Spam in the forums

Page 2 - Seeking answers? Join the What HiFi community: the world's leading independent guide to buying and owning hi-fi and home entertainment products.
Toggle sidebar Toggle sidebar
Dave_ said:
Are WHF going to continue burying your heads in the sand and pretending like locking down the forum is a worse user experience than continually being greeted by Spam every time you visit?

The forum is being inundated with it at the moment and it's unacceptable to just to rely on the volunteer mods removing it when they see it.

They must be as sick of removing it as I am reporting it at this point!
Click to expand...
Sorry if there is a misunderstanding of my previous message, but to clarify, looking at the timestamps there was a two week gap between the arrival of excessive spam. This morning I logged on at 6am to clean it up, ban the spammers, and strengthen our protections further.

This forum is here to be used by its members and that requires keeping it open for new folks who want to join.

Spam is an inconvenient nuisance and extremely annoying, we agree completely. Creating a private forum used exclusively by the existing members isn't a real solution.

We're going to continually work on improving security, but if the expectation is for there to never be an instance of spam hitting the live forum, those need to be reset.

It's a fact that spam will happen on forums. It's a fact we move quickly to remove it. It's also a fact that it was two weeks between attacks and the current one has also been shut down and removed.

Being annoyed by spam is entirely natural, but just because we all need to sleep sometimes doesn't mean we're cogs of a corporate machine that don't have any care or interest in how the forum operates. We're all just people trying to do our best without taking the step of closing the forum to all but the current members.
 
  • Like
Reactions: Revolutions, bigboss, DougK1 and 4 others
Having been a mod in previous WHF forum when it was with Haymarket and now when it restarted under Future, I can say that Future is more proactive in removing and preventing spam. They're actively banning email domains, live links etc. Without that, spam would have been a lot more worse.

I still remember during Haymarket days when we used to get pages and pages of spam. We used to drop an email to the mods group (including WHF employees) and we all used to work on removing spam together. It was a tedious process. Removing spam is relatively easier now.

Obviously we're only 2 volunteer moderators who are helping the admins to keep the forum clean. And the admin team from what I understand look after a bunch of forums until Future group, not just this one.
 
  • Like
Reactions: Friesiansam
SHaines said:
This forum is here to be used by its members and that requires keeping it open for new folks who want to join.

Spam is an inconvenient nuisance and extremely annoying, we agree completely. Creating a private forum used exclusively by the existing members isn't a real solution.
Click to expand...

I wasn't advocating for a private forum exclusively for the use of existing users, just to be absolutely clear.

Just that WHF admin take a more pro-active approach to its prevention, rather than a reactive one.

We're going to continually work on improving security, but if the expectation is for there to never be an instance of spam hitting the live forum, those need to be reset.
Click to expand...

And nobody expects that, but the excessive spamming that has plagued this forum recently is ridiculous,and one wonders how much longer WHF would of continued to allow it without commenting or doing anything about it if there hadn't been complaints!
 
Thank you @SHaines for taking the time to remove the offending bots/users.

out of interest, I logged out & had a look at the registration form. Are you able to use a more complex puzzle for the captcha box instead of. Just a tick box?

The strangest part was seeing the captcha box already ticked when the registration page opened. If it’s doing that for everyone, could explain why so many bots are getting through 🤷‍♂️
 
  • Like
Reactions: nopiano
Revolutions said:
Thank you @SHaines for taking the time to remove the offending bots/users.

out of interest, I logged out & had a look at the registration form. Are you able to use a more complex puzzle for the captcha box instead of. Just a tick box?

The strangest part was seeing the captcha box already ticked when the registration page opened. If it’s doing that for everyone, could explain why so many bots are getting through 🤷‍♂️
Click to expand...
There are a lot of things that go in the background of captcha to determine if you're human.

Copy pasting from elsewhere:

The captcha javascript code is obscured behind some very clever google processes. Furthermore, the success/failure/trustscore is all done on a google backend server, making it totally unknowable. All the captcha does it collect information and send it to google.

The captcha gives you a token. That token is not trusted by google. You then click on the captcha, and a bunch of information about your browser/history/session/clicking/etc is sent to google to process. If it trusts you, that token is trusted and can be used when you submit the form (you enter a username + password, you get token 112, you click submit on that registration form, the website submits 112 to google and checks if it is trusted or not, if it is it creates an account for you with your username + password, if it isn't it doesn't).

Broken down by information provided to google, I would say that the captcha has three main checks:

1) Who are you: What is your browsing history, captcha success/failure history, etc (this is gathered from the google cookies)

2) How legit is your environment (browser). This is the meat of the process. It sends info about what plugins are installed, your user agent, how your browser renders items, whether its rendering of a canvas element matches how that browser is expected to render it, etc.

3) How did you click the button. This is the execution time, the number of mouse/keyboard/touch actions made in the captcha iframe, and mouse movement/entry point/etc within the iframe.

It takes all that info, and gives it to some black box to process. We know there are minimum and maximum times you must enter it by, we know that some browsers and plugins etc are automatically considered untrustworthy, and we know that the more history you have, the more trustworthy you are.

It is widely believed that some fancy learning algs are at use in the google backend, trying to make sure if the same bots uses the same algorithms to create a mouse path and click behaviour, it will start trusting it less and less.
 
  • Like
Reactions: Revolutions
GSV Ethics Gradient said:
OK - it's just that there was some that just got through that featured some of those words - BB and/or I will flag up anything getting through we think shouldn't be doing. Cheers!
Click to expand...
Yes, I just added more variations today before I saw your post. It's important to note that the system is somewhat specific when blocking words eg: Weed, is not the same as w33d, etc.
 
GSV Ethics Gradient said:
Or presumably w**d might work?

To think these people have nothing better to do...
Click to expand...
Yeah, and it's hard to account for ALL the possible variations. Truth be told, it's not people on the other end, it's just a script running (bot) that someone put together and it keeps sending text until it manages to find a variation not accounted for. As you can imagine, the rise of AI has made it even easier for anyone with a computer to take on such things.
 
  • Like
Reactions: Revolutions and Al ears
CParsons said:
Yeah, and it's hard to account for ALL the possible variations. Truth be told, it's not people on the other end, it's just a script running (bot) that someone put together and it keeps sending text until it manages to find a variation not accounted for. As you can imagine, the rise of AI has made it even easier for anyone with a computer to take on such things.
Click to expand...
Surely all the more reason to quarantine first posts until recognised as not spam?
Although I must admit no idea what this would involve....
 
  • Like
Reactions: nopiano
Al ears said:
Surely all the more reason to quarantine first posts until recognised as not spam?
Click to expand...

Lots of forums do that, they could also rate limit the number of posts that are allowed in a given time frame, but SHaines has made it clear nothing's going to change in the way they do things .

They're clearly happy for forum members to be greeted with spam for Weed and Coke every time we visit and for Mods to have to clear it up after the fact, rather than slightly inconvenience new sign ups like countless other forums I could mention do....
 
Last edited:
  • Like
Reactions: Revolutions
Dave_ said:
Lots of forum's do that, they could also rate limit the number of posts that are allowed in a given time frame, but SHaines has made it clear nothings going to change in the way they do things .

They're clearly happy for forum members to be greeted with spam for Weed and Coke every time they visit and for Mods to have to clear it up after the fact, rather than slightly inconvenience new sign ups like countless other forums I could mention do....
Click to expand...
I recently joined a new computer forum and, all my posts have to be approved, until I pass the threshold.
 
  • Like
Reactions: Revolutions
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom