On Mon, 23 Apr 2012 21:35:18 +0200 Hagar Delest <[email protected]> wrote:
> Just some figures: > There was more than 1800 spam posts Sunday evening (few online mods this day > - like me - I guess). > The top posters had about 135 posts then 70 (single accounts). IP seems to be > in Bangladesh. > Almost 200 accounts have been banned in 3 days (from Apr. 19to Apr. 22). > > I've set a flood limit at 120 seconds and the posts were then following every > 120s too, so I think the denial of service is a good hint. It would confirm > the shut down of the forum (too many connections) on Apr. 18. I've reset > twice the most users online count: has been 2100 on Apr. 18 then 1825 on > Sunday! Max number has never been above 300 at normal time. > > There are some MODs against spam so a pure phpBB solution should be enough. > But we need the right adminfor that. It's under progress with imacat. > > Hagar > > > Le Mon, 23 Apr 2012 17:46:09 +0100, Rory O'Farrell <[email protected]> a écrit : > > > On Mon, 23 Apr 2012 10:23:28 -0600 > > "F C. Costero"<[email protected]> wrote: > > > >> Thanks for the input Rob. I will pass it on to the forum. Some of the > >> volunteers commented over the weekend that it was more like a denial > >> of service attack. At one point the forum did become unavailable but > >> Hagar contacted Infra and it was back on line promptly. A few spam > >> messages are still coming in, at a rate I would have called high > >> before last week, but things remain vastly better than the weekend. > >> Francis > >> > >> > >>> > >>> What you are seeing is odd. A successful spammer does not work this > >>> way. They want their posts to survive and persist, to have impact. To > >>> build up Google Pagerank they want posts on 400 different websites > >>> rather than 400 posts on one website. It doesn't make sense to send > >>> 400 to one website, since that will obviously draw attention from > >>> moderators. This sounds more like a denial of service attack than > >>> spam. > >>> > >>> But a few ideas that might work, based on my experience running forums: > >>> > >>> 1) Change the CAPTCHA used in your registration. What you have right > >>> now is too easy. > >>> > >>> 2) Much forum spam is targeted at getting links to raise their search > >>> engine position. You can remove that incentive by ensuring that all > >>> links given by users are given the rel="nofollow" attribute. Most > >>> major sites, like Wikipedia, online newspapers, etc., do this in order > >>> to reduce the incentive to add spam. I have the impression that the > >>> spammers search the web for high Pagerank websites that do not cloak > >>> their URL's with nofollow. These sites are targeted by spammers. If > >>> we get off that list, then we'll get less spam. > >>> > >>> 3) Longer term, maybe there is some way we can run forum posts through > >>> Apache's SpamAssasin? It would probably require some custom app dev > >>> with phpBB, but it could result in a very sophisticated anti-spam > >>> solution. > >>> > >>> -Rob > >>> > >>> > >>>> Francis > >> > > > > The situation is improved on what it was, but still unacceptable. I have > > Moderator privileges on the Forum and in 3.5 hours I have banned at least > > 15 spammers and directly deleted their postings/topics rather than move > > them to holding locations, as I see no need to clutter these up with > > undoubted spam; there have been sometimes as many as five or six postings > > by a spammer. Acknak and Hagar have also been active during that period and > > I do not include their totals; the moderator logs which are accessible to > > Apache Observers will show the extent of the problem, which a visit to the > > main pages of the Forum will not, as we are trying to keep the Forum > > running as normally as possible. > > > > > For information: Hagar mentioned that the source of the current spam flood appeared to be the India/Bangladesh area. This news item on BBC seems to bear that out http://www.bbc.com/news/technology-17813300 -- Rory O'Farrell <[email protected]>
