Xrunner's Spam Xperiment

[xrunner]

I will once again point out that it is not the words in that question which stop them... It is the phrasing which makes it difficult for the automatic parsers to figure out what to respond.
The spammers do not read the question and don't care what it says except for the fact that they can not auto answer it.

Thanks for the input Kindred.

If my question seems to be the prime entity blocking spammers (which it's appearing to be) I want to investigate over the next few days the shortest question that will block these scum. I think this is a very interesting problem and since there is no shortage of "subjects" it will be fun to play with them on my own terms.

[darkknight89]

Oh I'm sure you'll have plenty of volunteer spammers.  If it's anything like my forum just make sure that you keep an eye on it when you have it unprotected.  Before I implemented anti-spam measures I spent a lot of time deleting spam.  Not exactly fun.

[Arantor]

I want to investigate over the next few days the shortest question that will block these scum.

Anything unique and not objective-fact based will work. By which, anything that can be found as a fact via Google is an objective fact. If you write a question that is subjective, i.e. contextually sensitive, it can't be solved algorithmically.

Then it just becomes a matter of time before you get added to one of the lists shared by the spam bots that lists your site, your question and its answer.

[darkknight89]

I want to investigate over the next few days the shortest question that will block these scum.

Anything unique and not objective-fact based will work. By which, anything that can be found as a fact via Google is an objective fact. If you write a question that is subjective, i.e. contextually sensitive, it can't be solved algorithmically.

Then it just becomes a matter of time before you get added to one of the lists shared by the spam bots that lists your site, your question and its answer.

So the same rule that some people have about passwords might apply here?  Change it often.

[Arantor]

Yup, changing the question often is a good idea. Once a month is usually enough.

[xrunner]

Oh I'm sure you'll have plenty of volunteer spammers.  If it's anything like my forum just make sure that you keep an eye on it when you have it unprotected.  Before I implemented anti-spam measures I spent a lot of time deleting spam.  Not exactly fun.

Oh I have helpers don't worry. 

The spammers aren't really bad in one sense, in that they don't really post anything. That's not to excuse the scummy rats but it doesn't clog up the forum with crappy posts. It does clog up the member list with members who have ads for signatures and spammy website links. Therefore I don't want them registering.

I don't know why, but this topic interests me greatly. I've even asked for a spam discussion board here, because I think it would be a place for members to exchange ideas on this "war" more easily. Maybe it's a dumb idea ... won't be the first dumb idea I've had.

But hey thanks for contributing. Tomorrow I'll go with the verification question only and see what happens. Maybe it's possib;e that all the anti-spam mods aren't really needed, but rather only a good, hard verification question. This thread will serve to at least show one data set collected by a forum owner.

[Arantor]

Maybe it's possib;e that all the anti-spam mods aren't really needed, but rather only a good, hard verification question

It's all I use on Game Memorial No spam posts yet. The problem with a 'good hard verification question' is that few people seem to be able to write them.

[xrunner]

Overnight, I got Zero registrations using notcaptcha and my security question.

Now I've disabled notCaptcha and the visual verification, and have only my security question.

Let's see what happens over the next few hours.

[darkknight89]

I still haven't had any spammers attempt to register since adding your security question. 

[xrunner]

I still haven't had any spammers attempt to register since adding your security question.

Yep, it's the question and only the question.

I just got back home and no spammers registered. All I have is the question.

Now, I want to focus on the question -

You can't post ANYTHING or use your account until an Admin approves your account based on spam databases and heuristic screening criteria - you will not be registered until this approval is complete - if you still wish to apply enter "notspammer" without the quotes in the box:

It's clear that the actual answer is not a mystery - it's revealed in the question. When I devised the question I had thought they would read it and seeing that they wouldn't be able to access the account, they wouldn't bother wasting their time.

