Spam users, still there ...

spam users is spoiling one basic functions on this website: it's hard to search people and build networks when you have to avoid lots of results (BTW, results interface could be improved :-) I'm getting no spam messages but ...

I would like to know if there is any automated spamfight planned as stated 6 months ago

http://forums.zotero.org/discussion/8102/spam-via-message-center/

Zotero is great, but it's not serious this amount of false users ... how can we get an idea about how many we are? how can we find people related if we have to browse dozens of false users? Many of spammers come from Spain, so I'm ashamed ...

I guess it's hard to fight this plague, but how about a reminder to users asking to confirm in a human way their accounts, and then harden subscription in some smart way :-)? Excuse my ignorance if it's not so easy :-)

I do apply as a volunteer, if it helps :-)

regards,

miguel
  • You may already be aware of this, and I realise it is not a complete solution, but you can report spam users by clicking "report abuse" at the top of their personal page (under the "people" tab on the website).
  • Sure, I've reported today about a dozen, and a month ago or so, more than 50, I've lost the count ... but deleting by hand doesn't affect too much, and I even would say that some of previously reported are still there :-)

    I guess Z. guys have lots of work, as the tool is really spreading fastly and I would say globally ...

    maybe we could collect words that spammers use for their automated inscriptions and use them for spammer accounts search and destroy ...

    final solution must come from inside, the Z. admins or hosting guys must stop this annoying plague..
  • Zotero does have a couple of automated anti-spam routines - the problem is that spammers are getting better/smarter, too.
  • Unfortunately when we tested the automated anti-spam packages available for filtering people out before they can do anything we found that they would not have prevented any of the spam registrations we had to test against.

    For Message spam as mentioned in that earlier post we do have measures to catch it right away and have not had major problems with it.

    There are some more things we can do like blacklisting certain website patterns which I just haven't gotten around to doing yet. We do get and look at (and appreciate) the abuse reports. I think I've only ignored a couple which were not conclusively spam accounts to my eyes.
  • Sure, the spam guys have better funding than Z. 8-D Certainly, I've never had a spam message as last year happened. Great work!

    If you want me to do, I can spend a couple of hours searching for spanish spam words: you know, enlargement, mortgages, escort, prostitution ... some of them offer legitimate websites and domain URL's! Turns me crazy ... I'm not a informer, but I'm even ready for denouncing this people at my country. Zotero is too good and too big for this stupids to spoil it.

    Would be useful to "force" users (specially those with no activity at all) to join a group, upload library or something alike , an action that proves they're from "real world"? Maybe then spammers accounts (or lazy users :-) could be easily erased ... excuse me if my ignorance on how it works makes this proposal simply foolish.

    anyway, thanks for your quick response, I can only ask again if there's anything that we , as users, can do for contributing to stop the problem. I would really like to know how many Z. users are from Barcelona, from mine and other universities, etc

    I'll keep on reporting by hand abusers, excuse the mistakes.

    miguel
  • Would be useful to "force" users (specially those with no activity at all) to join a group, upload library or something alike , an action that proves they're from "real world"?
    Many spam accounts are created by humans, so it's a bit more complicated than just ensuring humanness (and that's what the reCAPTCHA is for).

    But there may be other heuristics we could use.
  • If you don't mind the arduous process, it would be much appreciated. Non-english spam is the hardest for me to pick out, so especially getting the offensive ones out would be very helpful.

    As far as forcing users to do certain actions, I suspect these may do more harm than good. We have the captcha on registration, and as far as I could tell last time I looked into it, the initial registrations were done by human beings. We don't want to make it too difficult for new users to get started, and doing something like requiring joining groups may actually end up spreading the spam to other areas.

    The spam problem does seem to be getting worse as more people use the website functionality though, so figuring out a better way to deal with this is definitely on my todo list.
  • Old thread, but it's on the same topic.

    I was thinking about this problem, and I had this idea, which still needs further development and possibly has some shortcomings, but it could possibly help out.

    I would assume that pretty much every user (with the unfortunate exception of those who are having technical difficulties installing Zotero) would have Zotero installed on their computers. If the forum requested some sort of hardware ID generated by Zotero to register, which could only be registered once, I think the spammers would give up.

    Granted that it would probably be possible to figure out how to trick the system, but I don't think Zotero forums are worth their hassle.

    Anyway, I still need to think about whether this will be possible from Firefox/XULRunner and how to streamline it so it doesn't require much user interaction.
  • edited April 9, 2012
    I would assume that pretty much every user (with the unfortunate exception of those who are having technical difficulties installing Zotero) would have Zotero installed on their computers.
    No, unfortunately that's not a reasonable assumption. People can legitimately have accounts without installing the client and just use the website, can have trouble installing the client, can use a third-party API client, etc.
  • I don't know how good the tool is, but instead of trying to develop your own heuristics to combat spam, you may want to take a look at Akismet. It has an API you could talk to.
Sign In or Register to comment.