Better capchas?

User avatar
XMIT
[ XMIT ]

05 Jan 2017, 14:53

I'm getting tired of all the first post spam. I don't want to make it harder for newcomers but I'm weary of seeing crap appear in the Spy.

Can we perhaps refresh the Capchas or the challenge questions used for new user sign up?

I think this is a better solution than moderating a user's first post or requiring admin approval for new accounts. Let's try it and see!

User avatar
Wodan
ISO Advocate

05 Jan 2017, 14:58

Yeah, how well do those common-sense questions work?

I mean are these just some web-wide crawlers that found this site by coincidence or are they specifically targeting this site?

User avatar
Thumper
knock knock

05 Jan 2017, 15:12

What about implementing Googles reCaptcha ?

User avatar
seebart
Offtopicthority Instigator

05 Jan 2017, 15:18

XMIT wrote: I'm getting tired of all the first post spam. I don't want to make it harder for newcomers but I'm weary of seeing crap appear in the Spy.

Can we perhaps refresh the Capchas or the challenge questions used for new user sign up?

I think this is a better solution than moderating a user's first post or requiring admin approval for new accounts. Let's try it and see!
Agreed. Seems the spam is getting more recently. Good idea XMIT!

User avatar
Techno Trousers
100,000,000 actuations

05 Jan 2017, 15:29

Thumper wrote:What about implementing Googles reCaptcha ?
I'd vote for trying this first. The latest version of it is pretty effective and not very intrusive at all. Perhaps the CAPTCHA could be made mandatory for the first few posts as well, or just for the first few days of new accounts?

I'm pretty sure that these days the criminal syndicates doing the spamming are farming out reCAPTCHA busting to low cost human labor, so we'd just need to raise the cost of making each post high enough that it's not worth their time.

andrewjoy

05 Jan 2017, 15:41

Capchas are simple not effective.

If its easy and simple to read for a human then it can easily be defeated by image processing algorithms, to make it harder to for computer to solve you have to have it so complex its an annoyance for the user.

I would go with something like questions ( our current one is not that good ) or a maths problem.

There are also ideas like honeypot hidden fields that a bot will fill in but a human will not and so on.

A Capcha to post for existing users is an absolutely terrible idea.

User avatar
matt3o
-[°_°]-

05 Jan 2017, 15:49

Thumper wrote: What about implementing Googles reCaptcha ?
I'm pretty sure all DT spam comes from humans not bots, meaning that not even the recaptcha would help

User avatar
Thumper
knock knock

05 Jan 2017, 15:50

matt3o wrote:
Thumper wrote: What about implementing Googles reCaptcha ?
I'm pretty sure all DT spam comes from humans not bots, meaning that not even the recaptcha would help
Then just close the registration. /s

User avatar
matt3o
-[°_°]-

05 Jan 2017, 15:53

Thumper wrote: Then just close the registration. /s
Image

User avatar
scottc

05 Jan 2017, 15:57

matt3o wrote:
Thumper wrote: What about implementing Googles reCaptcha ?
I'm pretty sure all DT spam comes from humans not bots, meaning that not even the recaptcha would help
We should ask them their favourite switch, and if it's not "IBM beam spring" we can just reject their membership application and ban their IP. That would definitely get rid of spam. :evilgeek:

User avatar
matt3o
-[°_°]-

05 Jan 2017, 15:59

we can make more complicated questions for sure, but we have to find a sweet spot otherwise nobody will ever register again

User avatar
seebart
Offtopicthority Instigator

05 Jan 2017, 16:03

1h4ijb.jpg
1h4ijb.jpg (74.35 KiB) Viewed 7110 times

User avatar
matt3o
-[°_°]-

05 Jan 2017, 16:05

"Name one common switch used in keyboards" (any common switch would work)

HuBandiT

05 Jan 2017, 16:15

How about working off the text of the posted comments themselves? Implement a Bayesian message classifier, train it on the actual manual message removals. Much like the Thunderbird email client provides. Isn't something like that available for our current software as a module?

User avatar
scottc

05 Jan 2017, 16:19

Honestly, we could go super simple and just make sure their first post contains the word "keyboard" or "switch". That would get rid of so much of the spam...

User avatar
seebart
Offtopicthority Instigator

05 Jan 2017, 16:20

matt3o wrote: "Name one common switch used in keyboards" (any common switch would work)
That's actually pretty good. Another one:
What is the most common IBM keyboard called?

