[korti]

I am getting nailed with mega spam. I have my askimet key turned on and I am getting sign ups like mad, only all is spam.

They are signing up as users and creating links to there sites. Anyone know how to resolve this?

This site was just launched http://www.houstoncriminallawyer-tx.com /forums

all the emails are ending with .ru

[chrishajer]

Looks like the spammers are having fun today:

https://bbpress.org/forums/topic/forum-under-attack-user-approval-plugin-wont-work#post-72168

[korti]

Thank you!

[kevinjohngallagher]

Chris,

I know that you’re working hard here, but given that its the same accounts posting the same spam, can’t we do somehting about them?

It’s making reading the forum via RSS quite useless (mostly because I look terrible in ugg boots)

Thanks,

Kev

[chrishajer]

I cannot do anything about the users. I mark the posts as spam, but that info is not getting back to akismet (if it’s even supposed to.) So, all I can do here is remove the posts but cannot affect the users at all.

[kevinjohngallagher]

Ah, sorry to hear that Chris man.

Wasn’t sure how much access non-automattic people had, and given your tireless (thanksless?) effort over teh past 2 years, i truly thought you’d have a bit more… ability to moderate.

At the risk of kick starting something negative, do we really have to wait on Matt to come along before we can delete spambots?

[chrishajer]

I think so. A keymaster or administrator would have the ability to delete or mark as bozo specific users. I don’t think moderators have the ability to do that.

[Ben L.]

I cannot do anything about the users. I mark the posts as spam, but that info is not getting back to akismet (if it’s even supposed to.) So, all I can do here is remove the posts but cannot affect the users at all.

Actually, it is. Akismet is sent all the posts that you mark as spam or not spam.

If Bozo users is installed, Akismet can mark newly registered users as bozos but will not change the status of people that are already registered.

I personally think that a plugin such as bbPress Moderation Suite (or a modified version of the bozos plugin that allows moderators to mark users as bozos) would do very well here.

[korti]

Wouldn’t a simple solution be to add a captcha key when they sign up as a user? I am by no means a programmer, and really just impressed myself that I could install bbpress with my wordpress, but it seems captcha codes work pretty good.

Maybe someone can make a plug in for it?

[kevinjohngallagher]

Captcha’s are by and large a real pain; and they’ve been mostly written off since late 2008, as they somewhat assume that everyone is fully-abled and is using a modern browser on a modern computer with everything turned on.

http://www.w3.org/TR/turingtest/

As a colour blind dyslexic, captcha = i can’t post.

The crux of it is this:

Your/Our/Any website letting in spam is not your user’s fault. If you want people to post, don’t annoy your them by making them do extra work to compensate for [you or your software] not being good at moderation. ***

Also, Captcha’s don’t stop human spam, which is on the rise, but they do turn away genuine users from even posting.

Further Reading:

• http://www.456bereastreet.com/archive/200512/captcha_is_bad_for_accessibility/
• http://www.zurb.com/article/158/captchas-are-bad-for-business-and-your-us
• http://www.zurb.com/article/285/its-official-captchas-are-bad-for-busines

*** People want simplicity. It’s why we get all this “zomg aol/msn/myspace/facebook/twitter/next-big-thing connect” nonsence.

[korti]

I agree/disagree with you on that, however

what other way is there? I have 100 active sites that get a lot of emails and without captcha there is no way I could keep up. Some of them got 500 spams a day. Captcha instantly fixed it and I still get just as many emails from customers asking questions if not more. To me it separates those that are truly serious and those that are not. If typing 4 extra letters makes you decide not to post then you really are not serious are you?

I did my own test and there was no difference. I simply the signup form to make up for it.

If there is another way I would surely do it. All mine are just 4 digit, so some get past it, but it stops 99%.

I like the one that is numbers eg: 2+7 = and then you just put in 9.

not sure if it is worth a hoot. Assuming not as I do not see them very often.

I do appreciate the feed back and the consideration. I definitely want my users to have a pleasant experience.

