Please, a SPAM filter

Ric · Post by **Ric** » Mon Mar 06, 2006 10:46 am

Please, a SPAM filter.

The incessant spam is killing this forum. Or at least my interest in this forum. CPAP is a topic I am still VERY interested in, and I greatly appreciate the honest opinions and advice and the camaraderie, and even occasionally the levity. But comes a time when one must stand up and politely suggest that...

I CAN'T TAKE IT ANY MORE !!!!!!!!!!!!!!!!!!!!!

RobertinTX · Post by **RobertinTX** » Mon Mar 06, 2006 11:25 am

I agree !
I got up early this morning and looked around reading post etc..
There was one reply and "AD" so long I had to scroll.
Now I realize people have options and free speech and all but that was way over the line.
Thanks, and make it a great day.

Linda3032 · Post by **Linda3032** » Mon Mar 06, 2006 11:48 am

I totally agree Ric. That's why I wrote the post "Old Topics are being Bumped Up". However, many of the forum members wrote their objection to not allowing guests to post.

My point is that we seldom have a "guest" post a new topic question. Almost every new topic by a newbie is with a user name.

I'm ready to quit the forum also.

Here's another suggestion that might help: When a new topic is posted, with the Author's name, Why can't an original date be added? Then at least we would know that it's a year-old topic that a spammer bumped up.

Enough is enough. Let's save this great forum while we can!

Wulfman · Post by **Wulfman** » Mon Mar 06, 2006 12:17 pm

For those of you that are advocating posting by registered users/members ONLY, I'd invite you to look at the "Member List".......starting with about number 3715 (about page 74) and work forward. There's LOTS of "registered" users/members with "non-names" (I'll list some below)......and an address of Kiev. What do you propose Johnny do about THOSE?
I realize it's a problem, but simply requiring posters to register apparently isn't going to stop them.......or at least that's the way it appears to me.

58f8Aab4
Ki5s9Nz1
oS6rj501
J8332U4e
Ynpnb216
zhro72m9
b5NuYtf0
vr7r6220
nK1FWu36
77E9hqDg
hLadZy5k
DEnVNqiL
9ple5Dtq

Best wishes,

Den

rested gal · Post by **rested gal** » Mon Mar 06, 2006 12:28 pm

Good point, Wulfman.

Perhaps Johnny might want to contact Mikesus to find out how the apneasupport.org boards are set up. They allow guests to post and have a lot more traffic than this board, yet I haven't noticed spam hitting that board the way it's been happening here.

Perhaps there's a filter or program that apneasupport or their server is using to block blatant spam? This seems to have been happening here only since cpaptalk changed servers.

harikarishimari · Post by **harikarishimari** » Mon Mar 06, 2006 8:15 pm

There are lots of strategies for dealing with spam on phpbb forums (like this one), including IP masks (that would get rid of the .ru russian spammers), premoderation (someone reviews all or selected posts), adding more forum moderators (regulars here could share the workload), adding a waiting period and a certain minimum number of posts before being allowed to put active URLs in a post, prequalifying registrants before being allowed to post (verifying an email address for example,), etc.

A very simple and effective method is to add an easy question that can be answered by anyone, and which changes frequently, and is never the same twice (like what letter resembles an upside-down W?, or how many eggs in a dozen?) The reason this is effective is that most of the spam that appears on this (and other forums) is generated by a spam-bot, not a person, except for the first few times for the spammer to register, sign on, and learn the rules and write a rule-engine / script. Notice how many of the SPAMS on this forum appear in duplicate. That is a clue that a spambot script is being used. This won't deter a determined spammer willing to sign on and post SPAM, but it is not cost-effective for the average spammer to write complex scripts to log in and post with such a deterrent. Simple sign-ons and registration (as I see mentioned earlier) won't defeat spam bots. Complex ones can be a good deterrent. Registration is just as easy to script as guest posting. Even if just the registration process were more complex, that would help defeat scripting.

There are php scripts for many of the above strategies, but not necessarily easy to implement. And there are are more sophistocated forum scripts than phpbb. It takes a degree of time and determination to fight back. My observation is that this forum is a sitting duck. Rotsa Ruck.

Guest · Post by **Guest** » Tue Mar 07, 2006 1:37 am

harikarishimari wrote: Notice how many of the SPAMS on this forum appear in duplicate. That is a clue that a spambot script is being used.

I just noticed the spam for XANAX by XannPenA1.
Times 2.
I think you are on to something.

Snoredog · Post by **Snoredog** » Tue Mar 07, 2006 1:41 am

I agree with harikarishimari, there is not a whole lot that can really be done about it, member or guest it doesn't matter it will continue to happen.

Even if you block IP addresses or entire subnets, it really won't stop it, most spam is sent via spoofed addresses anyway, so if you block one they simply piggy back on another.

Requiring or creating member profile accounts for purposes of a whitelist, doesn't stop anything either, when that process can also be easily automated by a remote bot as Den showed above, your not really gaining anything.

However, to prevent this type of "bot generation" many secure websites like PayPal etc. use a "graphical key" made to resemble scribbled text. It is just a graphics picture with a word that looks like a kid scribbled it with crayon but it's really a picture. Don't know exactly what they call this type of authentication but it, but it may display the word "CPAP" for example in a graphic cartoon image where you must then type cpap in the box of what the graphic picture says. Since a bot would have difficulty deciphering the graphic pixels, it prevents them from automatically generating an account from a script. It requires a human being to create the account.

