Forums being inundated with spam
Lately (the last 1 - 2 weeks) the Logos forums have started to be overcome with spam. This has been pointed out in threads in the affected forums, e.g. http://community.logos.com/forums/t/52463.aspx from the General forum.
I thought I'd post a notice here since this forum is for the web site and perhaps relevant Logos personnel might be more likely to see this here.
Please correct this.
Thanks,
Donnie
Comments
-
Donnie Hale said:
overcome
If we are going to waste forum space I would rather do it with heated theological discussions!
"For the kingdom of God does not consist in words but in power"
Wiki Table of Contents0 -
Donnie Hale said:
Lately (the last 1 - 2 weeks) the Logos forums have started to be overcome with spam.
If the paid staff of Logos does not have time to do this, would it be possible for a trusted user(s) to be given authority to delete posts?
0 -
Jack Hairston said:
If the paid staff of Logos does not have time to do this, would it be possible for a trusted user(s) to be given authority to delete posts?
IMHO, this is not needed. What is needed for the forums is to have proper/standard security features.
0 -
I suspect that many of the spam accounts are set up by bots, there should be he standard security features to prevent this happening.
0 -
Mike Pettit said:
I suspect that many of the spam accounts are set up by bots, there should be he standard security features to prevent this happening.
There is, and it is called double verification. When a person signs up, Logos needs to send out an email to the email address, and then the person then needs to click on a link to activate the account. Without the second step, the bots cannot post. Because bots do not use actual email addresses, they never get to the second step.
0 -
In most of these cases, the spammers have valid emails, just with the major free email providers. While I'd love to block people using the major free email providers, that just happens to be many many of our valid users so that's not going to happen.
0 -
David Ladiges said:
In most of these cases, the spammers have valid emails, just with the major free email providers. While I'd love to block people using the major free email providers, that just happens to be many many of our valid users so that's not going to happen.
David, how long have you been creating web pages? If it has been for any amount of time, you would know they might have "valid email address" like abc@yahoo.com. But this does not imply that they are monitoring or even using that email address. If Logos sends out an email asking it to be verify and not to allow anyone to post until the email address has been verified, I guarantee the amount of spam will decrees by 90%.
Another way to determine if a bot is posting is by using time stamps. If it is a person, they cannot post in under .5 seconds. Bots do.
There are many ways to prevent spam from posting, and Logos is doing nothing about it.
0 -
David Ladiges said:
In most of these cases, the spammers have valid emails...
Data Dude here. I developed software for thirty years. I imagine that you have a list of all valid Logos customers' email addresses. You use instant-access indexing inside Logos4. In a millisecond you could check the address of each post against that database to reject invalid ones.
Granted, not every feature can be pasted on to an application after the fact. If this feature would require much work, just say so and I'll hush.
0 -
David Ladiges said:
In most of these cases, the spammers have valid emails, just with the major free email providers. While I'd love to block people using the major free email providers, that just happens to be many many of our valid users so that's not going to happen.
Even with the innumerable suggestions that have been made in lots of threads over the last couple of years on what technique(s) Logos should stop the spam, I've never seen anyone make that suggestion. I'm thus not sure why it was presented as an unreasonable solution.
So we now know Logos is aware of the problem. The question remains, what *is* going to be done to prevent it?
I happen to not be convinced that double verification will work. It's trivial to set up a single email account which can receive email from an unlimited number of different email addresses. A bot can just as easily reply to those verification emails as it can create a new account.
I'd want to know the statistics on how many forum posts are made on a weekly basis where it's one of the account's first three posts. Anecdotally, it seems to be a pretty small percentage of posts. If the benefits outweigh the costs, require someone's first three posts (even first one by itself might be sufficient) to be reviewed before it appears. Delete the newly-created account if it's spam.
My $.02 ...