I have a major site that I gets mega traffic on and mega questions so I was hoping to integrate this, but I would be worried I might delete accounts that I mistake for spam that are not. The sign up of any new forum is a task, so I do not think an extra 10th of a second for a captcha code would make people go anywhere else.

It is the huge captcha codes that are nerve wrecking. Especially when you cannot get them to work. Even Google down sized theirs to 4 digits on adwords.

I am in no way a “bad” moderator a busy one yes.

I really appreciate your help. I know everyone is busy, and I appreciate the responses.

[chrishajer]

> Actually, it is. Akismet is sent all the posts that you mark as spam or not spam.

So what’s the point of sending the information back to Akismet then? What does sending it actually gain us?

[pagal]

@korti, Correct, I agree with you man…

@kevinjohngallagher, Do you have any solution? Really want to hear

[pagal]

@korti did you try these plugins?

For your Forums

1 – https://bbpress.org/plugins/topic/nospamuser/

2 – https://bbpress.org/plugins/topic/human-test/

For your WordPress Blog

3 – https://wordpress.org/extend/plugins/ban-hammer/

With WordPress plugin you can block emails ending with .ru

They really work, the author of bbpress plugin nospamuser also talking in this topic.

All the Best

Pagal

[kevinjohngallagher]

Hi Korti,

The issue with captcha’s comes down to the fact that you’re asking users to prove they’re not spammers by a method only avalible to be answered by a percentage of your legitamate posters. It’s not their fault the software you chose (or, we’ve all chosen) can’t handle the spam.

The realism is, if you’re running 100 sites, you should have a moderation policy in place. With people/human moderators. No software system, ever in the history of the world, has stopped 100% of spam. Infact, none have even come close to catching 100% of spam.

It’s all about percentages, and putting systems in place to get the spam coming through down to a managable number. I agree that typing any 4 numbers into a box doesn’t take long or put people off, but that’s a massive over simplification.

Captcha’s don’t:

1) Make any difference to human spam

2) Work if the user is on an older browser

3) Work if the user has JavaScript turned off

4) Work is the user has Images turned off

5) Work on mobile devices (by and large)

6) Meet any accessability standards

7) look or work the same for people with sight issues. (and the audio captchas simply don’t work).

Work in RTL languages / displays

9) Work in non-latin based languages as default (arabic / manderin / cantonese)

10) Work without a mouse (if using a reCaptcha).

Percentage wise, that’s a HUGE HUGE HUGE percentage of the world right there.

As a Real World example: I’m currently onsite at a client’s campus running analystics and UX/IA for their new University enrolment system. Online enrolment is down just over 20% from this time last year (not a big worry), but failed registrations is up by over 400%. Number one reason: people failing the captcha.

Captcha instantly fixed it and I still get just as many emails from customers asking questions if not more

Maybe you’re getting more emails because people who are serious can’t use your form to post.

What about those that are serious, but after multiple attempts at using your captcha simply gave up.

I do not think an extra 10th of a second for a captcha code would make people go anywhere else

Its cool that you think that, but there is so much data out there that says otherwise.

We have almost 20 years of HCI data availible, and we know for a certainty that the percentage of users who complete registration/sign-in/posting drops at an alarming rate the longer the process goes on.

Have you ever noticed how captcha’s were everywhere in 2007, but are virtually no-where now?

I am in no way a “bad” moderator a busy one yes.

I don’t doubt that mate. Approx 100 sites? I couldn’t even begin to imagine.

Take Care.

[kevinjohngallagher]

I know Alex popped up here once when we were mentioning Akismet, though I cant find the link, so i thoguht i’d quote this from him:

Akismet is for web spam

Akismet is not a blacklist nor a list of spammers. It takes into account all available information about each comment, and makes an individual decision based on the [forum] owner’s feedback. If you don’t want someone posting comments on your blog, just use the Spam button – Akismet will make a note of your preference and stop them from commenting on your [forum] in future (unless you subsequently use the Approve or Not Spam button).

So either it’s not happening, or its not working.

