Ban list discussion

BenYeeHua · August 12, 2014, 11:55:25 AM

Quote from: support on August 12, 2014, 12:11:46 AM
I am evaluating a new user registration problem with the forum, so received this from a user via email:

(you can move this thread to the correct area if you think talking about the spam of forum should be there.)
Sorry for that issues, so I guess you removed all ban list.

So I think just back to delete the topic should be enough, as there are always 3-5 people reading the spam, somehow.
Maybe they are using the "Show unread posts since last visit" like me, so they just open it to mark as read.

Anyways, just curious, how many CPU usage and Disk space has been used for Spammer?
Based on the ban log that having high rate for register like 1 account per 5s, for example 5.9.*.* and 178.63.*.*, it is hitting 10-20 page of ban log...
They should be having the ability to register 50-300 account, I guess...

Quote"I faced the problem too. And the culprit was CryptoPrevent. Myabe he has that program too. CryptoPrevent changes group policy settings to prevent ransmwares from running. What he should do is whitelist pl4sfx.exe."

Hmm, look like I has something to check for it.

But ya, using this way to disallow programs to run is, it will jump out a dialog, I wonder did there are any better ways to disallow Program without dialog.
I know PL can, but it can't detect programs that only run for <1s...
----
Anyways, back to topic.
Talking about CryptoPrevent, I wonder how can it ban PL?
Maybe you need to contact him/them, I think?

----
Just Google awhile, look like by using Group Policy, you can also whitelist the software that you allowed to run, so I guess this might be the case.

Jeremy Collake · August 12, 2014, 02:46:50 PM

I moved this post over here.

Yea man, sorry to have gutted a bunch of ban rules.

I am not even sure they were the problem.

However, I didn't have time to do a thorough investigation, so just started axing rules.

I did, however, further strengthen the registration process. This may be more efficacious than any ban list. Ideally, I'd like to avoid using ban lists. They don't seem to be very effective, and that will be even more true with IPv6 (especially since SMF doesn't even properly support IPv6 ;p)

BenYeeHua · August 12, 2014, 07:52:40 PM

Code Select

In fact, I found a good ban function that maintain by other people.
https://cleantalk.org/

It only need $8/year for just 1 website, and each time I Google the IP address that used for spam, most of the time they showing up on the result.
They also supported newest SMF as well, which is 1 of good thing about it.
The only thing is how [b]credibility[/b] it is, as it is register by using GoDaddy, and it is also a RU company...

---------
Anyways, unless the spammer is 25 post per day, it should not be a issues for most normal users.

And ya, doing some investigate will be need some time, as the ban logs are too many to check.

Of cause you can just check the email address, but it should not works for some ban, as you can see, the ban logs is nearly empty for the email, and I wonder why....
Maybe it don't show for Post ban, I guess.
-------
I also do some research too, it look like only Microsoft IP address that providing hosting server don't come back/login and post after they/the spammer register, so it show that MS cleaned them up very fast.

Jeremy Collake · August 12, 2014, 08:21:28 PM

Yep, the best move here is not to rely on ban lists. You will drive yourself crazy trying to maintain an effective list that doesn't ban legit users.

I cleared them all out for now. I am doing some other work on the forum, making sure it's fully indexable by Google (I have some concerns, unrelated to the bans).

BenYeeHua · August 12, 2014, 08:55:33 PM

So I just checked awhile(and also find in my memory) for improving the Ban without affecting too much normal user than the ban list, and here it is.
Of cause only if the question is not enough to block 90% of spammer.

1.Force them to self-introduction or just randomly reply on a Post before they can post on the other Board, as the bot will post randomly, but not on the topic, they will just getting "ban" by themselves.
This is famous for China Forum, but I a little bit don't like this one(it maybe because most of the forum is forcing them to self-introduction, not just reply randomly post.), even this function is supported by SMF, so it don't need to be worry about something like mod when updating the SMF system.

PS:By just allowing them to reply only on the board before they reach 1 post, so they can only reply on the topic that created by Mod, and most Spammer only open a new topic.

http://wiki.simplemachines.org/smf/Board_Permissions_-_Limit_posting_location_for_newbies

2.Disallow newbie to post the link when they are under 1 post, until they posted 1 post.
This, should be good enough too, and normally it should be 5-10 post.
This mod has been used by SMF forum themselves, as this forum is mostly using default settings without any mod, this mod should not bring any issues, I guess?

PS:Smart user know how to bypass this system, and if it only need 1 post, then it is very little chance for them to seeing this system.

http://custom.simplemachines.org/mods/index.php?mod=2404

3.Disallow newbie to having link on their profile, until they posted 1 post.
Nah.
http://custom.simplemachines.org/mods/index.php?mod=1242
http://custom.simplemachines.org/mods/index.php?mod=2750

If you don't wanna mod, then choose to deny them to mod the profile should be enough.
http://www.simplemachines.org/community/index.php?topic=400235.0

That's all.

BenYeeHua · August 12, 2014, 09:00:37 PM

Quote from: support on August 12, 2014, 08:21:28 PM
Yep, the best move here is not to rely on ban lists. You will drive yourself crazy trying to maintain an effective list that doesn't ban legit users.

I cleared them all out for now. I am doing some other work on the forum, making sure it's fully indexable by Google (I have some concerns, unrelated to the bans).

About the ads link that on the profile, or it is about HTTPS or other like robots.txt???
If you worry about the ads link, I just talking about some mod to block it, but it still need to be clean up the old profile that having link.
But I guess Google should be smart enough to not including the link in a profile for affecting the rank on Google.

And ya, the mod=2404 can auto add nofollow for the link(except old post, of cause), you may need this function as well?

Jeremy Collake · August 12, 2014, 09:20:30 PM

It seems SMF automatically places 'noindex' on certain pages where there is duplicate content. So, Google should be indexing the forum, I just wondered when I saw the noindex attribute.

I don't worry about people linking to other sites from the forum, we clear that up pretty well (thanks to you!).

Adding nofollow to new links is something maybe I should do. I think I had a mod installed to do that a while back.

BenYeeHua · August 12, 2014, 10:01:02 PM

Ya, the only issues is the mod will causing issues very easy, like after updating to newer SMF
Then you need to disable it again...
----

QuoteIt seems SMF automatically places 'noindex' on certain pages where there is duplicate content. So, Google should be indexing the forum, I just wondered when I saw the noindex attribute.

Ya, it is for the function like post, print, individual post etc.

I will said that this is not a bad feature, because there are many time that when I jump to a forum from Google, it is a white and black print page...

QuoteThey aren't blocking new topics.
I believe CmptrWz is referring to the POST screen.

So the topic/post is indexable.
http://www.simplemachines.org/community/index.php?topic=234844.0

But the post reply/ create topic screen is noindexed
http://www.simplemachines.org/community/index.php?action=post;topic=234844.0
Plus if the individual msg link is used that is noindexed
http://www.simplemachines.org/community/index.php?topic=234844.msg1512565#msg1512565
It is duplicated content. (since it shows exactly the same content just via a slightly different url) [you may get penalised in search engines for duplicated content].

http://www.simplemachines.org/community/index.php?topic=234844.msg1512565#msg1512565