It's too easy to spam this forum

If you have any 'mechanical' forum or Joomla! sites related issues/suggestions with joomla.org, community.joomla.org, forum.joomla.org, vel.joomla.org.
Forum rules
READ ME <-- please read before posting, this means YOU.
Post Reply
User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 8009
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

It's too easy to spam this forum

Post by sozzled » Mon Aug 26, 2019 11:08 pm

I love this forum. I love the questions that are asked; I learn much from the questions, comments, opinions, thoughts that people have about Joomla. This forum provides me both with information as well as with a source of entertainment ... regardless of whether I agree or disagree with other people's views.

Like most people, I don't like junk: I don't like advertising, discussions that veer so widely off-topic that we forget why we're here, nuisances ... spam.

Every day we see a dozen or more spam posts here. I'm not talking about other people's forums: I'm talking about this one.

The forum moderators here do a fine job. They're not thanked for what they do (and I think that's disappointing that they're not thanked) but it's a full-time job. The forum moderators who are active on the forum (i.e. they're here every day) are mostly located in Europe (or within a few hours' travel from Europe) and, obviously, they can't monitor every discussion (in every language) that appears on the forum. They rely on us forum users to advise them when we see something that is amiss. They rely on us reporting forum abuse. They react after-the-event. The forum abuse has to occur before they can act.

Where does the spam come from? Almost all of the spam originates from fake user accounts created by 'bots. After these fake accounts are registered, human actors use those accounts—sometimes immediately, sometimes days or weeks afterwards—to post their garbage. Some forum junk is posted automatically by non-human actors (i.e. spam 'bots) specifically designed to advertise products, services or scams.

As evidence of this, since the forum was created on 12-Aug-2005, there are now 733,939 forum accounts. That is, after 5,128 days since the forum was created, on average over 140 accounts are created every day (or, roughly, 10 accounts per minute) in that time.

Less than one forum account in every ten is actually used to post a message on the forum. That is, 90% of all forum accounts never visibly interact with the forum or they're used to post junk.

What prevents fake account registration? There isn't a high bar to cross to create a forum account: you just need an email account, fill in a couple of text boxes, click the CAPTCHA and you're done. The forum rules state that email addresses used with account registration must be legitimate (i.e. disposable addresses are not allowed) but there's not mechanism to verify that an email address exists or that it's not one of those "disposable" ones.

CAPTCHA does not prevent registration 'bots. If it did prevent non-human means of account registration then we would not see 10 account registrations/minute.

IP blocking doesn't work, either. This is because many automated registration agents use fast-flux DNS networks.

"Stop forum spam"/heuristic algorithms don't work either because, in the time it takes for honeypot farms to identify one source, hundreds of other sources are created. It's a losing battle trying to keep pace with the wave of spam sources.

Is it a problem for this forum? It depends on which side of the fence you live. I can't speak for the forum management team; it may not be a problem for team members. I can only speak for myself. I think it's a problem, even if other people may disagree with me. I'm simply providing my feedback about this forum and one of the problems that I see with it.

How does this forum deal with spam? At the moment, there is only one mechanism for "taking out the garbage". The garbage needs to be brought to the attention of forum moderators (by using the "Report this post" feature) and, when they next visit the forum, they physically take action. There is not a 100% consistent approach to dealing with spam: most forum moderators delete the spam posts and block the forum account used to create it :) ; some forum moderators do not block the offending forum account :( ; some forum moderators do neither (especially in the international/foreign-language forums that are not regularly patrolled) :eek: .

Can the problem be resolved? Well, it largely depends on whether the forum management team agrees that there's a problem in the first place. It may also depend on whether there are other mechanisms in the forum software (phpBB) that can overcome the high success rate of registration 'bots that bypass CAPTCHA and use disposable email addresses, etc. It also depends on a will to do something about it. These are questions that I cannot answer.

Another facet of the problem resolution lies in having enough forum moderators so that the forum can be monitored continuously, instead of monitoring the forum only 60-70% of the time.

