Adpsammer bans

[Grosseschnauzer]

A week or so ago, a thread was properly put in the Lockbox that was ad spam, however, the poster who was new and only had two posts, was not banned as he should have been under our policies.

Adspammers. including pornspam, are banned on sight, as those violate Zetaboards ToS/ToU. If it is an instance of pornspam, the thread is deleted by an admin after being moved to the Lock Box. An Admin has to add the URL and email to the ban filters, and in all instances the poster must be remasked into the banned member group. In the case of Markking, that last step wasn't done at the time, but I have done so now.

This is a reminder to all admin and mods as to our policies on the matter.

 

[Eluvatar]

I imagine someone had the power to warn but not ban them.

 

[Democratic Donkeys]

That was me. I have a checkbox for ban, but I always suspend their ability to post indefinitely as well. I thought of starting a thread, but it didn't really seem like anything worth posting about. Just a spammer, best not commented on.

I will definitely follow procedure in the future. Sorry.

 

[Grosseschnauzer]

Apparently Elu and I were on at the same time, and we both dealt with some adspam posted by belanak; he's been banned and his thread has been moved to the lock box.

 

[Ash]

I also have moderating privileges, but as I am very green behind the ears when compared to Elu and Grosse, I would rather leave such actions up to the admins. When I spot adspam, I report it immediately. If there are additional actions you'd like me to take, please let me know.

 

[Grosseschnauzer]

Ash, if not not mistaken all you can do is lock and move the thread involved to the lock box; only admin can ban a user account since that has to be done in the ACP. Filing a report in the Report control panel is fine but our policies are that a thread should be opened in the Moderation HQ forum that all admin and mods can access.

 

[Ash]

Grosse, thank you for your reply. I will follow your instructions in the future.

 

[Eluvatar]

Banned MegPatillo and relocated 2 adspam topics to lockbox.

 

[Tyler Kazakov]

Ash, if not not mistaken all you can do is lock and move the thread involved to the lock box; only admin can ban a user account since that has to be done in the ACP. Filing a report in the Report control panel is fine but our policies are that a thread should be opened in the Moderation HQ forum that all admin and mods can access.

That's not true. You can ban via the warn system.

 

[Democratic Donkeys]

Sure can, but the issue is remasking into the banned user group and setting up an IP ban.

 

[Grosseschnauzer]

Banned Yumayki for adspam and moved thread into lockbox per Report CP. Implemented IP and email addy ban, and placed user in Banned Group.

 

[Eluvatar]

TBH I haven't been bothering with IP or email bans. It doesn't seem to be worth anything: IPs are cheaper to the spammers than CAPTCHAs.

 

[Eluvatar]

I have temporarily instituted Admin approval of new registrations.

Any admin is welcome to disable this under Board Settings > Registration (New member approval process).

Hopefully the zetaboards CAPTCHA will be fixed soon.

 

[Grosseschnauzer]

I have temporarily instituted Admin approval of new registrations.

Any admin is welcome to disable this under Board Settings > Registration (New member approval process).

Hopefully the zetaboards CAPTCHA will be fixed soon.

Has a report been made to Zetaboards support about this?

The most recent adspam even put a URL in their user profile, so I'm not sure that one was a spambot, and they used a "outlook.com" domain for their email address, which is a pretty recent development from Microsoft which is in the process of converting all hotmail accounts to the outlook domain.

 

[punk d]

I'd rather deal with the adspammers than requiring admin approval for registrations.

 

[r3naissanc3r]

As I mentioned to Elu on IRC, I would recommend permanently setting up email validation for new registrations. In other fora I am administering, this has been helpful for reducing adsmap bots. It is also, in my opinion at least, a useful security measure in general.

 

[punk d]

Agreed.

E-mail validation might not be a bad way to go.

 

[Democratic Donkeys]

Sure, take away one of the only things I do as a global mod.

 

[Eluvatar]

I have added email confirmation. I don't think it'll solve things entirely.

I would not object to removing admin approval.

Edit: For the record, just now I approved one registrant and deleted another. The bots are definitely still getting through the CAPTCHA.

 

[Grosseschnauzer]

Elu have you or any of the other admin opened a support ticket with Zetaboards support be the CAPTCHA issue?

If we haven't reported it, we should because that will be the best way of finding out when and how Zetaboards Support will address it.

 

[Hileville]

If you look at the ZB/IF support forum they have been bombarded by adspammers as well. I am pretty sure they are aware of the issue.

A support ticket probably isn't needed.

 

[Eluvatar]

I have added email confirmation. I don't think it'll solve things entirely.

I would not object to removing admin approval.

Edit: For the record, just now I approved one registrant and deleted another. The bots are definitely still getting through the CAPTCHA.

Progress report:

A bit over a week later, we've had a number of registrations which have taken some hours to approve, as far as I can tell.

Prior to switching to email verification, I saw one attempt to register by a spambot and denied it. After switching to email verification, today I saw one registration attempt which appears to have no nation associated with it and the IP it's associated with is a recently reported forum spam source.

I'm not sure how to proceed. On the one hand, requiring admin approval may be inconveniencing new registrants significantly. On the other hand, spambots are demonstrably getting through the automated filters.

 

[SillyString]

If spambots/spamturtles are getting through the CAPTCHA and passing the email verification, then maintaining admin verification seems to be the only way to prevent more spam attacks. While it might be a minor hassle for legitimate new registrations, I think the explanation in the newsbox is sufficient to buy their patience.

 

[Eluvatar]

Perhaps we should link to this topic to solicit the input of recent registrants.

 

[Eluvatar]

I had to go through seven new registrations just now, from the last 24h or so. One of the nations involved had moved to Lazarus.

I'm adding a link to this topic, and bumping it as I think we should try to find an alternative.

 

[Abbey]

Has there been any progress on this?

 

[mcmasterdonia]

Not yet. But I just denied two more users who were spammers.

 

[Abbey]

Oh joyous. Cmon ZB, sort your lives out >.<

 

[mcmasterdonia]

I would like to remove administrator approval. I have been approving members and telegramming their nations as much as possible to let them know that their account has been approved. As Eluvatar has gone walk about, FEC is away and the other admins are busy with work this has meant that some members are waiting for a bit before their account is approved. Sometimes they have left the region before I can get to it - would they leave the region anyway? Possibly.

Adding email verification has helped slow down the number of registrants on our forum as well.

 

[ImperialHouseOfToms]

How do I apply for diplomatic position?

 

[Grosseschnauzer]

I would like to remove administrator approval. I have been approving members and telegramming their nations as much as possible to let them know that their account has been approved. As Eluvatar has gone walk about, FEC is away and the other admins are busy with work this has meant that some members are waiting for a bit before their account is approved. Sometimes they have left the region before I can get to it - would they leave the region anyway? Possibly.

Adding email verification has helped slow down the number of registrants on our forum as well.

If you or one of the other admin will clarify what checks we're doing for this particular set of accounts, I will start working myself into the rotation. Just send me a PM about it for my future reference.

And has anyone sent a message to Elu? If not I could do that as well. I am aware that his area has been hard hit by a series of "Nor'easters" this winter and the latest one has taken out the power grid in that region for over a million people. (We had a half foot of snow here the last two days, and now we're having dangerous wind chills with another storm and more extreme coid this weekend into next week. The weather in much of the US has been brutal.

 

[mcmasterdonia]

I spoke to Eluvatar on skype the other day. He is overloaded with work and other stuff, I think.

The check is fairly simple - check if they have a nation listed in their profile field and if that nation exists. (If they do - a minor security check is fine). If they don't, I normally use the "whatismyip" website to check their IP. It will usually say that the IP has been reported as a forum spam source, or it will show that the IP address is a proxy server etc. Then I approve the account if I feel that it is satisfactory.

I don't approve accounts that have not verified their email address.

 

[punk d]

McM - I'll aide you in this effort. Adspammers seem to still be in full force so reluctantly I think we need this check to continue.

 

[Grosseschnauzer]

I spoke to Eluvatar on skype the other day. He is overloaded with work and other stuff, I think.

The check is fairly simple - check if they have a nation listed in their profile field and if that nation exists. (If they do - a minor security check is fine). If they don't, I normally use the "whatismyip" website to check their IP. It will usually say that the IP has been reported as a forum spam source, or it will show that the IP address is a proxy server etc. Then I approve the account if I feel that it is satisfactory.

I don't approve accounts that have not verified their email address.

I've added that to the ACP announcements for now, so all admin can find it for reference.

 

[mcmasterdonia]

The support ticket has been responded to. Basically it confirmed what we already know - the increased amount of adspam is due to the growing human element involved in adspamming various forums. There is little that Zetaboards can do other than to continue to update their filters and things like that.

With that in mind - I would still prefer to remove admin approval of accounts. Adding the approval, plus email validation on top of the already standard security checks seems too much. It isn't too hard for us to ban spammers when they show up.

 

[Democratic Donkeys]

No, it really isn't. I would appreciate the opportunity to ban more people. Lift the admin approval, I am ready for all comers.

 

[Democratic Donkeys]

So have any decisions been reached regarding this issue?

 

[punk d]

Not really. Still business as usual. A couple apps have been denied and while I was on the other side of the fence on this issue initially, I do believe we still need to continue this process.

As an admin team, we have not come up with any alternatives.

 

[Democratic Donkeys]

I have no problem banning adspammers and moving their threads, as stated previously. I'm sure with the addition of some new Global Mods, we could handle these situations as they arise...

I worry that the requirements are too onerous, and have noticed an increase in confusion from new registrants.

 

[Eluvatar]

To clarify, some time back the admins (Erastide specifically) adopted a policy of allowing Validating members to post in the Docks (and now also Embassy Row). Posting thrice (and not running afoul of our mods) is enough to automatically bump people out of Validating. This system has worked well so far.