Donnie
0 -
Donnie Hale said:
I happen to not be convinced that double verification will work. It's trivial to set up a single email account which can receive email from an unlimited number of different email addresses. A bot can just as easily reply to those verification emails as it can create a new account.
I was the system admin for my church, and it does work. We are much smaller than Logos, and we were spammed four or five times a day. I was able to get the number of spam postings/emails down to zero.
The sheer number of email address that bots use makes it impractical to monitor. For every email address that a bot is used, that email address must be setup and an automatic forwarding address be put in place. Yahoo, Google, Microsoft, etc... make it almost impossible for that to be done by bots.
0 -
Jack Hairston said:
I imagine that you have a list of all valid Logos customers' email addresses. You use instant-access indexing inside Logos4. In a millisecond you could check the address of each post against that database to reject invalid ones.
Donnie Hale said:require someone's first three posts (even first one by itself might be sufficient) to be reviewed before it appears.
Sorry, but these suggestions don't take into account either when new users tend to appear (weekends, when Logos is closed), or what their first posts tend to be about ([more or less] urgent problems). The first suggestion would reject not-yet-customers who want advise about what to buy, creating a rather bad first experience with Logos and probably losing them some sales. The latter would reject all zero post forum users, including those with a Sunday sermon to write, a crashing software, and a problem we could solve in 5 minutes. If the forums are closed to those who most need it, when they most need it, what use are they?
I also don't like someone's suggestion in one of the other spam threads: no HTML in the first 50 posts. Most forum users don't have 50 posts, and most of them may have very legitimate reasons for posting links. Real posters would get their posts mutilated, while all the spam posts would still turn up in my inbox. No thanks. The solution -- and we do need a solution! -- needs to stop the spam before it appears, but without stopping real posters with real problems. The only suggestions I've seen that meet those criteria are Tom's:
tom collinge said:When a person signs up, Logos needs to send out an email to the email address, and then the person then needs to click on a link to activate the account.
tom collinge said:Another way to determine if a bot is posting is by using time stamps. If it is a person, they cannot post in under .5 seconds. Bots do.
It would also be reasonable to stop posts with more than 3 links by people who haven't yet purchased anything (but stop them the same way you stop double postings: with a message explaining why, so that if it really is a real person with a real reason to post several links, he/she gets the chance to split the post into two).
Mac Pro (late 2013) OS 12.6.2
0 -
If credit cards would be mandatory in order to activate an account then the logos would avoid all the spams
"No man is greater than his prayer life. The pastor who is not praying is playing; the people who are not praying are straying." Leonard Ravenhill
0 -
fgh said:Jack Hairston said:
I imagine that you have a list of all valid Logos customers' email addresses. You use instant-access indexing inside Logos4. In a millisecond you could check the address of each post against that database to reject invalid ones.
The first suggestion would reject not-yet-customers who want advise about what to buy, creating a rather bad first experience with Logos and probably losing them some sales.
You have obviously given this problem some thought. May this discussion bring a solution to mind.
0 -
Slava Novik said:
If credit cards would be mandatory in order to activate an account then the logos would avoid all the spams
Have you seen how people scream about having to enter a credit card before being able to download free resources? Can you imagine how they would scream if they had to enter one in order to even post? Plenty of prospective buyers simply wouldn't do it; they'd just move over to the competitors' websites instead. (Would you give your credit card number to a company you didn't know much about, and didn't yet know if you were going to buy anything from? I wouldn't.)
Mac Pro (late 2013) OS 12.6.2
0 -
Just a heads up - I'm turning up some spam filtering on incoming posts.
Not thrilled to have to do this as it will probably get a lot more false positives than catch the spam it's designed to stop, but I don't want to spend time deleting spam either.
It's very basic and will take some time to get fine-tuned, so if you aren't seeing your posts, they may be getting caught in the filters. I'll be monitoring this for a while, but let me know if you don't see expected posts.
0 -
David Ladiges said:
Just a heads up - I'm turning up some spam filtering on incoming posts.
