The Programs section of Discourse seems to be getting a lot of 'spam'.  In isolation they just look like naive, badly phrased questions ('What is game programming?', 'How to learn to program' and bizarrely 'How to protect my USB driver') but they're all first posts from new users that have arrived in quick succession.

It's all rather sinister  

Edited:

Yes i just deleted all of them. But they are popping up again...

I created a PHPBB bulletin board for a small handful of people to share messages after my dad died, and it had new users signing up to spam it almost straight away... just about ever day, more accounts... I can only assume it is automated, since anyone looking at the site would realise there is essentially zero value in spamming it.

Damn annoying as well.

I've heard that there are IT/spam sweatshops where employees make about $2 a day to manually 'crack' something like 1000 captcha-like spam protections. How can you compete with that?

One answer is to raise the bar higher. Rather than allow an account to be self activated, just start with email verification, then make the user must write a 'letter' explaining why they want an account. If that passes the sniff test, then let them post, and make the first so-many posts by a user moderated; moderators will probably smell a rat with these bogus one-line off-topic / nonsensical posts and have another chance to delete them. If it really is a legitimate user, they can email again.

The benefit (that I see) in making people email the site, is that spam filters seem to be pretty good these days. I can't imagine any readily-available bulletin-board system competing with the spam filters on, say, gmail, which has the advantage of looking at millions of emails to millions of other users to see patterns of spammers.

Well, that is assuming that the number new legitimate users is reasonably small. In this case, I imagine that the "100" users now where 95 are bogus is more annoying to delete the 95 bogus ones than it would be to specifically allow just the 5 legit users.

-spxl

i use the 'see x recent posts' link to browse this site and you easily notice all the bibble that way. all those 'meetups in Chicago' threads look suspicious - first posts by new people, devoid of processing content.

> I've heard that there are IT/spam sweatshops where employees make about $2 a day to manually 'crack' something like 1000 captcha-like spam protections. How can you compete with that?

offer them $2 a day to go somewhere else? 8)

the captcha doesn't appear to be even enabled on this site (it is an option - i installed yabb at home to check) and is just a perl script that generates a speckled image. i did mention on the other thread that we could probably do a better job ourselves. 3d rotating java applet captcha anyone? (except, of course, that'll keep out people trying to register to ask how to install java)(plus, i think these registrations are actually people, not robots)

just making them wait a day before posting might help.

koogy, since there is evidence there are humans behind this attack, a Captcha wouldn't help at all.

Personally, I remain conservative, leaving semi-sensical messages, relatively on topic (like those in the Recover files after crash thread), as long as there is (not yet) links in the signature.
Unless the user has a commercial link in their WWW field...

Anything with a time delay is good... How about a captcha that doesn't actually display for few minutes (a random time) and then only displays briefly?

That way, whoever is trying to 'crack' it has to sit and wait, watching the screen, and won't be able to crack many in parallel because you can only watch so many at a time.

Maybe something really boring like "click on the moving box" that takes a while.

good question, wasnt me, i cant delete in these parts of the board:)

subpixel wrote on Feb 8^th, 2010, 1:44pm:


I removed it on Saturday while cleaning up the spam. It had also become overtaken by spam messages, and it wasn't clear which were the spammers trying to stir the pot, and which were legitimate responses.

But the bottom line was that separate from Casey's original post, it was completely off-topic for this discussion board, so I decided to simply remove it.

We try not to police the boards, and *really* don't like removing things, but in this case I made the call based on the combination of circumstances. Had the spam mess not begun I wouldn't have bothered, but the purpose of this part of the site is really straightforward, so let's keep it on-topic.