Summary

I would like to know if the forum management team have any plans to address the issues I have raised.
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

gws
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3940
Joined: Tue Aug 23, 2005 1:56 pm
Location: South coast, UK
Contact:

Re: It's too easy to spam this forum

Post by gws » Tue Aug 27, 2019 6:28 am

I agree with sozzled on this. We need more moderators now. I also believe a method (icon / flag) to show a post has been reported would be useful, it would show the spammer they have been sussed and would save the rest of us from trawling through worthless posts.

Physicist
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 121
Joined: Sat Apr 14, 2007 9:16 am
Location: Russia
Contact:

Re: It's too easy to spam this forum

Post by Physicist » Tue Aug 27, 2019 6:59 am

sozzled wrote:
Mon Aug 26, 2019 11:08 pm
(or, roughly, 10 accounts per minute)
1 account per 10 minutes, to be correct.
Denis Ryabov, Lead Developer of Mobile Joomla! extension (https://www.mobilejoomla.com/)

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 8009
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: It's too easy to spam this forum

Post by sozzled » Tue Aug 27, 2019 7:06 am

@Physicist: :D Yeah, I was good with mathematics (when I was at university) but I've always been unreliable with arithmetic! You're right: one new account is created every ten minutes. Thanks 8)
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 8009
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: It's too easy to spam this forum

Post by sozzled » Tue Aug 27, 2019 7:26 am

Thank you, @gws. What a great idea! Visibly flag a post (so that the rest of us can see when it has been reported)! Admittedly, I report more than a dozen posts every day but most of them are not for spam. Most of them are requests to the forum moderators to move a topic from one forum category to a more appropriate one.

(Today was an unusual day; there was a flood of forum spam. I reported about thirty posts.)

I don't know whether it's feasible to implement a "reported" flag in this forum but I think it's a good idea. 8)
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

Physicist
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 121
Joined: Sat Apr 14, 2007 9:16 am
Location: Russia
Contact:

Re: It's too easy to spam this forum

Post by Physicist » Tue Aug 27, 2019 8:11 am

What about integration with a 3rdparty spam-filtering system? There is one added to joomlaforum.ru (Russian Joomla community forum) several days ago, and there are no spam messages since that time (previously there were 10-30 per a day).
Denis Ryabov, Lead Developer of Mobile Joomla! extension (https://www.mobilejoomla.com/)

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 8009
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: It's so easy to spam this forum (examples)

Post by sozzled » Tue Aug 27, 2019 9:46 am

To illustrate my point about number of fake user accounts on this forum that are not intercepted by the registration procedure, see the following screenshot:
bot-generated_forumUsers.jpg
You will see that the second one in the above list has not (yet) posted anything on the forum (and therefore has not been banned).
You do not have the required permissions to view the files attached to this post.
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

User avatar
Per Yngve Berg
Joomla! Master
Joomla! Master
Posts: 26121
Joined: Mon Oct 27, 2008 9:27 pm
Location: Akershus, Norway

Re: It's too easy to spam this forum

Post by Per Yngve Berg » Tue Aug 27, 2019 1:45 pm

Reported posts are marked with a red exclamation sign. Maybe they are only visible to moderators.

gws
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3940
Joined: Tue Aug 23, 2005 1:56 pm
Location: South coast, UK
Contact:

Re: It's too easy to spam this forum

Post by gws » Tue Aug 27, 2019 2:46 pm

Yes they are not visible to users.

User avatar
bruno28
Joomla! Explorer
Joomla! Explorer
Posts: 349
Joined: Wed May 16, 2012 5:41 am
Location: Chartres, France
Contact:

Re: It's too easy to spam this forum

Post by bruno28 » Tue Aug 27, 2019 4:29 pm

I confirm they are not visible by us and sometimes when I report a post with spam it is already reported but We can't see it until we want to report
Cordialement, Bruno28 :)
Joomla! 3.9.13 - php 7.3
https://www.bp2i.fr/ - https://www.moneglisesurle.net/

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 8009
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: It's too easy to spam this forum

Post by sozzled » Fri Aug 30, 2019 11:33 am

There have been thirty-six new accounts created today (and the day is not yet over):
  • Five accounts have been banned; three more accounts have been reported for various forum abuse. This represents 22% of today's new accounts (or just over one in five) have posted forum graffiti.
  • Six accounts (or 16.7%, or one-sixth) of today's new accounts have posted forum messages that are probably not rubbish.
  • The remaining twenty-two new accounts (61.1% or nearly two-thirds) have not posted anything.
One wonders why so many people register every day and post nothing? I believe that the reason is because this forum is an open invitation for forum scammers to dump their junk here and cause the forum moderators and the members of this community unnecessary work.

