Deterring SPAM

dragonfly
Observing today the frequency of spam posts (average one per minute in one batch just posted by lingnow82) could you not try this .. only for newly registered users ..

(a) impose a simple delay of say 5 minutes between posts in the first few posts
(b) ban links
(c) look for common url patterns in new posts.

This might act as some deterrent.
  • DWL-SDCA
    edited September 13, 2015
    I have had to unsub from forum email notifications because of the spam load. Although the Zotero sender address is in my mail client's approved sender list, Zotero forum messages are now being labeled as "junk" at my university server. At first it was only those that included blatant spammy stuff. Now, it is all forum emails so labeled.

    This isn't a big problem for me as I view the discussions frequently. I'm concerned for other users who have similarly aggressive institutional mail servers and wait for the notices that their questions were answered . Now the spam is nowalso appearing as comments within threads.

    I wish that there was something to be done to automate spam detection. While this is an annoyance for forum readers it must be actually painful for forum moderators. Moderators: thank you for the extra work needed to keep the forum clean.
  • dragonfly
    edited September 13, 2015
    Zotero forums use Vanilla 1.1.5a (see link at bottom of this page).
    But the latest Vanilla version is 2.1.11
    and its discussion forum suggests it is "spam free".

    http://vanillaforums.org/discussion/comment/231008#Comment_231008

    "We do not have an issue with spam on our core Vanilla forums."

    So a first step might be to update Vanilla for Zotero forum.
  • DWL-SDCA
    edited September 13, 2015
    The suggestion ignores commercial Vanilla's high monthly cost. It appears that the current Zotero forum is self-hosted without cost. Thus, the older version. There was an earlier discussion about updating to a newer open access version but I seem to recall there were problems with that. Am I right?
  • adamsmith
    The move to Vanilla 2.x has been planned (and Vanilla is open source, so it'd still be free) and announced for a long time, not least to combat spam.
    I don't know why it's taking so long, though my guess would be that Faolan (who manages the Zotero website) just has a ton of stuff on his plate, which is why Zotero is hiring a dedicated web developer who'll just work on Zotero.
  • dragonfly
    I didn't appreciate the cost implication of upgrading. Just a suggestion. If faced with this recurring spam problem and staying with the zero cost Vanilla 1.1.5a option then I would explore setting up front end privoxy server as filter to pre-process first batch of new user's posts.
  • RintzeRintze
    See also https://forums.zotero.org/discussion/40165/spam/. Apparently Zotero was close to being able to switch to Vanilla 2 in late 2014. Not sure what the holdup is.
  • dragonfly
    edited September 14, 2015
    I have now read that thread and out of curiosity read a few threads at vanillaforums.

    http://vanillaforums.org/search?adv=&search=spam+filter

    which suggests linking to http://www.stopforumspam.com/

    Although it was suggested earlier that there is a cost implication in upgrading to Vanilla 2.1.1, as far as I can see this only applies to the cloud version and not the open source.


    In Vanilla 2.1.1 (open source) there are these tools for moderators ...

    Moderation

    Spam Queue

    Moderators can enable Spam Queue which allows users to flag content as Spam.

    "Content flagged as spam is stored here for moderator review."


    Moderation Queue


    Banning Options

    "You can ban IP addresses, email domains, and words from usernames using this tool."


    Flood Control

    Prevent spam on your forum by limiting the number of discussions & comments that users can post within a given period of time.

    .......

    And there are add-ons for "bot"

    BotStop

    Adds a question designed to stop bots from registering

    ...

    One weakness is the current registration form. The registration catcha image is not a very effective deterrent. It might deter automatic bots but not humans.

    Spammers can easily write an automation script to quickly automate entering text into the form registration fields. Firefox Inspector makes it easy to find the form DOM elements. It takes only a matter of a second or so for the spammer to
    read the CATCHA image and enter the decoded text.

    So how might Zotero developer improve the existing forum if limited to staying with Vanilla 1.1.5a?

    If an added question and answer session cannot be added as a plugin for registration then possibly new email from a newly registered user could be forwarded by email engine to a privoxy server and privoxy could then alert the moderator .. or in "bot" style take over the registration process. Privoxy which uses Bayesian principles would need to be trained to identify (e.g. Korean) spam. But there are more subtle sources of spam.

    These are only ideas.
  • adamsmith
    I really don't think there's any need for discussion on what should be done on a technical level. It's purely a resource question of someone having to perform the upgrade to 2.x and for whatever reasons those resource are currently not there or not used for this.
  • adamsmith
    Just going to bump this since currently the forums is getting flooded by massive spam every single night. It's annoying and doesn't look good. Any chance to finally make this long-announced move?
  • DWL-SDCA
    Please--

    Place a sticky at the top of the forum discussions that acknowledges the spam problem; reassures readers that the spam is not an indication that user data is compromised; and gives some indication (days, weeks) of when to expect that this problem will be resolved.

    If volunteer help is wanted please request it. I and I'm sure that others are willing to assist.

    There are novice Zotero users around me who are concerned that the mountains of spam is a reflection of the security of the whole Zotero system. I have heard the comments because I have highly recommended the forums as a place to lurk so that folks can learn from experts.

    I am beginning to fear that the Zotero gatekeepers are underestimating the public's reaction. We've all been exposed to forum spam. It is a part of life online. I have moderated EMS and genealogy forums (long ago when everything had to be done mostly by hand). Genealogy forums were notoriously spammy. This is as bad -- tonight 4 pages of spam from the same sender. Help is available for the asking.
  • adamsmith
    Yeah, this has gone from a annoying to a serious problem.
    Any statement of what you plan to do about this would be appreciated. It's embarrassing to post in the midst of all this spam.
  • Gurdas_Sandhu
    I logged in to post a question, but will wait until the spam traffic is removed. Any legitimate posts are going to get lost. Can't we just turn off all new posts for a few hours? And please put up that sticky.
  • adamsmith
    spam is gone now (for how long...). FWIW, you can always post -- once the Spam is gone, your post will be at the top the way it's now.
  • bwiernik
    The spam only seems to go to the first forum in the list. Perhaps a stopgap solution would be to create a dedicated spam trap forum above General?
  • adamsmith
    edited April 28, 2016
    This is my bi-annual bumping of this thread, given particularly annoying set of hard-to-detect (for users) spam of the "this is great" kind today. Any chance for 2.0 to happen soon?

    (Edit: not sure if that post by "bagniak40" below mine is Spam or satire, but it's pretty hillarious in the context...)
  • RintzeRintze
    That's totally fair.
    Touché.
Sign In or Register to comment.