You are reading a single comment by @Velocio and its replies.
Click here to read the full conversation.
London Fixed Gear and Single-Speed is a community of predominantly fixed gear and single-speed cyclists in and around London, UK.
This site is supported almost exclusively by donations. Please consider donating a small amount regularly.
@Velocio
The test site is receiving less spam attacks than the main site, by a very wide margin. That virtually none gets through to LFGSS shows how much is done to fight it.
This isn't just an LFGSS problem, it seems that spammers have shifted focus to forums on the internet, all forums. We fare well mostly thanks to the nursery period and using Akismet to moderate potential spam messages (even though classifieds with lots of images sometimes get caught in this net).
We already use an additional field during registration (prevents bots that haven't inspected out specific page from registering), and recapatcha (which is known to be broken), and we require email verification (which stops something like 30% of fake accounts registered), and then the nursery means that even if they pass all of that their scripts to post spam won't know that they need to post in existing threads before they can start their own or that they can't yet send PMs.
Of the account that manage to register, a vague number of around 1,000 threads per day are attempted to be created, with well over 99% failing thanks to the nursery. Somewhere around 2,000 PMs per day are attempted to be sent, with 100% failing thanks to the nursery. Of the post spam, the numbers are much lower with only around 20 per day being tried, and over 99% failing because of Akismet catching them. Presumably posts are so low because it requires a more complex script than one that just blindly sends PMs or creates threads.
Basically the nursery is the biggest defence we have, but now that it's clear that spammers are paying people to do the registrations I don't think it will be long before they're paid to post the spam, in which case the nursery will be defeated.
I'm going to join LFGSS to http://www.stopforumspam.com/ and basically vet all registrations by their IP address, and if it is a known spammer then their email address and IP address will be submitted to help protect other forums. Basically hundreds of forums are joining together to watch registrations and to detect and block spam ones.
As I said before, this means that there is a change in the T&Cs as the IP address will now be shared during registration. There are reports of this being almost 100% effective at blocking registrations (even from humans), and if that can be achieved then they simply cannot spam.
This morning I've banned another 50+ accounts registered in the last 18 hours. Blocking some countries helped, but the new registrations are using rented servers in France (ovh.net), USA (theplanet.com) and a few other countries... they're basically adapting to country bans really fast so I don't have a great many options open and have to join Stop Forum Spam to block registration by individual IP address rather than country level.
If it's not clear, this week I've spent an average of 4 hours per day fighting spam. This morning already, over an hour. It's pretty out of control.