Less than a week ago, a new flood of spammers suddenly hit. It was taking a lot of time to ban and kick them all out, so we had to shut down new registrations until we could find out what's going on and figure out a solution. One speculation is that there's a hole in phpBB software that was discovered and recently all the spammers have passed the info around. Today a legitimate new member asked that the registrations be allowed briefly so he could get in. In two and a half hours, nine new spammers got in, and one of them posted 12 spam messages. We do of course want new members who come for the right reasons, but we absolutely will not tolerate spam, and we kick out many, many spammers for each legitimate user who comes.

What Mike will probably end up doing is saying that if you want to sign up, email us. No more automatic sign-ups. I'm on here countless times every day though, so you won't have to go many hours before you're in if you're legitimate. Details are not worked out yet.

_________________
http://WilsonMinesCo.com/ lots of 6502 resources
The "second front page" is http://wilsonminesco.com/links.html .
What's an additional VIA among friends, anyhow?

The most recent spam barrage occurred just a few hours ago and was posted by someone in what appear to be a Nordic language. His(?) user profile said he(?) was in Vietnam, which seemed unlikely (I know what Vietnamese written in the Roman alphabet looks like).

It's a real shame that there are <expletives> who just have to act like <expletives> and spoil the experience for everyone else.

_________________
x86?  We ain't got no x86.  We don't NEED no stinking x86!

Hi Garth, for as long as this holds true, please can you make this a sticky post?
Ta

In the old days, you had to leave your phone number and be voice verified by phone.
I support that approach unless there is a cost like overseas calling. Most plans have free nationwide calling.

Old days? Like for BBSs where you had to dial a phone number to the actual site, meaning they were mostly local, because of the otherwise astronomical long-distance phone bills? Our older son got on a Commodore 64 BBS back then, and ran up $70 in one month downloading software, even though he did it late at night when the rates were lowest. I can't remember if that was with a 300 baud modem or a 1200. I think we have both.

When I was signing up on Rob Finch's bcCPU processor-design Yahoo forum years ago (not long before it went dormant), I felt like I had to write a resume. It was fine though. When you're there for the right reason, it's not hard to prove it, and I was glad for the assurance that spammers weren't going to be getting in. BTW Rob, what happened to that forum?

I got on another Yahoo forum for a historic electric car and had to write something for the moderator to determine that I wasn't a spammer, but the maximum character count was so low it took extra time to figure out what letters I could leave out like a text message. After all that, I haven't paid any attention to it.

_________________
http://WilsonMinesCo.com/ lots of 6502 resources
The "second front page" is http://wilsonminesco.com/links.html .
What's an additional VIA among friends, anyhow?

I believe the weakest possible test would be very successful - the spammers are often not human and certainly aren't technically engaged with the site. To make any kind of living they must have to spam on hundreds of forums daily. Any low barrier and they'll move on.

One problem is, that spammers _never_ learn.

The other problem is, that most of them never did read this:
http://en.wikipedia.org/wiki/Hacker_ethics

Hmm, I stand corrected.

The forum requires a new registrant to:

1. Answer a general question about the 6502
   
2. Provide a valid email address and click a link in a verification email
   
3. Not be found on the Stop Forum Spam database

We've had the first two for a long time. They worked reasonably well until last week when we started getting floods of spam registrations. I temporarily disabled registrations, added the Stop Forum Spam check, and enabled registrations again yesterday. About 150 (yes, one hundred and fifty) registrations have been blocked since I turned registrations back on. Even with all of these measures, we still had one spambot successfully register this morning.

Garth and I have been dealing with the spam problem behind the scenes for years. We may add more measures or may eventually require manual activation for new users.

_________________
- Mike Naberezny (mike@naberezny.com) http://6502.org

It's like trying to kill off cockroaches...

_________________
x86?  We ain't got no x86.  We don't NEED no stinking x86!

I've been reading about how another forum deals with spam. Maybe it can give you some ideas. Maybe ask more than a couple of questions on registration and change them around a bit.

http://dangerousprototypes.com/2011/02/ ... in-phpbb3/

PhpBB3 MOD: phpBB spam hammer

http://dangerousprototypes.com/docs/Php ... _new_users

I am a moderator on another forum where first posts with links are automatically placed in a moderation queue. Then they're easily killed off by a one-button clean&ban by any of the moderators. This takes care of the majority of spammers. But, as ttlworks said, spammers never learn.. the same type of spammers (mostly 'download this movie' type) keep posting again and again, despite never showing up as posts due to the automatic moderation.

However, quite a few spambots and human spammers just keep posting non-interesting replies to threads for some time, without links, some of them for 30 days (so they can escape the one-button clean&ban which only works for relatively new members - it's apparently a Vb feature). Then suddenly spam and spam links appear in the signature. (If it was up to me I would remove the signature feature altogether, except for moderators who can keep FAQ links etc. there).

Moderators can relatively easily notice the spammers anyway by their trivia posts (or, for bots, injecting some text from an earlier post by somebody else). However this requires a lot of manual work. You essentially have to read every post.

-Tor

I do. I also investigate every single new member for their spam history on other forums; but although I check the forum countless times a day, I do sleep sometimes. I've banned and kicked out a lot of spammers based on their history on other forums, before they did a single post here or added a signature line. They think they can look innocent, but they leave a trail.

_________________
http://WilsonMinesCo.com/ lots of 6502 resources
The "second front page" is http://wilsonminesco.com/links.html .
What's an additional VIA among friends, anyhow?

How about paid memberships? Members who are already here are exempt. New Registrations pay $10.00 which is refundable after 1 year if they have a post count and are in good standing or they can donate it to the owners of the board.
I think that would keep spammers out if they had to pay to join or it would generate lots of support.

The only problem I foresee with expecting a "deposit" as a condition of membership is now the forum is expected to be up 24/7 because people have paid for access. That puts an onus on Mike to immediately drop everything and tend to the server/software/Internet connection, or whatever it was that caused the forum to go down. Dunno about Mike, but I wouldn't want to be in that position for a hobby forum site.

_________________
x86?  We ain't got no x86.  We don't NEED no stinking x86!