XF Spam Mitigation

Pete

Flavours of Forums Forever
Joined
Sep 9, 2013
Messages
1,658
I imagine there is a sense of not getting duplicate/triplicate/manyplicate reports of the same thing, because all the reports are 'public'.
 

Banxix

Enthusiast
Joined
Jan 13, 2018
Messages
138
Do you get any benefits from this that you wouldn't have from just using built-in 'report' functions?
No actual advantage. I just want it to be public in one thread.

The main point is that I don't mind whether spammers could live a bit longer, we kill them in the end, we have many active moderators to do it. I implement myself a rate limiting for post, combine with flood check. I haven't seen a spam tool which could get over it.
 
Last edited:

R0binHood

Habitué
Joined
Nov 23, 2011
Messages
1,322
Just to give you guys an update, Kier, Mike and I have done quite an in-depth analysis today of the recent increase of spam and we've observed a few things...
Awesome! Nice one :)

I agree. I've encountered many sites that make it really hard to register and post. I've even seen one that had it lock up so tight it was impossible. The owner admitted he had started to wonder why he'd had no new registrations during the last two+ years... o_O
I'm paranoid about anything to to with the registration page, whether it's additional custom fields provided by plugins or question and answers.

I've had 3rd party Google autocomplete for the location field fail on me in the past, breaking the form.

I've also has trouble with Q&As, but it was simply my design of the question and the user having a brain fart and not being able to guess any of the 20 odd options I have as answers, including potential typos. They had to message me through or facebook page for the answer, I'm guessing most users would have bounced instead.
 

Dadparvar

Neophyte
Joined
Mar 28, 2016
Messages
8
for a long time, I wasn't getting any spam, either as posts or in the contact form.

Recently I'm getting a lot! (in my XF2 site. especially since the last update -> don't know if it is related at all or not)

(btw, my xf1 sites are still clean and no spam whatsoever)
 

Mouth

Enthusiast
Joined
Oct 3, 2009
Messages
193
Recently I'm getting a lot! (in my XF2 site. especially since the last update -> don't know if it is related at all or not)
Probably the spam mitigation bug in XF2 that was acknowledged in a previous post.
 

Alfa1

Administrator
Joined
May 28, 2007
Messages
3,881
I honestly do not understand why those settings are not in core. XF already has SFS integration and email blacklisting. It just doesn't work well the way its currently implemented and would not need a mass of improvement to make it work a lot better.
 

Chris D

XenForo Developer
Joined
Aug 23, 2012
Messages
780
That particular spammer would have been stopped in XF by the number of SFS flags alone, though. The rest of the criteria and the scoring is good, especially to reduce false positives, but it's unfair to show that, clearly, a spammer would have been stopped by default SFS and then suggest it doesn't work well.

I'm sure there are other examples that may not have been stopped by default, but in isolation, that's a bad example of XF falling short.
 

eva2000

Habitué
Joined
Jan 11, 2004
Messages
1,752
That particular spammer would have been stopped in XF by the number of SFS flags alone, though. The rest of the criteria and the scoring is good, especially to reduce false positives, but it's unfair to show that, clearly, a spammer would have been stopped by default SFS and then suggest it doesn't work well.

I'm sure there are other examples that may not have been stopped by default, but in isolation, that's a bad example of XF falling short.
Yeah TPU Spam detect would reduce false positives - so if same username was listed in SFS, you can configure it to still pass through and only outright reject when same email address is listed in SFS etc.

Maybe XF2 can have a the standard Spam mitigation mode and toggle between an advanced mode similar to TPU Spam Detect so not to totally confuse new users with advance mode out of the box.
 

Alfa1

Administrator
Joined
May 28, 2007
Messages
3,881
That particular spammer would have been stopped in XF by the number of SFS flags alone, though. The rest of the criteria and the scoring is good, especially to reduce false positives, but it's unfair to show that, clearly, a spammer would have been stopped by default SFS and then suggest it doesn't work well.
What I mean is that SFS is mighty useful. Yet the username flag is not very useful. It causes a lot of false positives. This is especially problematic if you have thousands of registrations, because the number of complaints is so large that its best turned off. Adding a criteria for the SFS username flag seems a tiny feature which would make the xenforo implementation a lot better.

