Make a barrier for users producing spam?

[FourthWorld]

We actually have more action from RunRev here than you're giving credit for: as they continue their restructuring to facilitate ever broader community involvement, they have granted elevated privileges to a few people in very different time zones to help control forum spam.

It's likely they'll further this, but when it comes down to deciding who to grant those privileges to it becomes a decision whether to give the ability to ban potential legitimate accounts to those who are quick to anger, or those who maintain the sort of cool-headedness needed to apply such privileges very carefully. It's dangerously easy to try to take shortcuts on decisions like IP banning, and they need to know the folks doing it won't do it hastily, or because they disagree with a poster, or because they misunderstand a poster's poor writing to be a spambot.

In conjunction with the boatload of other things they're doing to expand community involvement, they've been working with community members like myself to evolve our role into one of a community liaison for forum moderation. So when you see me fielding questions and suggestions here, it's not because RunRev can't be bothered - very much the opposite, it's a part of the process they're actively engaged in, with the assistance of community members, just as we're seeing with the accelerated rate of engine development.

On this latest very good suggestion to simply turn off the Birthdays list, I don't mind admitting that it was such a simple solution that I'm embarrassed I hadn't thought of it myself. The alternative I was considering was much more time-intensive, and I've already noted how much I appreciated your suggestion and I'll gladly repeat that gratitude: thank you, it was indeed a very good idea, exactly the sort of thing that makes community involvement valuable for everyone. Like Linus said, "Given enough eyeballs, all bugs are shallow".

While I do occasionally take a day off, most days I log in here several times a day to monitor spam. When I find it I delete it immediately, as do the other mods, and I take the time to do a geographic lookup on the IP and, where practical, block IPs from that range to prevent further activity. This is tedious, and as time-consuming for me as it would be for RunRev or any other volunteer, and it's apparently a thankless task as well. But I do it just the same because I understand that it just needs to be done, just as I do for the forums at LiveCode Journal and just as the army of mods do for the Ubuntu forums. As a result, only the most frequent visitors here ever see spam; most never see it at all, because it usually doesn't live for more than a few hours, often less.

I also coordinate with Heather and other RunRev team members as suggestions for improving the forums come up. It was through this coordination that I learned that the forum software is indeed up to date, and that the PHPBB copyright notice on the front page showing "2007" is merely a bug in PHPBB.

We've also discussed additional measures like enhanced CAPTCHA alternatives, though as I've noted before that won't stop the growing percentage of spam accounts that are created by humans under the Mechanical Turks project and others.

In addition to turning off the Birthdays list, other actions Heathers' taken as a result of our coordination have included limits on the interval between posts, and a minimum number of characters needed for posting. Limits on including URLs and attachments in posts until a certain number of posts have been made were also implemented, much earlier.

None of this is perfect, and no solution can possibly guarantee completeness. But working with the community, RunRev has indeed demonstrated a willingness to take action on good suggestions, and we''ll be seeing more of this as the details of community participation get worked out.

So while this process moves forward, I hope you'll continue to offer productive, actionable suggestions, and I'll do my best as a community liaison to make sure RunRev has a chance to consider them.

[BvG]

So while this process moves forward, I hope you'll continue to offer productive, actionable suggestions, and I'll do my best as a community liaison to make sure RunRev has a chance to consider them.

I think you're overstating the problem that manual spam login creations are at this point. Sure they are on the rise, but why? Because people use effective anti-spam measures. If you forego the research of effective anti-spam measures because "human spammers are on the rise" then that sounds like a logical fallacy to me.

