Forum Spam

  • Hej,

    I'm not a very active here in posting stuff but I do read (and play :nerd:) a lot. Mostly via RSS feed. I do notice a spam problem on the forum though and I kindly ask to take actions against.


    * Spam posts make it to my reader.

    * Spam is in profiles of bot accounts (e.g. About Me links)

    * Spam is in replies that looks legit (because it's copied from humanz) but riddled with random links.

    * Spam is in replies that are edited after a while.


    There are various approaches how you could deal with this.


    * Mitigate e.g. by making sure that _no_ links can be added until a certain amount of credibility is reached (you _do_ run a ranking system already)

    * Weed out "new users" having no posts within months

    * Add a moderation queue for new users (you're not really overrun here, eh? :))

    * Add a moderation queue for new users if their first posts have links

    * Add a game purchase verification (e.g. game key to "link" with a purchase)

    * Make use of spammer databases (like StopForumSpam) during the registration (can be checked against local for the privacy concerned)

    * Make use of abusive IP databases (like iplists from e.g. Firehol)


    Some require action on the system level (hosting), some can be implemented in the software (forum) as plugin.


    …just don't add one of those dreaded Captchas - it's 2020 and they are all broken (by design, AI, cheap labour or privacy concerns) :dizzy:

  • Hmm... I'm not aware of any serious spam issues in this forum :wat: Granted, there are some spammers here from time to time, but usually it's not a big issue at all. I'd say there are only up to 1 or 2 spam posts in the forum per month on average, if any.

    You can never get fully rid of spammers. If a spam post shows up, it usually gets removed in a timely manner either by Minotorious or me.


    There seems to be a few more spammers who just abuse the "About me" section to leave some spam links there (without posting anything on the forums). Do you maybe refer to this type of spammers?

    I don't think many people check out their profiles to find the links (so I guess this is rather a minor issue), however, if you do run into any of these users, it's definitely helpful to report them (so we can ban them accordingly) ;)


    * Weed out "new users" having no posts within months

    Well, there are definitely legit users who didn't post anything at all. There is only a single account which is used for both the homepage and the forums, and it is also needed to purchase the standalone version of the game.


    * Add a moderation queue for new users (you're not really overrun here, eh? :))

    We do that temporarily in case there is a large wave of spammers at the same time. Something like that happened back in 2016, for example - we got a bunch of negative reviews and also experienced a lot of spammers in the forum at the same time (what a coincidence!). We've maintained a moderation queue for new users for a few weeks, until the spammers lost interest.


    However, due to the fact that people need an account to purchase the standalone version of the game, this isn't a suitable solution anymore...


    * Add a game purchase verification (e.g. game key to "link" with a purchase)

    While an account is required in order to purchase the standalone version, there is no need to purchase the game to create posts in the forums. Apart from that, it's difficult to verify Steam purchase, for example (but it's totally fine if a Steam user prefers to use this forum).


    * Make use of abusive IP databases (like iplists from e.g. Firehol)

    I'm not sure if this is a good idea. There is always a margin of error and a chance of false-positives, and we don't want to block innocent users for no reason.


    I guess most users have a rotating IP address anyway.


    * Make use of spammer databases (like StopForumSpam) during the registration

    We're already using StopForumSpam, and there are also a few other measures to keep spam bots away from the forums ^^ Actually I don't believe we have that many actual spam bots, it looks like most spam accounts were created by humans.

  • I admit that I have never used RSS feed, so my question might be very silly (sorry for that in advance): When the spam is not produced inside this forum, is it then possible that the RSS feed tool itself is abused by hackers/spammers/whatever?

  • There seems to be a few more spammers who just abuse the "About me" section to leave some spam links there (without posting anything on the forums). Do you maybe refer to this type of spammers?

    Also. Found a bunch just from the "Recent Online" and this is where they hope to be found by search engines (even when linked are marked as ugc - they don't care). They cause traffic, add nothing of value and/or are sleepers that may eventually start spamming your userbase as PM or in other subtle ways by editing old posts. I've seen this before.


    We're already using StopForumSpam

    That's great. They do a really good job for years already catching most of the same.


    I'm not sure if this is a good idea.

    I really doubt that there are any false/positives affecting the userbase _here_ and also you get to select the lists you want to use (blocking known botnets is always a good idea) but suite yourself :)


    I admit that I have never used RSS feed, so my question might be very silly (sorry for that in advance): When the spam is not produced inside this forum, is it then possible that the RSS feed tool itself is abused by hackers/spammers/whatever?

    Moderation here is really good but when a feed was fetched before the spam is removed you have it sitting in the reader:


    To the others that "can not imagine" this: I didn't post this because I was bored. I posted this because I noticed this happening again and again. There are more ways to interact with a website than visiting it on a computer with a webbrowser.

  • I really doubt that there are any false/positives affecting the userbase _here_ and also you get to select the lists you want to use (blocking known botnets is always a good idea) but suite yourself :)

    It depends: The less you block, the less the chance of false-positives - but there is always a chance you block an innocent user. And as mentioned, I'm not sure if spam bots are really a big issue in this forum. I guess most spammers here are humans :thinking:

    I did check the IP addresses of the most recent spammers we had and in fact these IPs weren't blacklisted anywhere (FireHOL, Spamhaus etc) - so I don't think using IP blacklists would really improve the situation :(


    I understand that even few spam posts are quite annoying in the RSS feed, but I'm afraid that we're at a point where we cannot improve the situation without causing collateral damages :/

Participate now!

Don’t have an account yet? Create a new account now and be part of our community!