Automated Filter false positive causing accidental forum ban

Forum registration problems? Need help with creating a post? Want to send suggestions of improvements to Blur Busters Forums? Tell us here!
Post Reply
Hardcore
Posts: 3
Joined: 03 Mar 2017, 18:37

Automated Filter false positive causing accidental forum ban

Post by Hardcore » 03 Mar 2017, 18:50

Tried to sign up and got this:
Image

After opening said link in a message I get this:
Image

Had to use Open VPN to sign up. It isn't my email or nickname, I successfully signed up after connecting through Open VPN.

Interesting thing is that I can login and use forum without connecting through Open VPN. Who will use their own IP address to spam, anyway, when there are proxy, Open VPN, Thor and tonns of other ways to change your IP? I mean, what's the point of banning IPs when spammers will change IP every single time they can/want?

And please don't ban me, I'm not a spammer. I remember about half a year ago I got banned by some dumb sKids with moderator rights on Firefox forums for creating a similar thread about my IP being banned :lol:

User avatar
Chief Blur Buster
Site Admin
Posts: 11647
Joined: 05 Dec 2013, 15:44
Location: Toronto / Hamilton, Ontario, Canada
Contact:

Automated Filter false positive causing accidental forum ban

Post by Chief Blur Buster » 04 Mar 2017, 19:08

The ban algorithm is automatic by the StopForumSpam filter --

I've never had to manually ban an IP address, so you can bet I never had involvement :?

Often, a shared IP address might have been abused by a different user on the same ISP, or some other metrics (e.g. multiple abuses coming from multiple IPs on the same subnet), or other heuristics. You might have been hit by this, or this may be a false positive of some kind --

A few years ago, we were hit by spammers posting hundreds of messages (in Chinese) in the period of an hour, so we had to find a solution to automatically blocking such spammers. We cannot go without an antispam plugin, but we may be able to switch to a different antispam plug-in that is less likely to "throw the baby and bathwater together" by accident.

What's the usernames of the banned accounts?
You can also send me a PM or contact squad[at]blurbusters.com for further troubleshooting too.
[if the emails can make it through...but try a PM]
Head of Blur Busters - BlurBusters.com | TestUFO.com | Follow @BlurBusters on Twitter

Image
Forum Rules wrote:  1. Rule #1: Be Nice. This is published forum rule #1. Even To Newbies & People You Disagree With!
  2. Please report rule violations If you see a post that violates forum rules, then report the post.
  3. ALWAYS respect indie testers here. See how indies are bootstrapping Blur Busters research!

User avatar
Chief Blur Buster
Site Admin
Posts: 11647
Joined: 05 Dec 2013, 15:44
Location: Toronto / Hamilton, Ontario, Canada
Contact:

Automated Filter false positive causing accidental forum ban

Post by Chief Blur Buster » 10 Mar 2017, 14:24

Any response?

I'd like help fixing the StopForumSpam filter, or switching to another filter vendor that won't create as many false positives.

Thank you!
Head of Blur Busters - BlurBusters.com | TestUFO.com | Follow @BlurBusters on Twitter

Image
Forum Rules wrote:  1. Rule #1: Be Nice. This is published forum rule #1. Even To Newbies & People You Disagree With!
  2. Please report rule violations If you see a post that violates forum rules, then report the post.
  3. ALWAYS respect indie testers here. See how indies are bootstrapping Blur Busters research!

Sparky
Posts: 682
Joined: 15 Jan 2014, 02:29

Automated Filter false positive causing accidental forum ban

Post by Sparky » 10 Mar 2017, 23:12

This forum is a small enough target that any unique change to the registration process should stop spambots, even if it would be trivial to code a bot around it. Human spammers are a bit more difficult, but should be rare enough to ban manually.

I've heard of honeypot methods, based on bot behavior. For example, if the bot always tries to post in forum 1, then forum 2, then forum 3 until it finds somewhere it has permissions to post, you make forum 1 invisible to all users, but give permission to post there, and automatically ban anyone that posts there.

I've also heard of using hidden form elements on the registration page, that the bot sees and fills in, but a web browser won't actually display, so you ban everyone that enters a non-default value in that field.

User avatar
Chief Blur Buster
Site Admin
Posts: 11647
Joined: 05 Dec 2013, 15:44
Location: Toronto / Hamilton, Ontario, Canada
Contact:

Automated Filter false positive causing accidental forum ban

Post by Chief Blur Buster » 10 Mar 2017, 23:25

Thanks for the ideas.

