p2pnet spam bot troubles
p2pnet.net News:- Lately, we’ve been flooded by fake comments ‘posted’ by spam bots.
The vast bulk of it was/is from China and apart from sucking up resources, the spam, much of it disgusting porn, including kiddie porn, is picked up during Google and other searches, which lead straight back to p2pnet. And clearly, that’s not good from any perspective.
The solution? As many readers suggested, open a verification process which asks people to key in characters before they can send a comment.
It’s stopped most of the spam, but it’s also resulted in a drop in the number of Readers’ Writes, which is unfortunate because comment posts spark discussion and also often end up becoming stories in their own right.
The way things are the moment, anyone can add their thoughts, whether they’re registered or not, and we could get rid of the verification box by making it compulsory for people to sign up before they’re able to post to a story.
But there’s no way we’re going to do that. As far as we’re concerned, being able to say what you think, anonymously if you want, is a fundamental right.
We’ll try and figure out another way to get around the spam flooding (and if you have any ideas on how to do it, we’d love to know) but for now, if you want to say something, please go ahead and say it, even if you do have to enter five numbers and letters : )
Cheers! And thanks…
Jon
p2pnet newsfeeds for your site.
rss feed: http://p2pnet.net/p2p.rss
Mobile – http://p2pnet.net/index-wml.php
August 31st, 2006 at 6:12 pm
This is a good way to eliminate the spammers. Too bad there’s not a similar system which would be able to delete comments by the various trolls who call you a shill for Morpheus.
August 31st, 2006 at 7:03 pm
ummm I don’t know
August 31st, 2006 at 7:40 pm
I think that you have been the victim of ’someone’ remotely taking control of your computer or website. A Zombie program maybe?…or something like that. It’s quite obvious this ’someone’ is trying to hide by ’spoofing’ [unsavory] Chinese websites in an attempt to appear from somewhere where they are NOT.
August 31st, 2006 at 7:51 pm
OOOOOOOH YES WE DO!
September 1st, 2006 at 12:52 am
If you were to run this site using vBulletin 3.6 you could have registered users who don’t have to use a captcha for every post, while unregistered users would be required to post using the captcha.
September 1st, 2006 at 1:44 am
Jon
1. I always have trouble logging in. I don’t know how to change my password to something I can remember. That’s problem #1 in why I don’t leave you more comments. I’ve created 3 accounts so far, and still don’t know what to do.
2. When I did log in, and got the letter verification, it just didn’t work; I don’t know why. I use letter verification on other sites all the time, including my blog, and don’t have any problem with it. So I think it’s the particular version you’re using that’s difficult to penetrate.
Those are my thoughts.
Best regards,
Ray
September 1st, 2006 at 3:03 am
And lose any of 1 and l and I and i please. I’ve lost posts, too.
September 1st, 2006 at 5:04 am
I’ve purposely made comment whenever I have to validate more than once, so that it is known where the problem is. I’ve lost several posts prior to that because I didn’t do the ctrl+a and then the ctrl+c. Those just didn’t get posted again because I usually will post a long text. It’s not worth it to rewrite it again.
For the spammer, I left a post right under his for all the members just for the heck of it. It was followed by another spam and I spammed it right back (which I noticed that both remained though I expected them both to go with the spam) with a copy of the same post.
I wish you had another version of this validation script that might have more distinct characters. That in itself would solve this problem.
September 1st, 2006 at 10:51 am
It’s good to see Jon being open about this. I was actually pretty close to leaving P2Pnet permanently because of it, but curiosity made me come back. The validation idea clearly isn’t working as I keep seeing the same spam posted that string verification was supposed to stop. This means all verification is doing is driving the legit posters nuts. O and 0. I, l, and 1. 5 and S. 9 and g. A and 4 being the most recent gotcha, because the four is usually angled, which combined with the background static can make it look like an A if your not looking closely enough. I’m sure I’ve forgoten a few too. Doing the CTRL-A CTRL-C CTRL-V thing works, but we all forget sometimes to do it. That and it gets kind of trying after a while. Well, enough complaining from me since Jon has clearly seen the issues here. Lets see… I liked the one idea that someone posted, about making the string only required when posting anonymously. Might make folks more inclined to create a permanent account in order to avoid having to enter strings, but then again anonymous posting is likely what makes a lot of folks willing to post at all, so this idea could potentially do the same thing the verification is doing, which is drive people away. Surely there has to be a better version of this string verification script available somewhere. FWIW, I certianly don’t mind having to enter a string. It’s primarily the concequences of getting it wrong (several times in a row) that I don’t like, plus it seems to time out if you take to long to tyope up a post, making the entire string wrong regardless. I’m certain it’s worst for first time posters, who likely just give up and never come back. Certainly, setting things up so that folks don’t lose the comment they worked so hard on would be a definite start, if nothing else. If you get rid of string verification altogether, then I’m sure there are volunteers willing to delete spam when they see it. I suppose the hard part with that is finding people you trust though. Man, this isn’t an easy problem to solve, is it. Damned if you do, damned if you don’t…
September 2nd, 2006 at 12:14 am
The only problem is the spammers can still register and post their shite… I can’t even read the string displayed below… it’s kind of like a 3d ‘i’
September 2nd, 2006 at 12:16 am
I liked the one idea that someone posted, about making the string only required when posting anonymously.
A user named ‘eclectica’ has already responded to this topic in the comments advertising pills…..
September 2nd, 2006 at 2:38 pm
So I guess the question is whether spammers would be willing to go to the trouble to make an account here or not. Right now it only looks like one offender to me. I have noticed that the string verification hasn’t been stopping him/her/it 100% of the time either, so even it’s not perfect. I know that the idea we’re talking about does have it’s own flaws, but my thinking when I originally replied that this might be a good idea (further down) was that it might be easier to delete an account, which could perhaps be set up to erase all posts associated with it too, rather than delete one post at a time. I suppose the only way to know for sure is to try this idea out, but then again, like I also said in that other post, making people sign up just to avoid the string might have the same effect; that is, to discourage people from posting altogether.
Isn’t there any kind of automated scripting that could be implemented which would be able to recognize spam and prevent it from being posted, perhaps also automatically block the spammers IP address and account (if they’re using one) for 24-48 hours maybe? That’s another thought I had, though I don’t really know much about how the server end of running a website works, and thus I have no clue if this is even possible to do.
Frankly, I’d be happy with the string if only it was more readable and posts weren’t lost when a string is typed in wrong. Those two things alone would be a huge help for everyone and a good start towards solving this dilemma.
September 4th, 2006 at 12:58 am
Do what you have to do, be that verification, signing in, what ever it takes.
This site is too valuable to all of us for you to be extinguished by any cause.
Ken Johnson
Sand Point Alaska