Not thrilled to have to do this as it will probably get a lot more false positives than catch the spam it's designed to stop, but I don't want to spend time deleting spam either.
It's very basic and will take some time to get fine-tuned, so if you aren't seeing your posts, they may be getting caught in the filters. I'll be monitoring this for a while, but let me know if you don't see expected posts.
David,
Thank you for taking the time to deal with this! While I understand your reluctance to do so, I think the level of spam has reached a point where it's appropriate to do so. It's no longer happening one day a week like it seemed to in the past. Thank you for the work you do deleting the spam, and hopefully turning up the spam fields will lessen the amount of things you have to delete.
Blessings,
Philana
0 -
I should probably mention that I am erroring on the side of caution with this. If it doesn't catch everything (or anything) initially, I can keep turning up the levels of the filtering, but hopefully it won't catch many valid posts.
0 -
David Ladiges said:
I should probably mention that I am erroring on the side of caution with this. If it doesn't catch everything (or anything) initially, I can keep turning up the levels of the filtering, but hopefully it won't catch many valid posts.
had a post in teh General section "moderated". how long does it take to get thejm approved? I am not really in a super hurry, but was wondering if my post has hit the bit-bucket, or if it will actually become approved adn availble?
0 -
Brent Hoefling said:
had a post in teh General section "moderated". how long does it take to get thejm approved? I am not really in a super hurry, but was wondering if my post has hit the bit-bucket, or if it will actually become approved adn availble?
I think it all depends on how busy the person who is doing the moderating is. I know that it has taken several hours for one of my post to post.
0 -
tom collinge said:
I think it all depends on how busy the person who is doing the moderating is. I know that it has taken several hours for one of my post to post.
Also, we need to take into account the Bellingham office hours (which makes it a bit harder for overseas posters). When I think of it, I rather post without links.
Have joy in the Lord!
0 -
The spam issue seems to have gotten a lot worse again these past few days. Whatever measures Logos took to reduce it seem to have stopped working!
0 -
Paul Clarke said:
Whatever measures Logos took to reduce it seem to have stopped working!
It worked just fine to block my praise for their Catholic blog... [:S]
I guess Logos values spammers more than customers...
Mac Pro (late 2013) OS 12.6.2
0 -
It's not that simple. My posts get stopped if they have three links, sometimes even with two links. Yet I've seen spams get through with six or eight. (And, yes, they've all been there in the original post; not added by editing.) They could at least show me the most basic courtesy of treating spammers as hard as they do me, but, no, they're far more lenient on them than on long time customers.
And what they need isn't "figure out who is human". What they need is to exclude paying customers from all moderation.
Mac Pro (late 2013) OS 12.6.2
0 -
TCBlack said:
That sounds like a good solution to me.fgh said:What they need is to exclude paying customers from all moderation.
Or at least exclude anyone with more than say... 50 posts.
We've suggested these solutions before, but the Logos individual who introduced the current spam-catching approach doesn't seem to have taken those suggestions. Maybe implementing them isn't trivial with the forum software they're using.
At this point, I'd just as soon they removed the moderation filter. It's not working for real spam, and it's blocking long-standing forum participants.
Donnie
0 -
Donnie Hale said:
At this point, I'd just as soon they removed the moderation filter. It's not working for real spam, and it's blocking long-standing forum participants.
Donnie,
we have no idea how much spam the current filter catches, because we don't see it. From what we were told in one of the spam-threads, it must be really much. Therefore it's not a good idea to remove it, rather debug it so the spam doesn't come through.
However, this kind of filters all have the problem that the more surely they catch all the spam, the more they will catch some posts from legitimate users with it. To use a whitelist of users which are registered customers will probably be the best solution, but it seems this is difficult to implement.
Mick
Have joy in the Lord!
0 -
Donnie Hale said:
At this point, I'd just as soon they removed the moderation filter. It's not working for real spam, and it's blocking long-standing forum participants.