User avatar
kbdfr
The Tiproman

05 Jan 2017, 16:23

seebart wrote: […]
What is the most common IBM keyboard called?
clicky? :lol:

User avatar
seebart
Offtopicthority Instigator

05 Jan 2017, 16:25

kbdfr wrote:
seebart wrote: […]
What is the most common IBM keyboard called?
clicky? :lol:
Not quite, still better than "grumpy" though. :evilgeek:

User avatar
kbdfr
The Tiproman

05 Jan 2017, 16:31

kbdfr wrote:
seebart wrote: […]
What is the most common IBM keyboard called?
clicky? :lol:
This is not just a joke,
I've been a DT member for almost 6 years and wouldn't be sure about the answer.

User avatar
Halvar

05 Jan 2017, 16:51

"IBM Preferred Pro"

And all three words in that name are lies. :D

Image

Seriously though, I think matt3o is right, it's all manual spam. Most manual spammers know how to beat a Bayesian filter. I guess there's no better way than deleting it fast after it happened.

User avatar
matt3o
-[°_°]-

05 Jan 2017, 17:01

maybe we could force a recaptcha for the first 5 messages. it would be a way to de-incentive spam... possibly.

I added a couple of questions and removed the IBM one in the meantime

User avatar
chzel

05 Jan 2017, 17:21

Or it will quintuple the posts that need nuking...

User avatar
matt3o
-[°_°]-

05 Jan 2017, 17:22

chzel wrote: Or it will quintuple the posts that need nuking...
how so?

User avatar
chzel

05 Jan 2017, 17:26

Ignore me, recaptchas will work for bots, human spammers will post anyway...

User avatar
XMIT
[ XMIT ]

05 Jan 2017, 17:28

I don't know if our moderators (matt3o) are up for it but if it's human spam that is the problem, then requiring moderator approval for the new user's first post to go "live" might help. I've seen some other forums do this. It's moderately annoying for a new user but if the new message is approved in a few minutes it's not so bad.

I'm for trying reCaptcha as well. I'm also for trying one change at a time in a scientific manner, gathering data and seeing if it makes a change.

User avatar
Techno Trousers
100,000,000 actuations

05 Jan 2017, 17:29

But, if you can slow down even human spammers enough, they may decide it's not worth the cost to spam this site, and move elsewhere.

Are you guys doing IP blocking on the origin of the spam posts as well? It's not perfect, but again anything you can do to raise their "cost of doing business" is a good thing.

HuBandiT

05 Jan 2017, 17:38

Halvar wrote: Seriously though, I think matt3o is right, it's all manual spam. Most manual spammers know how to beat a Bayesian filter. I guess there's no better way than deleting it fast after it happened.
... just thinking out loud...

Hmm, how does one defeat a Bayesian filter? (Without actually contributing relevant content I mean? :D )

On more practical terms, the few I actually saw scroll by here (which is like 3 or 4 - anyone got the corpus of spam messages posted to DT?) for example had quite specific keywords in them, like "found", "webstore", "shop", "look" and a number of other quite suspicious keywords, and very little actually keyboard related words/phrases in them. I am naively thinking this would make it somewhat easy to score these keywords negatively, score keyboard-related ones positively, and assert that the balance is positive (to make sure it is flagged as potential spam for review if the spammer uses bland terms in an effort to avoid triggering spam keywords).

Also, in theory, the Bayesian could take into account not just the message text, but also IP/origin and other relevant parameters of the user registration process/request as well as the comment post request. This would effectively incorporate Techno Trousers' IP-blocking idea.

not pushing hard on this by any means

User avatar
kbdfr
The Tiproman

05 Jan 2017, 17:40

Is it possible to be given restricted admin rights allowing to just delete new members' first posts together with their accounts?
This is a task I would like :mrgreen:

User avatar
Laser
emacs -nw

05 Jan 2017, 18:01

"Hello, I am the son of the late Nigerian prime-minister and I just love mechanical keyboards. I intend to create a new Topre keyboard clones factory, and I need some partners to get the business started".

User avatar
seebart
Offtopicthority Instigator

05 Jan 2017, 18:07

Laser wrote: "Hello, I am the son of the late Nigerian prime-minister and I just love mechanical keyboards. I intend to create a new Topre keyboard clones factory, and I need some partners to get the business started".
Tell us some more about your project... :evilgeek:

Post Reply

Return to “Deskthority talk”