Kindred says -

I will once again point out that it is not the words in that question which stop them... It is the phrasing which makes it difficult for the automatic parsers to figure out what to respond.
The spammers do not read the question and don't care what it says except for the fact that they can not auto answer it.

If that's the case I want to see just how simple a question can be before they can get an answer in the box. I think we all agree that questions like "one plus one = ?" is too simple. My question is too hard. What's "in=between"?

For example between this -

"Please read this question before registering because what you are required to do is enter an answer in the box and the answer to enter before you can register is "fudge" without the quotes.

and this -

The answer is "fudge".

What's an "in-between" level of difficulty between those two questions?

I created a new forum called Spamhaven here -

http://www.atheistthinktank.net/spamhaven/index.php

I installed SMF 2.1 Alpha 1

I actually want to get spammers to register, How do I actually attract spammers to it?  I want to get it into their database so I can use it to experiment with the spammers.

By the way, why are the visual verifications even still in v2.1 if it's clear they do not stop spammers? Wouldn't it be better to remove them so as not to give new Admins who don't know better a false sense of protection?

[Kindred]

probably because a) they do provide some minimal level of protection and b) it's a bother to take them out right now.

[Arantor]

Because it would be a bad idea to leave new installs *totally unprotected*. There is at least a level of protection, albeit small, and it does still stop some spammers. But it really needs some love to continue to be useful.

[darkknight89]

I initially started my forum only with the captcha image enabled and no other anti-spam measures.  I then added a security question "What is 2+1?" but like you said, Xrunner, it was too easy and basically useless.  It was then that I added the Stop Spammer mod and it kept the forum clean for awhile but was a pain having to clear around 1000 "members" a day from that.  I might experiment with the question as well at some point but I'd rather not mess with it too much right since there were a few spammers that slipped through before I added that.

[xrunner]

I initially started my forum only with the captcha image enabled and no other anti-spam measures.  I then added a security question "What is 2+1?" but like you said, Xrunner, it was too easy and basically useless.  It was then that I added the Stop Spammer mod and it kept the forum clean for awhile but was a pain having to clear around 1000 "members" a day from that.  I might experiment with the question as well at some point but I'd rather not mess with it too much right since there were a few spammers that slipped through before I added that.

No don't bother with it on your forum. I'm the guinea pig on this one.

So does anyone know how to actually attract the spammers? I want them to register at the spammer test forum.

[darkknight89]

That seems to be the million dollar question.  I don't have any spammers at all on my dev site even without mods.  If I had to guess I attracted attention by having a few links to my forum show up in Google from before I even started using SMF and they just followed when I moved over to SMF.

[xrunner]

That seems to be the million dollar question.  I don't have any spammers at all on my dev site even without mods.  If I had to guess I attracted attention by having a few links to my forum show up in Google from before I even started using SMF and they just followed when I moved over to SMF.

I've read here of people that set up forums and are immediately overrun with spammers. Now when I want spammers, I can't buy one.

By the way SMF 2.1 looks very pretty. 

If you know any spammers please send them to Spamhaven - currently no anti-spam measures at all!

Spamhaven

[Irisado]

This reminds me of all the spam users I used to have to ban on a weekly basis at an old phpBB that I used to run.  Back then, myself and the other admin had to approve registrations manually to stop the spammers.

[darkknight89]

I almost resorted to doing that but really didn't want to.  That would really suck for a tech support forum to have to do that.

[xrunner]

I just changed the question to this -

What does 2 + 5 =?

After I see they can answer that, I want to play a game with a second question (in addition to the question above) ... 

I have had no spammers since I went back to the question that they can't answer, so as soon as I see a spammer or two I'll add the second question.

[xrunner]

Almost immediately I got spam registrations, as expected -

czhanpw92
NikoleThe
Publaganbgw
Birkinnjhspy

They must have a computer program that generates those stupid names.

Now I will add a second question -

Take the answer from the first question and multiply it by ten, what is the answer?

(Answer is 70)