Donnie,
we have no idea how much spam the current filter catches, because we don't see it. From what we were told in one of the spam-threads, it must be really much. Therefore it's not a good idea to remove it, rather debug it so the spam doesn't come through.
However, this kind of filters all have the problem that the more surely they catch all the spam, the more they will catch some posts from legitimate users with it. To use a whitelist of users which are registered customers will probably be the best solution, but it seems this is difficult to implement.
Mick
Have joy in the Lord!
0 -
Donnie Hale said:
We've suggested these solutions before, but the Logos individual who introduced the current spam-catching approach doesn't seem to have taken those suggestions. Maybe implementing them isn't trivial with the forum software they're using.
To be fair to the web team, I've done some limited reading on this forum software. I don't like it one bit. It is very low on extensible and generally unfriendly IMHO.
We can't make this claim. There is no way to know what is being effectively blocked. We don't have access to those numbers. I'm not saying you may not be accidentally right, but it is an accident either way. We don't have the data to state it one way or the other.Donnie Hale said:At this point, I'd just as soon they removed the moderation filter. It's not working for real spam, and it's blocking long-standing forum participants.
Sarcasm is my love language. Obviously I love you. 0 -
-
steve clark said:
Possible mod's to the Forum software (S/W) to eliminate or at least reduce spam. (click on image to zoom & read)
Steve,
I think your captcha-idea will help only against rather unsophisticated automated scripts. We have seen spam from human beings, including such that copy prior discussion entries to look credible or edit the wiki. A user who has rightfully reported as a spammer should not be shown a Captcha Field (or only one running in an endless loop).
My (less graphical) take:
User presses Post button
Q Is user on our white-list of licenced Logos costumers? YES -> Post
Q Has user been reported as spammer? YES -> Discard Post
Q Has user a post count over say 50? YES -> Post (note re post-count: only those that have really been posted, not those in moderation or discarded)
Q Are links in the post? YES -> Moderate
Optional: REPEAT Show captcha UNTIL OKAY
Post
Have joy in the Lord!
0 -
NB.Mick said:
A user who has rightfully reported as a spammer should not be shown a Captcha Field (or only one running in an endless loop)
A user with a post count above 10 would not see the CAPTCHA unless they were repeatedly reported as spam. A new user which got reported (mistakenly) as spam would only need to post a few time dealing with the CAPTCHA in order to exceed the 10%.
NB.Mick said:I think your captcha-idea will help only against rather unsophisticated automated scripts.
i disagree with you here:
a. probably the ones spamming here are not sophisticated
[EDIT: the order for a spammer to overcome CAPTCHA is exponential relative to other simple mechanisms. And most would not bother to learn or add this sophistication]
b. a simple extra check for those who spam multiple times (& their spam % was greater than their good post count) could be added which would restrict or request the user to contact Logos's website admin. [i believe the admin is being requested already to validate legit user with links & such]0 -
Thank you all for the feedback and your suggestions. We have taken steps to catch more spam and to stop legitimate posts from being moderated, especially for those who are an active and vital part of this community.
0 -
Nathan R. Elson said:
We have taken steps to catch more spam and to stop legitimate posts from being moderated, especially for those who are an active and vital part of this community.
OK, let's test it. Here are some CP's I'd like some more bids on:
- Post-Reformation Catholic Thought and Piety (27 vols.)
- The Jewish Encyclopedia (12 vols.)
- The Catholic Encyclopedia (17 vols.)
- Dictionary of the Targumim, the Talmud Babli and Yerushalmi, and the Midrashic Literature (2 vols.)
- Lewis and Short's Latin Dictionary
- Dictionary of Christian Antiquities (2 vols.)
- Patrologia Cursus Completus, Series Graeca, Part 1 (vols. 1–18)
Mac Pro (late 2013) OS 12.6.2
0 -
fgh said:Nathan R. Elson said:
We have taken steps to catch more spam and to stop legitimate posts from being moderated, especially for those who are an active and vital part of this community.