We might test out Google's new invisible captcha, too -- and other methods that are a little gentler on users.

First things first, we need to launch the brand new website design (March 2017) we have in progress... (And increase the amount of new content too!)
Head of Blur Busters - BlurBusters.com | TestUFO.com | Follow @BlurBusters on Twitter

Image
Forum Rules wrote:  1. Rule #1: Be Nice. This is published forum rule #1. Even To Newbies & People You Disagree With!
  2. Please report rule violations If you see a post that violates forum rules, then report the post.
  3. ALWAYS respect indie testers here. See how indies are bootstrapping Blur Busters research!

Sparky
Posts: 682
Joined: 15 Jan 2014, 02:29

Automated Filter false positive causing accidental forum ban

Post by Sparky » 11 Mar 2017, 11:40

I'm of three minds on google's captchas. On one hand, yay a tool against spammers. On the other, it's almost certainly doing device fingerprinting and user tracking, and is incompatible with some basic privacy measures, like disabling javascript. On the third, that type of tracking is already so ubiquitous that it hardly makes any difference.

User avatar
Chief Blur Buster
Site Admin
Posts: 11647
Joined: 05 Dec 2013, 15:44
Location: Toronto / Hamilton, Ontario, Canada
Contact:

Automated Filter false positive causing accidental forum ban

Post by Chief Blur Buster » 11 Mar 2017, 13:10

It's a tough line deciding on the right antispam technique.

We were the recipient of hundreds of chinese spam posts that occured overnight (when moderators were sleeping). It took forever to manually delete them one-by-one. It happened 2 or 3 nights in a row. I don't care to delete nigerian/chinese-language automated spam posts that occur by hundreds, which is why I installed the StopForumSpam plugin. But it seems to be a little 'rude' to some forum users, unbeknownst to my knowledge -- alas.

Undecided at this time -- but the Google invisible captcha seems a fair compromise. Or at least the more visible & easy "I'm not a robot" noCaptcha -- which is what currently now use on the upcoming brand new Blur Busters website launching this month (which will shortly after have a unified registration system for both Blur Busters Comments + Blur Busters Forums).

Javascript enable/disable is a consideration. It's certainly true that Forums works without JavaScript, although TestUFO can't run without it. Several Blur Busters pages does make JavaScript mandatory -- e.g. TestUFO, certain BlurBusters navigation menus, etc.

NOTE: Fair disclosure -- Blur Busters uses Google Analytics to analyze how popular Blur Busters is. It is disclosed in the Privacy Policy -- in the Privacy link found at bottom of all Blur Busters pages, TestUFO, and Forums. Many websites -- including ArsTechnica, TFTCentral, NASA.gov, etc -- all use Google Analytics solutions. That said, Google Analytics can easily be blocked by users (adblockers, firewalls, /etc/hosts files, etc) with no ill effects except making you invisible to Google... We're OK accomodating the minority of users who prefer this, no problem!
Head of Blur Busters - BlurBusters.com | TestUFO.com | Follow @BlurBusters on Twitter

Image
Forum Rules wrote:  1. Rule #1: Be Nice. This is published forum rule #1. Even To Newbies & People You Disagree With!
  2. Please report rule violations If you see a post that violates forum rules, then report the post.
  3. ALWAYS respect indie testers here. See how indies are bootstrapping Blur Busters research!

Joel D
Posts: 158
Joined: 25 Apr 2020, 19:06

Re: Automated Filter false positive causing accidental forum ban

Post by Joel D » 11 May 2020, 22:57

Sparky wrote:
11 Mar 2017, 11:40
I'm of three minds on google's captchas. On one hand, yay a tool against spammers. On the other, it's almost certainly doing device fingerprinting and user tracking, and is incompatible with some basic privacy measures, like disabling javascript. On the third, that type of tracking is already so ubiquitous that it hardly makes any difference.
Yea, Google is just bad news. They got caught literally listening to tons of peoples homes when they first launched Chrome. Anyone read about that ? Sure it was just a "accident".

Chrome by default on launch had access to your microphone and enabled ! Go figure. Lets not get into everything else they do and cause. Hopefully just for saying this, my house won't be bugged and I mysteriously "commit suicide" tomorrow.... If I do, you know who really did it. LOL ! :-D

Post Reply