XenForo has email blacklisting. I had simple functionality built to add domain whitelisting, which then means that we catch all dodgy domains. (tempmail, etc) Instead of spammers beign able register with any domain not blacklisted, a domain is either whitelisted, blacklisted or unknown. That makes a lot of difference and saves a lot of time and trouble.

What I mean is that with some minor enhancements SFS and email domain screening the XF functionality would become much more effective.

Coming from vbulletin XenForo has way more antispam features and is lightyears ahead in this respect, so its certainly not all bad or negative. It just surprises me that such low hanging fruit has not been given a little extra attention.
 

Gladius

Enthusiast
Joined
Dec 16, 2011
Messages
172
A sensible addition to combating spam would be a setting to automatically flag a user account as "spammer", hiding all of their threads and posts from public viewing and prevent further use of the account until a moderator can review the reported content. There would just need to be a setting how many "spam" reports against any single user need to be made from the other users in a given time span before this kicks in.

Of course this would be in addition to all of the other improvements mentioned above. It wouldn't stop spammers, but at least it'd get rid of pages full of publicly visible spam if the mods can't clean up immediately.
 

Alfa1

Administrator
Joined
May 28, 2007
Messages
3,881
Yes, a community flagging system is something that would not only be very helpful for spam, but will most likely become legally required in time. (for hate speech, copyright, fake news, abuse) I think we will see legislation in regard to the latter in EU or US and then we will have another GDPR like situation.
 

datio

Aspirant
Joined
Dec 7, 2016
Messages
15
You'd have to wait for applications 24/7 and be ready to approve within moments to meet expectations, and that's impossible. So when the inevitable happens and folks have to wait for hours (day+?) for access, I'm willing to bet you'll lose as many as you keep.
A solution could be to temporarily "shadowban" any initial interactions, giving the illusion of easy access.
E.g. new users would get the instant gratification of being able to participate and having their posts submitted and seemingly to them accepted immediately. In reality though, their content wouldn't be visible to non-staff members who then would make the final decision about allowing that content or not to be displayed to others.

That certainly can't fool bots, but it will trick many legitimate users to not feel unwelcome

--

Instead of having either a reactive or a proactive solution to moderation (terms Lithium Technologies uses) a middle ground should be investigated.

I've played with the idea of a more advanced access control system where users could be grouped, see 'Facebook Filter bubble' and media 'echo chambers'.
It would let spammers see normal posts, including posts of other spammers, yet normal users would only see posts from their peers, excluding the spam.

Say you own a 'serious discussions' forum where until now you've been deleting any funny, troll, stupid, etc. posts.
If instead of outright banning them or trying to discipline them (lost case IMO), you could restrict them to their own bubbles where they would interact with like-minded to them people, I think that would be a great way to grow your userbase (you'd still need to have classic moderators, responsible to manage those groups and acceptable by all parties).
 

haqzore

Devotee
Joined
Dec 6, 2012
Messages
2,192
A solution could be to temporarily "shadowban" any initial interactions, giving the illusion of easy access.
E.g. new users would get the instant gratification of being able to participate and having their posts submitted and seemingly to them accepted immediately. In reality though, their content wouldn't be visible to non-staff members who then would make the final decision about allowing that content or not to be displayed to others.

That certainly can't fool bots, but it will trick many legitimate users to not feel unwelcome

--

Instead of having either a reactive or a proactive solution to moderation (terms Lithium Technologies uses) a middle ground should be investigated.

I've played with the idea of a more advanced access control system where users could be grouped, see 'Facebook Filter bubble' and media 'echo chambers'.
It would let spammers see normal posts, including posts of other spammers, yet normal users would only see posts from their peers, excluding the spam.

Say you own a 'serious discussions' forum where until now you've been deleting any funny, troll, stupid, etc. posts.
If instead of outright banning them or trying to discipline them (lost case IMO), you could restrict them to their own bubbles where they would interact with like-minded to them people, I think that would be a great way to grow your userbase (you'd still need to have classic moderators, responsible to manage those groups and acceptable by all parties).
Both very interesting to consider.

Seem like good options worth exploring.

Only problem with the 2nd one is eventually those spammers would be taxing your server with 10s of thousands of posts a day - even if only they can see it.
 

