some opportunity for FREE advertisement.  Costs them nothing, and if it DOESN'T generate any new revenue, it's no loss.

 

 

Sepiatone

 

I don't see all that random crud as real advertising.  If it is, then I am going blind.  Also if there are ever any links in those types of messages, don't click on them. 

 

Regarding search engines, you can always add these to your bookmarks:

startpage.com

start.duckduckgo.com

Link to comment
Share on other sites
Movie Collector OH Advanced Member

Movie Collector OH

Posted
Posted

I have revolutionary idea.  Don't allow messages that have more upper ASCII characters than the usual lower ASCII characters or foreign character sets to post.  This isn't exactly ever visited or used by them.

 

 

Знать один язык никогда недостаточно

 

 

:D  My thoughts exactly!  ;)

 

 

Sepiatone

 

LOL  It can be fine-tuned, just for you.

Link to comment
Share on other sites
 Share
Go to topic listing
© 2022 Turner Classic Movies Inc. All Rights Reserved Terms of Use | Privacy Policy | Cookie Settings
×
×
  • Create New...