Blur Busters Forums

Who you gonna call? The Blur Busters! For Everything Better Than 60Hz™ Skip to content

Automated Filter false positive causing accidental forum ban

Tell us suggestions about improving Blur Busters Forums. This includes this forum and other parts of Blur Busters.

Automated Filter false positive causing accidental forum ban

Postby Hardcore » 03 Mar 2017, 18:50

Tried to sign up and got this:
Image

After opening said link in a message I get this:
Image

Had to use Open VPN to sign up. It isn't my email or nickname, I successfully signed up after connecting through Open VPN.

Interesting thing is that I can login and use forum without connecting through Open VPN. Who will use their own IP address to spam, anyway, when there are proxy, Open VPN, Thor and tonns of other ways to change your IP? I mean, what's the point of banning IPs when spammers will change IP every single time they can/want?

And please don't ban me, I'm not a spammer. I remember about half a year ago I got banned by some dumb sKids with moderator rights on Firefox forums for creating a similar thread about my IP being banned :lol:
Hardcore
 
Posts: 3
Joined: 03 Mar 2017, 18:37

Automated Filter false positive causing accidental forum ban

Postby Chief Blur Buster » 04 Mar 2017, 19:08

The ban algorithm is automatic by the StopForumSpam filter --

I've never had to manually ban an IP address, so you can bet I never had involvement :?

Often, a shared IP address might have been abused by a different user on the same ISP, or some other metrics (e.g. multiple abuses coming from multiple IPs on the same subnet), or other heuristics. You might have been hit by this, or this may be a false positive of some kind --

A few years ago, we were hit by spammers posting hundreds of messages (in Chinese) in the period of an hour, so we had to find a solution to automatically blocking such spammers. We cannot go without an antispam plugin, but we may be able to switch to a different antispam plug-in that is less likely to "throw the baby and bathwater together" by accident.

What's the usernames of the banned accounts?
You can also send me a PM or contact squad[at]blurbusters.com for further troubleshooting too.
[if the emails can make it through...but try a PM]
Head of Blur Busters - BlurBusters.com | TestUFO.com | Follow @BlurBusters on Twitter!
User avatar
Chief Blur Buster
Site Admin
 
Posts: 3590
Joined: 05 Dec 2013, 15:44

Automated Filter false positive causing accidental forum ban

Postby Chief Blur Buster » 10 Mar 2017, 14:24

Any response?

I'd like help fixing the StopForumSpam filter, or switching to another filter vendor that won't create as many false positives.

Thank you!
Head of Blur Busters - BlurBusters.com | TestUFO.com | Follow @BlurBusters on Twitter!
User avatar
Chief Blur Buster
Site Admin
 
Posts: 3590
Joined: 05 Dec 2013, 15:44

Automated Filter false positive causing accidental forum ban

Postby Sparky » 10 Mar 2017, 23:12

This forum is a small enough target that any unique change to the registration process should stop spambots, even if it would be trivial to code a bot around it. Human spammers are a bit more difficult, but should be rare enough to ban manually.

I've heard of honeypot methods, based on bot behavior. For example, if the bot always tries to post in forum 1, then forum 2, then forum 3 until it finds somewhere it has permissions to post, you make forum 1 invisible to all users, but give permission to post there, and automatically ban anyone that posts there.

I've also heard of using hidden form elements on the registration page, that the bot sees and fills in, but a web browser won't actually display, so you ban everyone that enters a non-default value in that field.
Sparky
 
Posts: 529
Joined: 15 Jan 2014, 02:29

Automated Filter false positive causing accidental forum ban

Postby Chief Blur Buster » 10 Mar 2017, 23:25

Thanks for the ideas.

We might test out Google's new invisible captcha, too -- and other methods that are a little gentler on users.

First things first, we need to launch the brand new website design (March 2017) we have in progress... (And increase the amount of new content too!)
Head of Blur Busters - BlurBusters.com | TestUFO.com | Follow @BlurBusters on Twitter!
User avatar
Chief Blur Buster
Site Admin
 
Posts: 3590
Joined: 05 Dec 2013, 15:44

Automated Filter false positive causing accidental forum ban

Postby Sparky » 11 Mar 2017, 11:40

I'm of three minds on google's captchas. On one hand, yay a tool against spammers. On the other, it's almost certainly doing device fingerprinting and user tracking, and is incompatible with some basic privacy measures, like disabling javascript. On the third, that type of tracking is already so ubiquitous that it hardly makes any difference.
Sparky
 
Posts: 529
Joined: 15 Jan 2014, 02:29

Automated Filter false positive causing accidental forum ban

Postby Chief Blur Buster » 11 Mar 2017, 13:10

It's a tough line deciding on the right antispam technique.

We were the recipient of hundreds of chinese spam posts that occured overnight (when moderators were sleeping). It took forever to manually delete them one-by-one. It happened 2 or 3 nights in a row. I don't care to delete nigerian/chinese-language automated spam posts that occur by hundreds, which is why I installed the StopForumSpam plugin. But it seems to be a little 'rude' to some forum users, unbeknownst to my knowledge -- alas.

Undecided at this time -- but the Google invisible captcha seems a fair compromise. Or at least the more visible & easy "I'm not a robot" noCaptcha -- which is what currently now use on the upcoming brand new Blur Busters website launching this month (which will shortly after have a unified registration system for both Blur Busters Comments + Blur Busters Forums).

Javascript enable/disable is a consideration. It's certainly true that Forums works without JavaScript, although TestUFO can't run without it. Several Blur Busters pages does make JavaScript mandatory -- e.g. TestUFO, certain BlurBusters navigation menus, etc.

NOTE: Fair disclosure -- Blur Busters uses Google Analytics to analyze how popular Blur Busters is. It is disclosed in the Privacy Policy -- in the Privacy link found at bottom of all Blur Busters pages, TestUFO, and Forums. Many websites -- including ArsTechnica, TFTCentral, NASA.gov, etc -- all use Google Analytics solutions. That said, Google Analytics can easily be blocked by users (adblockers, firewalls, /etc/hosts files, etc) with no ill effects except making you invisible to Google... We're OK accomodating the minority of users who prefer this, no problem!
Head of Blur Busters - BlurBusters.com | TestUFO.com | Follow @BlurBusters on Twitter!
User avatar
Chief Blur Buster
Site Admin
 
Posts: 3590
Joined: 05 Dec 2013, 15:44


Return to Forum Help & Suggestions

Who is online

Users browsing this forum: No registered users and 1 guest