Alfa1

Administrator
Joined
May 28, 2007
Messages
3,881
One thing that I find odd in XenForo 1 is that the system can send an account to the moderation queue because it meets a criteria. But then its not visible why it is in the moderation queue. Half the time it will become clear when checking out the account. But if not then we might just let a spammer in due to lack of information. Is this still the same in XF2?
 

mysiteguy

Devotee
Joined
Feb 20, 2007
Messages
2,990
Yes, a community flagging system is something that would not only be very helpful for spam, but will most likely become legally required in time. (for hate speech, copyright, fake news, abuse) I think we will see legislation in regard to the latter in EU or US and then we will have another GDPR like situation.
Maybe in some EU countries, but "hate speech" isn't a crime in the USA, neither is fake news. Only if it incites violence, is a threat, etc. This was unanimously reaffirmed by the US Supreme Court in 2017.

Fake news as well, not a crime in the USA. Worst case with fake news is if it slanders someone they may have a civil case, but not a criminal case.
 

djbaxter

Tazmanian Veteran
Joined
Jun 6, 2006
Messages
10,485
Maybe in some EU countries, but "hate speech" isn't a crime in the USA, neither is fake news. Only if it incites violence, is a threat, etc. This was unanimously reaffirmed by the US Supreme Court in 2017.

Fake news as well, not a crime in the USA. Worst case with fake news is if it slanders someone they may have a civil case, but not a criminal case.
Really. Wow. That is seriously backwards.

But it explains a lot... :cautious:
 

Alfa1

Administrator
Joined
May 28, 2007
Messages
3,881
Maybe in some EU countries, but "hate speech" isn't a crime in the USA, neither is fake news
Asides from a few countries its not illegal yet. Germany imposes millions in fines for hate speech, fake news and abuse. US senators have stated legislation is needed and in the works. Specifically after the Zuck hearing. The UK is gradually beefing up its hate speech approach and there has been talk about a law similar to Germany. Various countries and the EU are also looking into this.

Asides from any laws coming in, Google is already removing pages from its index that have hate speech & offensive content. I'm not sure how that affects ranking but its probably pretty bad for SEO.Other online media giants are also increasingly taking steps against hate speech, fake news, abuse)

In regards to copyright, the EU does have a new and disastrous EU Copyright Directive coming up. Thankfully the last version was shelved, but they will rework it next month. That one is likely to hurt us way more than the GDPR and is likely to make admins pay for copyrighted content posted by the community.

More info:
https://xenforo.com/community/threads/better-functionality-to-report-and-moderate-illegal-hate-speech.127828/
https://xenforo.com/community/tags/hate-speech/
https://techcrunch.com/2017/08/21/online-hate-crime-to-be-treated-the-same-as-face-to-face-crime-in-the-uk/
 

mysiteguy

Devotee
Joined
Feb 20, 2007
Messages
2,990
Really. Wow. That is seriously backwards.

But it explains a lot... :cautious:
Have they really come to that where you live, where people are not free to express ideas unless they are nice, tasteful, agreeable?

And you accept this? Really. Wow. That is seriously backwards. But it explains a lot...
 
Last edited:

mysiteguy

Devotee
Joined
Feb 20, 2007
Messages
2,990
Asides from a few countries its not illegal yet. Germany imposes millions in fines for hate speech, fake news and abuse. US senators have stated legislation is needed and in the works. Specifically after the Zuck hearing.
US senators saying things like that are nothing more than thumping their chest for their voters. They know government censorship would not survive a Supreme Court challenge, it never does.

What they can address is laws concerning privacy.

The UK is gradually beefing up its hate speech approach and there has been talk about a law similar to Germany. Various countries and the EU are also looking into this.
Ultimately, and historically, without free speech, liberty yields.

Asides from any laws coming in, Google is already removing pages from its index that have hate speech & offensive content. I'm not sure how that affects ranking but its probably pretty bad for SEO.Other online media giants are also increasingly taking steps against hate speech, fake news, abuse)
As a company, in the USA, Google is free to make the decisions it wants concerning what speech is allowed on their platforms, just as a forum can. It's government telling a company or individual what they can and cannot say which is protected against by the first amendment to our constitution.
 
Top