A Solution to Topsites Spam?

The latest news can be found here.

A Solution to Topsites Spam?

Postby Jeremy » 2006-06-29 05:04 pm

In light of the recent spam attacks, many people have suggested that a banning feature be added to combat the spammers. At first I thought that that sounded like a good solution to the problem. I thought that we could include a list of known spammers preloaded into the banning filter. But, that will not work in the long term because the spammers will just create new domains. A new domain name on the first page of 10,000 topsites lists will rank very will in search engines.

So how can we stop spammers from getting on the main page? The captcha prevents automated attacks, but I think that spammers will find enough value in topsites lists (especially after 5.0's SEO features) to continue adding their sites manually.

My plan to stop spammers contains these two parts:

1. Get rid of the "Require new members to be approved before being listed" and force it to be on at all times. Therefore, once a critical mass of people adopt the latest version, spammers will have no incentive to spam topsites lists because their links will never make the front page. I'll also set "Email admin when a new member joins" to "On" by default, but still leave that as an option.

2. Revamp the join process so that the code is not given to a member until the member is approved. After approval, the member will receive a nicely-formatted welcome email. This will prevent spammers putting the button up and sapping all your CPU and bandwidth. If they do that anyways, despite the delayed welcome email, then button.php will check and make sure the member is approved before displaying a button.

I know that some people won't like this because it adds a little hassle to the task of running a topsites list, but this hassle will pale in comparison to deleting several spam sites daily. The sooner this policy is in place, the better. The spamming situation will only get worse if action is not taken now.

If you have any comments on this, please post here. If you think my idea won't work, please explain why. My goal is to include anti-spam features in version 5.2.0, which will be released sometime this summer.
Jeremy
Supreme Diety
 
Posts: 8922
Joined: 2003-05-05 04:41 pm
Location: NJ, USA

Postby devman » 2006-06-29 06:12 pm

Ok, it does sounds like the best way.
To make things easier/faster for the admin you could add a "approve this member? yes/no" link in the mail.

But what happens if you don't approve a joiner? And if they do use some sort of automated system they will try to rejoin every time. Altough they won't get listed its irritating for the admin, deny-ing the same person over and over again. That's where those banning functions come in handy(until they change name/domain/etc.) so the owner doesn't get bothered.

Also I think Captcha will soon be broken. Just check http://sam.zoy.org/pwntcha/
Tried a captcha from the topsites and luckily that one wasn't broken, but some user only needs to analyse the Captcha's to detect the letters.

Just some thoughts..
devman
Advanced Member
 
Posts: 87
Joined: 2006-05-04 07:04 am

Postby Koby » 2006-06-29 06:45 pm

Get rid of the "Require new members to be approved before being listed" and force it to be on at all times.

Hmm.. I would like to still have the choice. Because I get tons of emails already as it is. And if too many emails are sent from my server my host may consider it spam and disable my account with them. I do have this option turned on at the time, but I was waiting for some banning features before turning it off. So you see, removing this feature and making it always on, may prevent some people from using it.

Especially like in the case of my old host to where it couldn't even send emails from it. :P



Anyhow other then that nice idea Jeremy. I do hope we will still get those banning features though.
Image
Come visit Kametsu Forums, an anime and gaming forum with anime downloads, amv's, an arcade, triple triad, rpg mod, and much much more!
Koby
Advanced Member
 
Posts: 806
Joined: 2004-07-09 08:50 pm
Location: Texas, United States

Postby Jeremy » 2006-06-29 07:45 pm

devman: the yes/no links directly in the email is a good idea. but why would they use an automated joiner on this script if they know that admin approval is required before they will appear on any list? the current captcha is not very good and could be broken very easily if someone wanted to.

koby: the banning features will be there, but it's not a long term solution. and if i let admin approval be an option, then spammers will attack every list and create a hassle for everyone. so i think requiring admin approval for all lists is the only way to stop spam.
Jeremy
Supreme Diety
 
Posts: 8922
Joined: 2003-05-05 04:41 pm
Location: NJ, USA

Postby devman » 2006-06-30 05:55 am

Many people don't have admin approval on now and many probally will never update their script especially with approval default on.

I think that spammers just search for topsites then put those link in a list. And if they want to promote a site it will be send to all those links. So even if they won't get listed the link to that topsite is still in their list. If that is true then without banning features the admin will still have to disaprove those people everytime. But im probally wrong.

The feature that they will only get the code after approval is very cool also that their won't be a button shown if they are not approved.

A side effect of all this is that a topsite becomes more and more complicated with all those extra settings and stuff. But it seems neccesary and options like custom pages are pretty cool.
devman
Advanced Member
 
Posts: 87
Joined: 2006-05-04 07:04 am

Postby Renegade89 » 2006-06-30 06:14 am

How about allowing one site per email and/or IP address
:) ~ I liek pie.
Renegade89
Advanced Member
 
Posts: 35
Joined: 2006-01-23 04:23 am
Location: Private

Postby devman » 2006-06-30 06:31 am

Renegade89 wrote:How about allowing one site per email and/or IP address


If they wanted they just use another email adres and join from another computer/ip.

