spammers, and rel='nofollow'

Discussion of general topics related to the new version and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
code reader
Registered User
Posts: 653
Joined: Wed Sep 21, 2005 3:01 pm

spammers, and rel='nofollow'

Post by code reader » Fri Aug 18, 2006 4:23 pm

spammers, mainly spamming registrations have been a problem with bbs system for some time now.
there is anecdotal evidence that in recent months, the problem seem to become worse and worse.
it is pretty clear that the phpbb 2 visual confirmation have been cracked for some time now, (although i dont know of any pulically available crack).

phpbb team's response have been to create a whole new captcha system.
this approach has some problems of its own, mainly the fact that many times the captcha image is not easily deciphered by humans.
the way i see it, though, is that captcha in itself can not be consided to be a satisfying solution.
there are several reasons why i make this claim. first, ocr technology improves, and the gap between automates' ability to decipher the captch and human's ability is constantly closing. sooner or later, any captcha image that will fail the automates, will also fail most humans.
second, spammers can always employ humans to decipher the captcha. this can be done either by using a sweatshop style "crackers" that charge 5 to 12 cents per crack, or by using unwilling an unwitting volunteers
( this last mode is an interesting story, so i will outline it here:
the spammer sets up a porn site, with some free stuff. in order to see the free stuff, you have to solve a captcha. when a new user get to this point, a bot create a registration on the target site, and tunnels the image to the porn-site user, which become your unwilling volunteer. after they solve a number of captchas, the operator either "throws them a bone" and let them see paris hilton shagging a horse or something, or not. it really doesnt matter at this point)

so what do i suggest?
i dont say we dont want or dont need the captcha. what i say is that captcha in itself will not be able to block spammers, and we will have larger and larger problem with spamming.
i suggest to reduce the attraction our bbs has for spammers, by attaching a rel='nofollow' to every user-supplied link, either in posts, signature, or profile.
the rel='nofollow' thing tells search-engines to ignore the link in as much as site rating is concerned. this will eliminate the main motivation for spamming our boards.

this can not be done individually, or by a MOD: the spammers do not know, and do not bother to find out, which boards will have the MOD and which will not.
it will only work if this is the setting in the core product. moreover, it will only work if this isnt a configurable thing: it is enough that the spammers will think 5% of the boards do not use this setting, and they will hit us all.

i know that this discussion was conducted more than once, including the suggestion to include the nofollow part. the reasons i bring it on one last time are:
  • this seems to be the very last minute where such a thing is still possible and effective. once olympus hits RC, it will be too late: even if the nofollow thing will be added later, the spammers will hit us all hoping to catch an early installation that did not upgrade
  • second reason i bring this up again is the anecdotal evidence that spamming is getting to be a very significant and ever increasing problem for bbs operators

code reader
Registered User
Posts: 653
Joined: Wed Sep 21, 2005 3:01 pm

Re: spammers, and rel='nofollow'

Post by code reader » Fri Aug 18, 2006 4:48 pm

some more thoughts of things in addition to captcha that will make spamming more difficult:
1) randomize the input field names in the registration and posting forms. this will make bots registration an order of magnitude more complex, while having 0 effect on anyone else. it should be fairly simple piece of code to implement, and small enough change to the template.
2) add a "boilerplate" question as part of the registration, with one or more correct answers. each board operator will be able to define the queastion and answer depending on the focus of the board, so, for instance, on this board the question can be "what is the code name for the next release of phpbb" and the answer "olympus", while in a highschool board they can ask for the name of the principle.

d4rkst4r123
Posts: 40
Joined: Sun Jul 16, 2006 4:24 am

Re: spammers, and rel='nofollow'

Post by d4rkst4r123 » Fri Aug 18, 2006 4:48 pm

is this a feature request?

code reader
Registered User
Posts: 653
Joined: Wed Sep 21, 2005 3:01 pm

Re: spammers, and rel='nofollow'

Post by code reader » Fri Aug 18, 2006 4:50 pm

i wouldnt call it a "feature" request. in my mind, a "feature" is something like "how about a wysiwig editor".
this is, at most, a "tweak" request.