======================================================

EDIT: https://bbpress.org/forums/profile/tellyworth

Amazing how many big guns come out of the woodwork to help bbpress when Matts here…

[chrishajer]

If you don’t want someone posting comments on your blog, just use the Spam button – Akismet will make a note of your preference and stop them from commenting on your [forum] in future (unless you subsequently use the Approve or Not Spam button).

That is certainly not happening. I mark the spam replies as spam, and the same user comes back the next day with more spam.

[pagal]

@Kev, But I still did not understand the solution!

I need alternative… do you have? Did you mean there is no need of captcha, and allow people to send thousand of fake emails and register users?

[kevinjohngallagher]

@Kev, But I still did not understand the solution!

I need alternative… do you have?

Nope, there isn’t one.

Any automated solution can and will eventually be beated by spam-bots, based on the fact that they are upgraded to mimic human behavior.

Any automated solution becomes less effective over time.

And automated solutions against human spammers make 0 difference at all.

Did you mean there is no need of captcha

Yes. Captcha’s stop spam-bots quite effectively, but also stop a large percentage of human users. Captcha’s do not stop human spammers.

Captcha’s are like wearing a clock round your neck ( http://www.blogcdn.com/www.theboombox.com/media/2008/02/flavor-flav-200-020608.jpg ). It seemed like a good idea at one time

…and allow people to send thousand of fake emails and register users

No.

There are other methods of cutting down on the spam. You just can’t stop the spam entirely. If you run a website, YOU will have to moderate in some form. It’s just the way of it.

But making your users prove they are human every time they post is simply a very bad option. It’s not your users fault there’s spam on your forum/blog/website.

[korti]

@pagal Thanks, I will certainly try out the plug ins.

@kevinjohngallagher I’m not going to argue with you, not enough time unless I turn on my dragon… akismet works spectacular on wordpress and needs some love on bbpress. If I was a programmer i would be on it. I only need this to work on one site.

yes, for real I have a lot of sites (stopped counting at 70) and you will always find me here at my pc. I have made a living on the internet since 1997. Friends at Google, seo professional and just learning the css stuff loving wordpress.

I love bbpress and do not use any captcha for anything but my email forms, and the people who are not using it are are not getting a lot of traffic. if I didnt have captcha on my sites for email forms it would be game over. I get maybe 1-2 human spams a week if that. And my sales are going up up and up.

BBpress was hard enough to learn how to install it and then get all the spam.

and ya know I may have something goofed up in one of my files causing askimet to not work. I have two forums going and one gets only 3 spams a day the other gets 20. Then again the one that gets 20 I think was just indexed and has a lot of content.

the other was just a test site. I will reinstall and see what happens.

I just wont be able to handle it with one site that it is in the top 5 for many major keywords and we get 50 questions(emails) a day. I know the forum would be a smash instantly as they are using the feed back comments like mad.

I will try a few thing s and see what works. This site makes me way to much money to have it not work. I am still debating on moving it over to wordpress.

Lots of pros and cons to everything these days! Anyways, I have been dong this a long long time, so far my system is definitely working for me. I just have one small hurdle. If I did only have one or two sites it would be a piece of cake. As a SEO professional, I’m like a kid in a candy store. And every day I find an easier way and that is what is all about. That and to learn from one another.

meanwhile imagine bbpress with no forum… and they just got emails all day asking how to do this or how to do that…. that is where I am at.

so all in all i guess it depends on what you are doing on the net and how you are making your money..

captcha has never slowed me down but I type extremely fast to. I forget about the two finger typers.

I can say this, one time I forgot to put a captcha code on one website and wow what a mess 500 spams a day! I have also used every site builder under the sun and they all recommend it. To me it is like a seat belt law, you hate to put it on, but you know it is for the smart thing to do.

Thanks again sorry for typos, sleepy! 240 am here in Texas.

[korti]

pagal you rock, cant wait to try them out!

especially the .ru!

[korti]

@pagal, human test works like a charm THANK YOU!!!!!!!!!’

[pagal]

@korti Thanks mate, Its my pleasure!

I really surprised that why did not Kev suggest you to find the solution first from Google then Write here.