STOP!!! Opening and viewing topics that are obvious scam

Discuss the latest LMMS news with other forum members.
STOP!!! Opening and viewing topics that are obvious scam and or illegal !
Do not respond to topics that anyone can see is not LMMS or music related.
Every time you responds to a topic like the moron panhandling illegal pharmaceutica, you vindicate his afford, and create even more junk posts on our board.
Never open any topic of that kind! Simply IGNORE them!
Tyia!
musikbear, is it not possible for moderators to block a spammer's account entirely so they cannot post anymore? This seems to me like a spreading problem, and leaving it unchecked could cause a more-than-minor issue.
Monospace wrote:
Tue Jul 20, 2021 4:19 pm
musikbear, is it not possible for moderators to block a spammer's account entirely so they cannot post anymore? This seems to me like a spreading problem, and leaving it unchecked could cause a more-than-minor issue.
Yes when i block the IP that specific user should not be able to post again, but if he used session-ip, it wont work. We also block the username, but since its a bot, it will just create a new user.
Further more are we connected to a stop-spamming network, where all spammers are registered

..But still
They come..
..as the song says
Hi, i dont know if this is of any help at all for you, but when i read this post about spam, something immediatly clicked. A little while ago i read an interessting article about a solution for related issues. It is a simple and pretty brilliant concept. It is called "Trolldrossel (troll throttle, troll brake)". It was invented by german IT-Security-Expert (Linus Neumann, ChaosComputerClub Germany). If you can code php it should be a breeze to build such an extension.

The Concept: Use a wordlist which contains the terms and phrases and expressions, which are used by the spammers. thats your foundation to build upon. then you need a function which calculates the keyword density in those spam comments. lets say for example somebody is spamming for those pills for guys that have certain issues. you could use tbe brandnames,, productnames, the pharmacies names, or the referrallinks for the landing page. in case a comment or article is beeing posted which meet the criteria you put on the list, the user is forced to solve a capture again - even if it was right. that way the bot will hang forever in the captcha loop.

another method which is more or less the same concept would be a tarpit. it uses a configurable delay between the clients (bot) request and the servers answer - every time a request comes in, a counter is incremented. lets say you set a max value of posts per hour. if a user exceeds those 5 posts, the delay is applied. i think starting with 60 seconds for post nr. 6, and 60 (3mins waiting time for post nr 7, 4 mins for nr. 8...)more for each following post from that ip / user, should be a good starting point to not stop the real users from posting stuff.

It is unfortunatly not a perfect solution, but i hope that it may be worth considering as a nice addition to get this under control. i know from experience that it really is a nasty thing to have to deal with (spammers used my email and i received all the bounces - that adress is completly unusable to the day. and as a consequence of this i had to change all of my external accounts emailadresses I was young and naiv enough to use one email for all accounts. learned my lesson the hard way).

I dont know if there is an english translation available but the there is certainly plenty to find in german. In case you shouldnt find what you are looking for, feel free to contact me by DM. i will dig up some links for you then.

regards,

sven
Ooh man, good point. I read your post, though, and then i realised that literally everything spammers send is all link and very little actual text (or no plaintext without links), which suddenly makes this feature a LOT easier to code in.
Of course, the first few dozen should be run through mods to check, and there should be a threshold level of previously sent posts in the past, say, six-12 months? (spammers don't generally target recently used accounts) for which the text isn't checked for hyperlink density.
Also note that sometimes a person may hyperlink their entire message, and we don't want this getting red flagged. Should be relatively easy to code in, though: if someone's entire message consists of link without any non-link text, AND all the link text displays is simply the link location and does not consist of any user-typed text string (get me here? the link shouldn't display hyperlinking text, it should display the link itself), then it should be flagged and temporarily taken off.
Of course, this will have to be coded slightly differently for music projects category, where it is possible people just link their music without any follow-up non-linking text (not sure if it's happened before, but plausible.)
Glad it was some helpful info that makes your life easier. And yes, i do get you with the "hyperlinking" text. you man the last part before you end the a href tag, which is actually shown to the user in its browser instead of the underlying htt_p: and so on link.

it should really only be a matter of keeping the right wordlists. you could actually put the attributes for the exptions in an exceptionlist. this way you d have a set of lists which are 100% customizable to your needs.

and one more which i just came across on site, which has spam issues with bots which are registering and posting: the actually (LOL) fight the spambots with spamblockingbots (/LOL). if you are curious, i ll try to find the link in my history and will share it.

EDIT: I dont know how regular you guys check the posts on the board, but this one is waiting for approval for three days. i really dont mind, just wondering. i ll take the chance and make an addition that just came to mind.
finetuning:

2nd instance with counterchecking running simultaniously,
double match = definitive hit.

(1st= whitelist, 2nd blacklist

((tweak results with weighing priorities, 0 low, 10 high, as if you d use nice on a process on a linux box, but for deceiding which
driver /<<kernel module>> to load. that would avoid an "undeceided" situation - which will default to exit prog with errorcode returned and logged, next... from the logfiles you could extract the remaining unclear ones and review them manually, a tag on the comment could be implemented to run a search for "unsure, please review" comments throughout your DB. )).

or 1st htmltags 2nd keywordcounter etc etc)

This way the solution is perfectly scalable.

btw, if you are not making this a public post for security reasons, i understand that. i wouldn´t necessarily put all internal documentation on "everyone can read"-permission. but a short info would be nice. perhaps we should switch do DM for this conversation. perhaps i did miss irony in your post? well.. however... if you are interessted in a conversation, i m sure you know how to add a user to your list. i d be happy, if i could be of any help to support this project.
Monospace wrote:
Tue Jul 20, 2021 4:19 pm
musikbear, is it not possible for moderators to block a spammer's account entirely so they cannot post anymore? This seems to me like a spreading problem, and leaving it unchecked could cause a more-than-minor issue.
Agreed! It is easier to filter spammers on at the maintenance level
The idea with a list is not bad, if only the bots was not using legit text from either our own board, or other boards. If you take a look at some of the spammers, they are typically using a set of phrases, that you would expect in a legit post, and only in the last part, they jam in their advertising.
Auto cleanup would then either kill real and legit posts, or still let the spammer through. The stop-spam-list, is atm a 'functional solution'. at least the huge carpet bomb-attack with 100 of posts, has become rare and the 'leftovers' are not so tedious to remove.
I wont say that spam is a thing of the past, but it not as bad as it used to be.
..And now i Jincx'ed it..
Expect a burning forum tomorrow.. 🙄