OK, let's test it. Here are some CP's I'd like some more bids on:
Well, I'm clearly not "vital" enough for Logos to allow me 7 links to their own product pages without moderation, it seems (it would be hard to deny that I'm "active"[:P]).
Not good enough!
Mac Pro (late 2013) OS 12.6.2
0 -
fgh said:fgh said:
OK, let's test it. Here are some CP's I'd like some more bids on:
Well, I'm clearly not "vital" enough for Logos to allow me 7 links to their own product pages without moderation, it seems (it would be hard to deny that I'm "active"
).Not good enough!
Well, they moderated it pretty quickly and allowed your post to appear within 9 minutes.
0 -
Rosie Perera said:
Well, they moderated it pretty quickly and allowed your post to appear within 9 minutes.
First of all, it wasn't 9 minutes, it was half an hour (it wasn't visible when I wrote the second post; I copied the first before I hit 'Post').
Secondly, It's the middle of the workday for them. If it had been weekend and night it might have taken 1-2 days. In that time a post can have fallen one or more pages behind where everyone is reading.
But the main points are that I shouldn't be moderated at all, and that Nathan actually did claim that they had "taken steps (...) to stop legitimate posts from being moderated, especially for those who are an active and vital part of this community".
Mac Pro (late 2013) OS 12.6.2
0 -
I'm certainly fine tuning the moderation - I think I've adjusted it to prevent catching your post if you would like to try reposting it. The forum software does have an interesting implementation of spam scoring that I'm still getting into exactly what can be done with the spam filtering. There will probably several changes later on as I have quite a few ideas on the filtering I would like to implement, but never enough time to spend on this.
Oh, and as I've mentioned before, the destination of the links are not a component of rules - they could go to logos.com or faithlife.com or google.com and would be treated the same.
0 -
David Ladiges said:
I think I've adjusted it to prevent catching your post if you would like to try reposting it.
OK, let's see:
fgh said:Here are some CP's I'd like some more bids on:
- Post-Reformation Catholic Thought and Piety (27 vols.)
- The Jewish Encyclopedia (12 vols.)
- The Catholic Encyclopedia (17 vols.)
- Dictionary of the Targumim, the Talmud Babli and Yerushalmi, and the Midrashic Literature (2 vols.)
- Lewis and Short's Latin Dictionary
- Dictionary of Christian Antiquities (2 vols.)
- Patrologia Cursus Completus, Series Graeca, Part 1 (vols. 1–18)
David Ladiges said:I have quite a few ideas on the filtering I would like to implement, but never enough time to spend on this.
In spite of what it may sound like, I do actually realize you're swamped. My issues are with Logos, not you personally. It's Bob's responsibility to put enough people on the job. It's just that you happen to be the one reading and speaking for Logos on this thread, and I can't pretend nothing's wrong just because I happen to feel sorry for this or that employee.
That said, you did actually declare in another thread that you'd fix this issue in "a couple of days". That was almost exactly two months ago, and it's gotten worse, not better. You could have come back at regular intervals and said something like 'sorry, guys. It's turned out to be more complicated than I thought, and I've had even less time for it than I thought, so it will be a while yet'. It only takes two minutes, and people who get regular updates tend to be a lot more understanding and patient, while people who don't just feel annoyed and ignored.
David Ladiges said:as I've mentioned before, the destination of the links are not a component of rules
I know, it's just that it feels even more annoying to get penalized for helping you advertise your very own products. Surely you can understand that?
Mac Pro (late 2013) OS 12.6.2
0 -
David Ladiges said:
I think I've adjusted it to prevent catching your post if you would like to try reposting it
Nope, didn't work this time either.
Mac Pro (late 2013) OS 12.6.2
0 -
That should be approving your post without moderation due to the post count, but isn't. Strange that it's only you being caught (you aren't specifically flagged for moderation or anything like that - I checked.)