The same software that runs this site is pretty popular and used by thousands of message board sites, about the only thing different is the template used for appearance, those pushing the spam out now this and write scripts to post the spam to boards running this specific software.

When you find a way to stop spam from getting in our email, let me know. About the only way I found to stop it is using a whitelist from my address book, if your not in that address list I don't get your email because my client only downloads emails from those residing in the list. If I buy something on-line I have to log on to yahoo's webserver to retrieve that message.

Barb (Seattle) · Post by **Barb (Seattle)** » Tue Mar 07, 2006 1:55 am

Oh, my gosh. Can't we just educate everyone in a "sticky" post on top, then ignore the posts? Almost everyone who has any experience with message boards at all knows that people try to spam boards. If we ignore them, they will go somewhere else. Everyone should be educated NOT to click on something that seems suspeicious.

Just my .02

Ric · Post by **Ric** » Tue Mar 07, 2006 10:19 am

Snoredog wrote:However, to prevent this type of "bot generation" many secure websites like PayPal etc. use a "graphical key" made to resemble scribbled text. It is just a graphics picture with a word that looks like a kid scribbled it with crayon but it's really a picture. Don't know exactly what they call this

That is a GUA (graphical user authentication). There is a similar scheme, audio user authentication (AUA). using an audible text to play a word or phrase that must be typed in. That has not caught on big time since not everybody can be assumed to have sound enabled, or even HEAR the sounds. (kinda geeky anyway). The question-answer format seems interesting, but I haven't seen it used anywhere (QAUA?). Sounds like a poor-man's version of GUA.

Having a GUA log-in seems like a VERY good idea! Thanks Snoredog.

If I understand harikari's main point, it is not that one can expect to prevent ALL spam, as you seem to be wishing/hoping. Only the bot-generated spam which accounts for 99% of forum spam. Deterring the script-generated spam seems do-able and worthwile.

Barb wrote:If we ignore them, they will go somewhere else.

I disagree that ignoring it will make it go away. Bots don't know, don't care. I have never met a depressed bot. (Except maybe Marvin, from Douglas Adams).

Mikesus · Post by **Mikesus** » Tue Mar 07, 2006 11:16 am

I suggested it a while back but it didn't go anywhere...

Visual Confirmation. Its a built in feature of phpbb. This takes care of the register bots. (you will still get folks manually registering then spamming, but those accounts are easily found and blocked.)

You also have to proactively block IP ranges (usually CHINA AND RUSSIA)

As for still allowing guest posting, it can also be addressed with Visual Confirmation, but its a mod/hack of the board software....

It won't go away by itself, it has to be handled quickly and aggressively or as said before, it will kill a forum.

My .02

harikarishimari · Post by **harikarishimari** » Tue Mar 07, 2006 3:54 pm

Mikesus wrote:It won't go away by itself, it has to be handled quickly and aggressively or as said before, it will kill a forum. My .02

I agree with you totally.

As for "guest" privileges, that is a complete non-issue. Everyone here is essentially anonymous, even those with recognizable nicks. And we are all "guests" in a sense. Nick recognition may be desirable, but registration is a completely separate issue, it does not enforce that. it does not reveal anything about any member that doesn't want to be revealed. Anonymous members who wish to remain anonymous will still be largely anonymous, and will choose utterly meaningless and obfuscatory nicks. (Except for the NewJersians, who will post their SS# and drivers license in the avatar)

Registration and login WITH visual confirmation (as you suggest) as a pre-requisite for posting could eliminate a lot of the riff-raff posts and much of the spam. Anyone too busy to register or sign on should still be allowed to read any and all posts, without restriction.

my $0.02

Ric · Post by **Ric** » Tue Mar 07, 2006 7:46 pm

On balance....

I should mention that Johnny Goodman is doing a heroic job of deleting the spams. If we are merely "annoyed", he must be pulling his hair out. (do you have any left?)

And amigo's post"for whatever it's worth"reminded me that we have relative freedom of speech here, compared with some of the other "control freak" OSA forums.

Thank you Johnny !

Barb (Seattle) · Post by **Barb (Seattle)** » Wed Mar 08, 2006 10:44 am

Ric wrote:On balance....

I should mention that Johnny Goodman is doing a heroic job of deleting the spams. If we are merely "annoyed", he must be pulling his hair out. (do you have any left?)

And amigo's post"for whatever it's worth"reminded me that we have relative freedom of speech here, compared with some of the other "control freak" OSA forums.

Thank you Johnny !

Totally agree with you! Thanks Johnny, it must be a real pain to deal with the spam. Noticed it's greatly reduced too

Sleepless on LI · Post by **Sleepless on LI** » Wed Mar 08, 2006 9:17 pm

My two cents, for what this is worth, it annoys the hell out of me, too, but we shouldn't give up on this site. If cpaptalk is something you feel has really helped you at one point or another, leaving due to this spam disaster now is like abandoning an old friend after they become ill and can't go out and party anymore. Just because there is a problem, don't turn and go.

My suggestion? Until something is figured out, just X out of those PITA posts. Eventually, if we have patience, and a bit of positive thinking, they will come up with the solution to take care of this. But leaving now, IMHO, wouldn't be right. Show some loyalty, guys!

Mask