[Finished: 31-MAR-2012] Calling all mySQL / PHP programmers to help with spam control

Thanks for the link! I am considering using Bad Behavior, which doesn't analyze post content but rather post method and post origin. But it's only a secondary line of defense. The most important will still be our community moderated anti-spam system.

Works... An extra step, but better than Spam...

Should help slow them down at least...

With the trigger in place the database would return the insert error to the forum.

I could not control the message displayed by the forum. You could even get an "internal error", depending on how Drupal handles DB errors (and I'm not an expert in Drupal)

Hmmm, any other suggestions to work around that with a bit of PHP code?

Thanks a ton for looking into this.

I'm looking at one of the new CAPTCHA's - "Do you hate spam?" What if a user does like spam? What if a user (ie. newbie) thinks "spam" is referring to the food? Also, I guess uppercase/lowercase doesn't matter on the answers, right?

Great work SB!

-Garry

I can do it with PHP but unfortuantely I know next to nothing about Drupal.

The problem is getting the right event to trigger the function that will, for example, return true if the user has posted in the last time interval. Then you could try to display an error yourself - but I cannot help you there.

Back to my original solution, I don't see a big problem with displaying "internal error" messages, especially if all human users are aware of the motive. If someone hits F5 and the time interval is set to 30 seconds it will probably refresh with the comment correctly posted. And it will probably cause a robot to give up it's attack.

Anyway, the trigger could be set as a last line of defense - say it only block posts 10 seconds apart. The good news is that triggers are usually pretty fast. Bad news is there will be an extra select on a large table for every comment posted.
Feel free to contact me if the new captcha fails...

I just wanted to see if I could answer the spam question

I mentioned this in another thread: would it be possible to set the need of "solving" the CAPTCHA to every 10th (or a random number) post instead of one at the beginning of each session? By doing so the robots might be halted in their spamming.

If it's easy to do it could be a quick fix until your plan works out.

I like the easy question CAPTCHA, though not for every post. The Captcha Riddler module lets you come up with a few different questions to ask and have them rotate. Other easy questions:

Write the word blank in the box below.

In BLF's motto at the top of the page, what meets with flashlight? (variations for meets and flashlight)

I've only seen two - the spam one (seen once) and the "b" one (seen every time apart from once).

I'd think you need more though maybe you don't. I have no problem with filling the box for every post though.

I've always liked the picture ones where you have to choose which one isn't a kitten or I suppose for here, "Which of these is not a flashlight"

But what I know about implementing such stuff could easily be printed out in a large font and inserted in my eye with no discomfort....

one of the things you can do as well is to moderate the new user for an "X" number of posts, allowing them to prove themselves... so captcha's checking their posts before posting... spammers will even find ways around those ... FnF has a unique way... they have to send an email to the owner... then he makes the call whether it is a bot or a human.

my two cents

astroteckid7

No attacks so far tonight . . . fingers crossed.

Hey, working good so far!

Hmm, I'm not counting on the CAPTCHA to be a very effective long term solution. It's basically like washing your hands to avoid sickness. It's important, but there's many other things you have to do to stay healthy.

Another quiet night. Maybe the question for every update could be lifted and just ask once per session.

That wouldn’t slow a spammer down until we can get him. There was a spammer a few minutes ago and we got him after only 2 posts I think.
Without the CAPTCHA on every post he could have been off and running.
I think having it on every post is just a temporary thing anyway. I’m glad to have it until a permanent fix is implemented.

Where did the captcha go? Seems it was very effective and really was not a nuisance at all.

I was wondering that too. Had the paste key all set up too!

Some people were complaining about it and it shouldn't be necessary for established members. I think right now it is back to once per session plus when you sign up. We'll see if that can keep the spam in check or not. If not, maybe it could be done only for newbies on their first 10 posts or something like that.

Guys, excuse my ignorance, but what makes this forum so prone to continuous spammers attacks, as opposed to all the other forums i know ?

Could this be orchestrated ?