That's why I think we have a problem. Still waiting to hear from the forum moderation team about whether this topic is being given any consideration.

UPDATE: Within two minutes of posting this topic, there was another new account registration for the purposes of advertising ... digital water meters!!! Oh, good grief. I'm not going to re-calculate the percentages. :laugh:
You do not have the required permissions to view the files attached to this post.
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

User avatar
Per Yngve Berg
Joomla! Master
Joomla! Master
Posts: 26121
Joined: Mon Oct 27, 2008 9:27 pm
Location: Akershus, Norway

Re: It's too easy to spam this forum

Post by Per Yngve Berg » Fri Aug 30, 2019 6:34 pm

I got an idea. We could deny users from registering in the forum unless they click a confirmation link in the back-end of their Joomla web site. That way only users with a Joomla web site will be able to register.

User avatar
bruno28
Joomla! Explorer
Joomla! Explorer
Posts: 349
Joined: Wed May 16, 2012 5:41 am
Location: Chartres, France
Contact:

Re: It's too easy to spam this forum

Post by bruno28 » Fri Aug 30, 2019 6:54 pm

Yes, it is a good idea. Will it work for those working on localhost ?
Cordialement, Bruno28 :)
Joomla! 3.9.13 - php 7.3
https://www.bp2i.fr/ - https://www.moneglisesurle.net/

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 8009
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: It's too easy to spam this forum

Post by sozzled » Fri Aug 30, 2019 8:24 pm

Per Yngve Berg wrote:
Fri Aug 30, 2019 6:34 pm
I got an idea. We could deny users from registering in the forum unless they click a confirmation link in the back-end of their Joomla web site. That way only users with a Joomla web site will be able to register.
Thank you, Per, for your idea. What about people who are having problems installing J! in the first place? What about people who want to ask questions about Joomla activities (e.g. Joomla events, the magazine), seeking professional services, etc.? These people may not have a "backlink" URL to submit.

Further, I agree with @bruno28
bruno28 wrote:
Fri Aug 30, 2019 6:54 pm
Will it work for those [using] localhost?
If the website is isolated behind a firewall (e.g. intranet) or doesn't exist on the internet then there's no URL. Also, some people may not want to disclose the URL of their website for any number of reasons. This therefore discriminates against a range of forum users.

Money—that is, paying for the right to use the forum—doesn't discriminate (except against those people who are unwilling to part with it). ;)
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 11767
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: It's too easy to spam this forum

Post by brian » Sat Aug 31, 2019 10:53 am

I just want to say thank you to the awesome forum moderators and global forum moderators. It's always easy to make suggestions - its much harder to actually do it
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 8009
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: It's too easy to spam this forum

Post by sozzled » Sat Aug 31, 2019 9:55 pm

Thanks, @brian. I wouldn't go as far as saying the forum moderators are awesome.

Image

brian wrote:
Sat Aug 31, 2019 10:53 am
It's always easy to make suggestions - its much harder to actually do it.
Actually, that hasn't been my experience. It's actually pretty difficult to make suggestions—taken credibly—that make a difference. C'est la vie. I'm not making any suggestions at the moment; I'm just providing feedback.
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 11767
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: It's too easy to spam this forum

Post by brian » Tue Sep 03, 2019 6:39 pm

> Thanks, @brian. I wouldn't go as far as saying the forum moderators are awesome.

Thats why your "feedback" might get less of a response than that of others. Plus your repeated demanding that people do things to your timescale doesnt go down well.
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 8009
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: It's too easy to spam this forum

Post by sozzled » Tue Sep 03, 2019 6:54 pm

???

I have absolutely no idea what prompted your response, Brian.

My feedback is just that: feedback. No inverted commas around the word; nothing untoward in what I wrote (or what I intended to write). It was just honest, politely written, feedback with a request for some answers. That's all. I don't believe I made any demands. If I've repeated anything, it's only to raise the level of awareness about this issue.