• Custom profile field (additional register field): https://www.phpbb.com/kb/article/custom ... mmer-tool/
• In my oppinion probably the most important one at this point: What he calls the The McGirr Method (scroll down, note that this is the suggested anti-spam measures by phpbb itself, and it is current if you look at the last edit instead of the post date): https://www.phpbb.com/community/viewtop ... &t=2122696
• Different captcha (recaptcha by now is mostly a free way for google to index books). I'm partial to random question captchas myself, and it's build in: https://www.phpbb.com/kb/article/how-to ... a-captcha/
• I think there's a way to disallow logins to make additional posts after the first 5 or so, unless they're verified. Would probably need more Moderators then currently employed tho. I think this would be a good match for this forum (allows beginners to ask a question, and have limited interaction, then become "approved" and be free to post). At the least it would disallow a bot from making dozens of posts before a mod can intervene. However I was unable to find a description of how to do it, maybe i'm mistaken. All I could find was a way to have new people in a group, which can be restricted, but they'll leave the group as soon as they have a certain amount of posts, which seems useless to me. (ie. https://www.phpbb.com/kb/article/how-to ... um-access/ )

[FourthWorld]

If you forego the research of effective anti-spam measures because "human spammers are on the rise" then that sounds like a logical fallacy to me.

No one said RunRev is completely forgoing all efforts against automated spam attempts. Indeed, I had just listed some above.

But in the same vein, it would be a logical fallacy to forgo efforts against human spammers as well, which also take care of the bots along with them.

[BvG]

• Custom profile field (additional register field): https://www.phpbb.com/kb/article/custom ... mmer-tool/
• In my oppinion probably the most important one at this point: What he calls the The McGirr Method (scroll down, note that this is the suggested anti-spam measures by phpbb itself, and it is current if you look at the last edit instead of the post date): https://www.phpbb.com/community/viewtop ... &t=2122696
• Different captcha (recaptcha by now is mostly a free way for google to index books). I'm partial to random question captchas myself, and it's build in: https://www.phpbb.com/kb/article/how-to ... a-captcha/
• I think there's a way to disallow logins to make additional posts after the first 5 or so, unless they're verified. Would probably need more Moderators then currently employed tho. I think this would be a good match for this forum (allows beginners to ask a question, and have limited interaction, then become "approved" and be free to post). At the least it would disallow a bot from making dozens of posts before a mod can intervene. However I was unable to find a description of how to do it, maybe i'm mistaken. All I could find was a way to have new people in a group, which can be restricted, but they'll leave the group as soon as they have a certain amount of posts, which seems useless to me. (ie. https://www.phpbb.com/kb/article/how-to ... um-access/ )

[FourthWorld]

• Custom profile field (additional register field): https://www.phpbb.com/kb/article/custom ... mmer-tool/
• In my oppinion probably the most important one at this point: What he calls the The McGirr Method (scroll down, note that this is the suggested anti-spam measures by phpbb itself, and it is current if you look at the last edit instead of the post date): https://www.phpbb.com/community/viewtop ... &t=2122696
• Different captcha (recaptcha by now is mostly a free way for google to index books). I'm partial to random question captchas myself, and it's build in: https://www.phpbb.com/kb/article/how-to ... a-captcha/
• I think there's a way to disallow logins to make additional posts after the first 5 or so, unless they're verified. Would probably need more Moderators then currently employed tho. I think this would be a good match for this forum (allows beginners to ask a question, and have limited interaction, then become "approved" and be free to post). At the least it would disallow a bot from making dozens of posts before a mod can intervene. However I was unable to find a description of how to do it, maybe i'm mistaken. All I could find was a way to have new people in a group, which can be restricted, but they'll leave the group as soon as they have a certain amount of posts, which seems useless to me. (ie. https://www.phpbb.com/kb/article/how-to ... um-access/ )

Your earnest interest in making sure I'd seen that is much appreciated. But rest assured that I did, and will review those those discussions with RunRev soon.

[FourthWorld]

[*]In my oppinion probably the most important one at this point: What he calls the The McGirr Method (scroll down, note that this is the suggested anti-spam measures by phpbb itself, and it is current if you look at the last edit instead of the post date): https://www.phpbb.com/community/viewtop ... &t=2122696

This is particularly interesting, as one could well define the need for The McGirr Method as a bug in PHPBB: Why on earth would they allow an element to turn off email verification on the new account form if the admin has explicitly turned that on?

I'm surprised (to use the most polite word I can think of at the moment) that such a decision was allowed past review.

Suggestions like this are especially helpful, as I'm historically prone to giving the PHPBB crew more credit than apparently I should. Going forward I'll try to keep a keener eye to inherent weaknesses designed into the system.