I'll try to replicate this locally and see why your post count isn't good enough to get through. Maybe there's a check that you have to have at least 5,000 posts to avoid moderation somewhere I haven't found yet? As soon as I know more, I'll post back here.
0 -
OK.
FYI: The other spam thread shows that moderation started July 31, but in spite of several posts with links in them I never got moderated until August 6, although many other regulars did. Don't know if that gives you any hint.
FYI 2: I noted that Dominick Sela also got moderated for a three link post earlier today. He shouldn't get moderated either.
Mac Pro (late 2013) OS 12.6.2
0 -
David Ladiges said:
That should be approving your post without moderation due to the post count, but isn't. Strange that it's only you being caught (you aren't specifically flagged for moderation or anything like that - I checked.)
I'll try to replicate this locally and see why your post count isn't good enough to get through. Maybe there's a check that you have to have at least 5,000 posts to avoid moderation somewhere I haven't found yet? As soon as I know more, I'll post back here.
David, I think one of the best ways to prevent spam is to verify the email address before someone could post.
0 -
tom collinge said:
David, I think one of the best ways to prevent spam is to verify the email address before someone could post.
Can we get an update on why Logos is not considering this method? The forums are currently being ruined by spam. And that is of course the intention of the spammers. I realize Logos wants to ignore the problem. But the problem is growing. And there will be a time when LOGOS will not longer be able to ignore the problem. As I see it, the forum as we know it today is not going to last. These spammers are ruining the reputation of LOGOS. Some rules are needed. Here are some suggestions:
1. Only those who have purchased LOGOS can open a forum account
2. Only those who have opened a forum account can post to the forum
3. Everyone who posts to the forum must verify email address associated with their account in order for the post to be successful.
It seems easy to implement. Is it not? Will it not help solve the problem? Why is LOGOS ignoring the problem?
0 -
May I suggest 2 forums? One which will be pretty much open (as this one is) that will welcome participation from people who may be looking into Logos and have not purchased. And one with very strict rules, specifically for the use of Logos users who have an investment. As it is now, it appears that anyone with an email address can sign up for a Logos account and use the forums regardless of if they actually use the software or not. And as is seen, spammers do not respect the purpose of Logos, and probably don't respect God either when you think about it. When I was very young and prone to mischief in one way or another, whatever mischief I would get into would not be targeted against anything representing God or even remotely concerning God. This includes churches, christian book stores, preachers, priests, brothers, sisters, nuns, anyone that looked like they represented God, any institution that looked religious in nature, and if software and forums were back then, they would be included also. That would be met with great consequences, and not only from the community, but also from God who I could not see. Sorry, I got off topic a little.
.
0 -
Actually, you do not even need an email address, and this is the problem IMHO.Erwin Stull, Sr. said:As it is now, it appears that anyone with an email address can sign up for a Logos account and use the forums regardless of if they actually use the software or not.
0 -
tom collinge said:
Actually, you do not even need an email address, and this is the problem IMHO.
Wow. That is not so good. I always thought that you would at least need an email address. Never really investigated it. [:)]
0 -
The site asks for an email address. All the spam needs to do is to enter in something like abc123@msn.com. Logos does not verify that the email address that was entered in is a valid (used by the user).Erwin Stull, Sr. said:Wow. That is not so good. I always thought that you would at least need an email address. Never really investigated it.
0 -
tom collinge said:
The site asks for an email address. All the spam needs to do is to enter in something like abc123@msn.com. Logos does not verify that the email address that was entered in is a valid (used by the user).
I can see where that is a big problem (no validation). Seems like adding validation shouldn't be too difficult, and I'm sure that most legitimate forum users would not mind going through a one time validation process. Until the issues are fixed, I set my human filters to just bypass most of the posts. It appears that the spam is contained in a post of it's own and not invading posts made my legitimate users, which is a good thing. [:)]
0