I made a promise to myself last week to make a genuine effort to say "Thank you" to people who ask questions or reply to what I post on the forum. In keeping with that promise, thank you, Brian, for taking the time to comment, even though I don't quite fathom the depth of what you mean.
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 8009
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: It's too easy to spam this forum

Post by sozzled » Thu Sep 05, 2019 9:11 pm

sozzled wrote:
Mon Aug 26, 2019 11:08 pm
There is not a 100% consistent approach to dealing with spam: most forum moderators delete the spam posts and block the forum account used to create it :) ; some forum moderators do not block the offending forum account :( ; some forum moderators do neither (especially in the international/foreign-language forums that are not regularly patrolled) :eek: .
I understand that banning spam/fake accounts is a three-stage process. The first stage is to delete the offending forum posts; the second stage involves removing the offending account's ability to login to the forum; the third stage involves changing a forum user's rank to "I have been banned".

It seems that these three parts to banning users are not automatic; that is, it takes forum moderators more than a single mouse-click to perform the action (and sometimes some of the steps are omitted). Therefore, I have understated my estimate of the amount of fake user registrations and the spam they generate. The number of fake accounts is at least 25% of all new forum accounts but it's probably higher than that.
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

bobinski
Joomla! Intern
Joomla! Intern
Posts: 81
Joined: Mon Aug 26, 2019 12:24 pm
Contact:

Re: It's too easy to spam this forum

Post by bobinski » Sun Sep 08, 2019 2:35 am

Would an email confirmation help? I don't remember doing one.

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 8009
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: It's too easy to spam this forum

Post by sozzled » Sun Sep 08, 2019 3:02 am

Thank you, @bobinski, for your question. It's been several years since I created the one and only account that I use here and I can't remember everything. :laugh: I think that, for human users, there is a requirement to read an email and submit a "token" to activate the account.

However ...

... there are also black-hat techniques that bypass the account creation/activation safety features. As mentioned earlier in this topic, the forum rules state
When registering, a valid email address has to be used. Disposable email addresses are not permitted. If found, we will remove the account in question.
The problem is that email addresses are not verified at the time someone completes the new account form; verification occurs after that event. What we're seeing are new accounts being created en masse by automated processes and they lie there, dormant, awaiting activation later.

This helps to explain why two-thirds of all new accounts never post anything on the forum. These accounts are created, yes, but they're currently inactive.
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

gws
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3940
Joined: Tue Aug 23, 2005 1:56 pm
Location: South coast, UK
Contact:

Re: It's too easy to spam this forum

Post by gws » Fri Sep 20, 2019 9:38 am

Would it help if the newly registered user had to make a post within 1 hour of registering? I cant think of any reason for a legitimate user not to post a question very soon after they register,the automated bots will not post so after 1 hour their registration is just cancelled.

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 8009
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: It's too easy to spam this forum

Post by sozzled » Fri Sep 20, 2019 10:14 am

That's a good idea (I'll put that one down in my notebook for future reference). :) Thanks.

Still doesn't address the real issue here:
sozzled wrote:
Mon Aug 26, 2019 11:08 pm
Is it a problem for this forum? It depends on which side of the fence you live. I can't speak for the forum management team; it may not be a problem for team members. I can only speak for myself. I think it's a problem, even if other people may disagree with me. I'm simply providing my feedback about this forum and one of the problems that I see with it.

...

Summary

I would like to know if the forum management team have any plans to address [any of] the issues [we] have raised.
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 8009
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: It's too easy to spam this forum

Post by sozzled » Thu Oct 03, 2019 8:32 pm

I'm not trying to resurrect this topic to seek commentary from others. After spending a few years reporting as much spam as I can find (as I know other like-minded members of the community also do) and posting my views about spam at this forum on this forum, I've given these things up as a lost cause. So, just for the record, I will not write anything more on this forum about spam.

Because no-one from the forum management team has responded to this topic (or deliberately ignored it to hope that the matter disappears), I must conclude that the team doesn't see this as a problem. That's where I shall let things be. I'm not unhappy or disappointed; I'm just accepting the reality of the situation.

I have stopped reporting spam posts to the moderators.
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)


Post Reply

Return to “Sites & Infrastructure - Feedback/Information”