PS. I overlooked "the banning features will be there" cool, with the combination of banning and forced approval I gues it will stop most spammers from appearing on any topsite.
devman
Advanced Member
 
Posts: 87
Joined: 2006-05-04 07:04 am

Postby Nobody » 2006-06-30 07:15 am

Jeremy Scheff wrote:2. Revamp the join process so that the code is not given to a member until the member is approved. After approval, the member will receive a nicely-formatted welcome email. This will prevent spammers putting the button up and sapping all your CPU and bandwidth. If they do that anyways, despite the delayed welcome email, then button.php will check and make sure the member is approved before displaying a button.

I definetly think new members still should receive a confirm e-mail telling them that the topsites list is aware of their registration. Otherwise, people may register over and over again because they believe their registrations aren't coming through, as to speak.

Also, why don't require e-mail validation? This way, spammers will have another time requiring moment in the registration process. I think descent members won't suffer that much from this moment.
Nobody
Advanced Member
 
Posts: 123
Joined: 2005-08-19 09:24 am

Postby devman » 2006-06-30 07:54 am

I don't think possible members would like to go to so much trouble being listed on a topsite.

1 Joining (filling in username, pass, website,etc.)
2 Confirming emailadres (going trough mail)
3 Waiting for admin approval
4 Recieving welcome message, setting up code

As for now my topsite only needs 2 steps (1 & 4).
devman
Advanced Member
 
Posts: 87
Joined: 2006-05-04 07:04 am

Postby Nobody » 2006-06-30 08:27 am

PHP Link Directory have an automated backlink look up checker. Maybe you should take a look at this.
Nobody
Advanced Member
 
Posts: 123
Joined: 2005-08-19 09:24 am

Postby Jeremy » 2006-06-30 01:47 pm

nobody: email validation won't slow spammers down. and, effectively, there will be email validation because if a user does not submit a valid email address, they will never recieve the email with their link code.

devman: i know it might be a little bit of a pain, but can you think of any other long-term solution to combat spam? something must be done.

nobody (2): a backlink checker would be a cool feature, but it wouldn't do much to help this problem. i'll put it on my list of things to do, though.
Jeremy
Supreme Diety
 
Posts: 8922
Joined: 2003-05-05 04:41 pm
Location: NJ, USA

Postby devman » 2006-06-30 02:31 pm

Jeremy Scheff wrote:devman: i know it might be a little bit of a pain, but can you think of any other long-term solution to combat spam? something must be done.

Nope :)
devman
Advanced Member
 
Posts: 87
Joined: 2006-05-04 07:04 am

Postby Nobody » 2006-06-30 04:51 pm

Jeremy Scheff wrote:nobody (2): a backlink checker would be a cool feature, but it wouldn't do much to help this problem. i'll put it on my list of things to do, though.

Yep, as there already is a finished solution for this, I think it would be cool to have it integrated into the next version. It would benefit the script very much Of course, it should be optionary. But I think most people would agree that it's just an amazing feature in a toplist script and most people would turn it on and use it.
Nobody
Advanced Member
 
Posts: 123
Joined: 2005-08-19 09:24 am

Postby trabi » 2006-07-03 10:22 am

For me the problem with spammers is mostly about cpu and bandwidth consumption. For example: even if the code will be mailed only after approval (and this is a cool feature!) it's no problem to place a button even before: just insert the code as username will be added to button.php and everybody knows that.

So I think it might be even more cool if the code for button would be random and not equal username. And any wrong or not approved code shouldn't generate a button but just nothing.
trabi
Newbie
 
Posts: 9
Joined: 2005-10-31 06:02 pm

Postby rshaven » 2006-07-03 10:41 am

I personally am one of those lazy topsite owners that would hate to have to approve each and every member before they are listed. just because I get so many new members each day and that I know how frustrating it is to have to wait. I honestly think that upto 20 - 30% of genuine website owners would never get around to installing the code if it even was even delayed by only 24 hours let alone days.

I love the backlink checker idea even though it doesn't stop the problem.

The only thing that I'd suggest is potentially making it easier for owners of topsites to ban URL's, emails and IPs easier (maybe an option in the admin panel) afterall even spammers get annoyed after awhile. I know I have battles with spammers from time to time where they keep adding their site and I keep deleting - eventually they get the message.

Also maybe making it quicker and easier to edit/suspend/ban sites might be a good option, some sort of quick link in each site's stats panel or something rather than having to login to the admin panel and then browse through what I think is a very annoying listing on sites usernames. Also maybe giving us the ability to assign other mods/admins so that they have the ability to edit/suspend/delete sites (maybe varying levels of power would be good too) via site's stats pages also so that we didn't have to give away admin panel password to get a bit of help.

Also I personally like the idea of not deleting sites but rather making it so that they have no stats recorded and no link back to their site. That way their can still display the topsite button/link without getting any benefits in return, it would mean a little extra bandwidth but if that became an issue it could be easily deleted, but I like the idea of keeping those good inbound links from those sites that have tried to cheat the topsite, but dislike it how that even while the iste is suspended that they sort of still are factored into the rankings whilst not being displayed on the topsite itself.

I dunno what do you guys think.
rshaven
Advanced Member
 
Posts: 169
Joined: 2004-07-09 12:09 am
Location: Australia

Next

Return to News

Who is online

Users browsing this forum: No registered users and 2 guests

cron