Just some figures:
There was more than 1800 spam posts Sunday evening (few online mods this day -
like me - I guess).
The top posters had about 135 posts then 70 (single accounts). IP seems to be
in Bangladesh.
Almost 200 accounts have been banned in 3 days (from Apr. 19to Apr. 22).
I've set a flood limit at 120 seconds and the posts were then following every
120s too, so I think the denial of service is a good hint. It would confirm the
shut down of the forum (too many connections) on Apr. 18. I've reset twice the
most users online count: has been 2100 on Apr. 18 then 1825 on Sunday! Max
number has never been above 300 at normal time.
There are some MODs against spam so a pure phpBB solution should be enough. But
we need the right adminfor that. It's under progress with imacat.
Hagar
Le Mon, 23 Apr 2012 17:46:09 +0100, Rory O'Farrell <[email protected]> a écrit :
On Mon, 23 Apr 2012 10:23:28 -0600
"F C. Costero"<[email protected]> wrote:
Thanks for the input Rob. I will pass it on to the forum. Some of the
volunteers commented over the weekend that it was more like a denial
of service attack. At one point the forum did become unavailable but
Hagar contacted Infra and it was back on line promptly. A few spam
messages are still coming in, at a rate I would have called high
before last week, but things remain vastly better than the weekend.
Francis
What you are seeing is odd. A successful spammer does not work this
way. They want their posts to survive and persist, to have impact. To
build up Google Pagerank they want posts on 400 different websites
rather than 400 posts on one website. It doesn't make sense to send
400 to one website, since that will obviously draw attention from
moderators. This sounds more like a denial of service attack than
spam.
But a few ideas that might work, based on my experience running forums:
1) Change the CAPTCHA used in your registration. What you have right
now is too easy.
2) Much forum spam is targeted at getting links to raise their search
engine position. You can remove that incentive by ensuring that all
links given by users are given the rel="nofollow" attribute. Most
major sites, like Wikipedia, online newspapers, etc., do this in order
to reduce the incentive to add spam. I have the impression that the
spammers search the web for high Pagerank websites that do not cloak
their URL's with nofollow. These sites are targeted by spammers. If
we get off that list, then we'll get less spam.
3) Longer term, maybe there is some way we can run forum posts through
Apache's SpamAssasin? It would probably require some custom app dev
with phpBB, but it could result in a very sophisticated anti-spam
solution.
-Rob
Francis
The situation is improved on what it was, but still unacceptable. I have
Moderator privileges on the Forum and in 3.5 hours I have banned at least 15
spammers and directly deleted their postings/topics rather than move them to
holding locations, as I see no need to clutter these up with undoubted spam;
there have been sometimes as many as five or six postings by a spammer. Acknak
and Hagar have also been active during that period and I do not include their
totals; the moderator logs which are accessible to Apache Observers will show
the extent of the problem, which a visit to the main pages of the Forum will
not, as we are trying to keep the Forum running as normally as possible.