User avatar
pc-tutorials
Posts: 27
Joined: Mon Aug 14, 2006 6:47 am
Location: Steenbergen, The Netherlands
Contact:

Re: spammers, and rel='nofollow'

Post by pc-tutorials » Fri Aug 18, 2006 5:07 pm

code reader wrote: add a "boilerplate" question

Probably usefull, place the answer somewhere on the same page, or site, and just place the text: "the answer can be found there and there" next to the question. I think most bots aren't smart enough to understand that.
for($i=1;$i>0;$i++){
echo "Bug detected, fix in progress";
}
----------------
Sorry for bad English, I'm not native :)

User avatar
DavidMJ
Registered User
Posts: 932
Joined: Thu Jun 16, 2005 1:14 am
Location: Great Neck, NY

Re: spammers, and rel='nofollow'

Post by DavidMJ » Fri Aug 18, 2006 6:59 pm

I'm sorry, I really am but this won't work at all. Once the forum is on google, it is over. The robot could simply scrape the pages and find out what forums or topics exist.
Freedom from fear

User avatar
pc-tutorials
Posts: 27
Joined: Mon Aug 14, 2006 6:47 am
Location: Steenbergen, The Netherlands
Contact:

Re: spammers, and rel='nofollow'

Post by pc-tutorials » Fri Aug 18, 2006 7:31 pm

DavidMJ wrote: but this won't work at all

Do jou mean the rel=nofollow?
for($i=1;$i>0;$i++){
echo "Bug detected, fix in progress";
}
----------------
Sorry for bad English, I'm not native :)

User avatar
DavidMJ
Registered User
Posts: 932
Joined: Thu Jun 16, 2005 1:14 am
Location: Great Neck, NY

Re: spammers, and rel='nofollow'

Post by DavidMJ » Fri Aug 18, 2006 8:21 pm

rel='nofollow' is near pointless, a simple scrape of the index would get around this
randomizing the inputs just makes it a game of process of elimination and ordering.
the "boilerplate" question would either be too subjective to the point where people may get it wrong or too basic to the point where the bot will get it.

believe it or not, i have thought along these lines before. all of them are simply minor deterrents at best, the rel='nofollow' is actually not cool for people just wanting to search your site with a more powerful search engine anyway.
Freedom from fear

TheCoolGamer
Registered User
Posts: 11
Joined: Thu Mar 02, 2006 3:20 pm

Re: spammers, and rel='nofollow'

Post by TheCoolGamer » Fri Aug 18, 2006 8:56 pm

Something you could do to protect your own board is adding a protection that the other 'normal' boards do not have. It can be a very simpel question for example. Spammers don't have time to crack the protection for just your board.

code reader
Registered User
Posts: 653
Joined: Wed Sep 21, 2005 3:01 pm

Re: spammers, and rel='nofollow'

Post by code reader » Fri Aug 18, 2006 9:35 pm

DavidMJ wrote: rel='nofollow' is near pointless, a simple scrape of the index would get around this
randomizing the inputs just makes it a game of process of elimination and ordering.
the "boilerplate" question would either be too subjective to the point where people may get it wrong or too basic to the point where the bot will get it.

david, i am not sure you understand the rel='nofollow' thing.*
it has nothing to do with "scraping of indices", whatever that may be.
the "rel='nofollow' in a <a href='url'> tag, tells the search engines not to upgrade the URL rating.
most search engines do take it into consideration, so it removes one of the main reasons for spammers to spam: many (i would even say, most) spamming i see nowdays in phpbb boards is not done to get clicks, but rather to improve the target site google rating. rel='nofollow' will remove this motivation.

randomization of names will make the bots both more difficult to make, and more specific: with the current phpbb registration form, the same bot can, without any change, register to an english, german, or indonesian boards, and it can be used regardless of the style used.
if you randomize the field names, the bot will be forced to analyze the form (which it doesnt have to do now), and will need to be updated whenever you change, say, the language strings that are used as field titles. and/or the order of the fields. also, the bot will have to be made specifically for the language (otherwise i can't see how it can analyze the form), and maybe even specifically to the style.

a "boilerplate" question is not good for all phpbb installation, but it is good for many. in the example i gave, asking about the principle name in a school bbs, or the club president nickname in a yacht-club board, or even the town name in a localized board will not block any legitimate user, but will make life very difficult for spammers (they usually do not create a bot specifically for one site, after all). the idea here is economics: close to 0 effort for olympus developers, makes life significantly more difficult for registration bots makers.
luckilly, unlike the rel='nofollow' thing, the "boilerplate" should be just as easy and effective as a mod, so it's no big deal.

again, looking in several phpbb support boards, (and from my own board) i get the impression that spamming becomes ever increasing problem. the "deadline" for effective implementation of rel='nofollow' is pretty much now, because, as i said in my original message, it will be useless as a mod or as a change in, say, 3.0.4 or something: the spammers will hit us all if they'll know that some of us don't use it.

* the main culprit in the obscurity of rel='nofollow' are google themselves, who invented this <a href> property, and mis-named it: it should have been named "norating" or "noindex". they just borrowed a property name from a different tag: in the meta tag, link='nofollow' tells the search engine something completly different, and someone in google made a mistake by reusing the name where it was not appropriate. just as us, phpbb users have to live with the developers decisions, even when we think differently, so does the rest of the world have to live with goggle's decisions... :)
Last edited by code reader on Fri Aug 18, 2006 10:08 pm, edited 1 time in total.

Post Reply