Discuss Scratch
- Discussion Forums
- » Suggestions
- » Spambot activity - How you can stop it
- Sonickyle
- Scratcher
1000+ posts
Spambot activity - How you can stop it
I've been looking around, and found PlayThru. Instead of typing something it asks you to play a small game. It runs in HTML5 and it's apparently bot-proof.
It's seems perfect for a website like this.
It's seems perfect for a website like this.
No I don't make projects anymore. I left some time ago.
I only check the forums every now and then, but other than that consider me retired.
I only check the forums every now and then, but other than that consider me retired.
- jvvg
- Scratcher
1000+ posts
Spambot activity - How you can stop it
PlayThru. Instead of typing something it asks you to play a small game. It runs in HTML5 and it's apparently bot-proof.Just remember that nothing is toatlly bot-proof. Bots are getting much better at what they do, and are getting much better at bypassing captchas. I've been looking around, and found
It's seems perfect for a website like this.
- A-no-meep
- Scratcher
100+ posts
Spambot activity - How you can stop it
Short platformer: Great idea, Color thing: Bad idea, what about colorblind people?Still, more security is better than less…There is just about no way to stop a spambot targeted for a specific site. However, developers of spambots don't care about individual websites.What if someone makes a spambot specifically for the Scratch website that creates a bunch of accounts to spam? Way too easy.Not exactly. I need to reiterate what I said above: Spambots will not be able to get around something that isn't widespread. They can get around just about anything if someone wants them to, but nobody will bother trying to write a script to detect the color if it's just one site.Way too easy for a spambot to detect the colour.I've got an idea! The top of the signup window would change to a random color and then it would ask “What is the color of the top of this window?” You would have to choose the color from a drop down menu. That is pretty unique. We could also do something like there is a scratch cat that changes colors and moves in a certain direction. You would then have to choose what color the scratch cat is and which direction it is moving. Those things would be easy for an 8 year-old to do, but not a spam bot. And it can be formatted in HTML5 so that flash player is not required. Of course, anyone who wants to view project online will have to get flash eventually. There is a trick to stop just about all spambots. The key is to use something that is unique to your site. Spambots can adapt to just about anything that is used on a lot of sites, but if it is only used on one site, then they probably won't adapt.
This usually involves one of the following:There are a lot of other things that can go on that list, but the key is to create something unique.
- Specialized CAPTCHAs (they don't need to be hard, they just need to be unique)
- HTML tricks
- Questions specifically tailored to the website
The thing you need to remember is that the spambots we're trying to stop are commercial spambots, and those just try to hit as many sites as possible. The developers don't care if some sites are able to stop them, they just care that some aren't.
Like how about the easiest platformer game where you have to get from one side of the screen to another? That would be hard for a spambot to use…
[ v]A dropdown to nowhere
- joshuaho
- Scratcher
1000+ posts
Spambot activity - How you can stop it
BREAKING NEWS
Just yesterday, I reported 3 topics in a row made by the same spam - bot. Spam-bots are now also capable of spamming the forums repeatedly, not just once.
College student studying Communication and Fire Technology, communication lab tutor, guitar and piano player, perfectionist, and just some guy who regularly eats and trains physically to stay healthy.
- ev3commander
- Scratcher
500+ posts
Spambot activity - How you can stop it
I agree with “honeypot”,BREAKING NEWS: I'm getting news that spammers are creating PROJECTS! Our time is running out, we must do something to stop them!
Original Post: In the past 20 minutes I have found at least 8 topics created by spambots made in the last 24 hours. Just yesterday I found 6 more spam topics over the course of that day. Has activity always been this high? Last time I checked one or two topics were made every month or so. Something bad is happening, and it's happening fast. So why all of sudden we're being attacked more often?
There is a major flaw in the sign-up process: a lack of something to stop a spambot. CAPTCHA could work, although I remember reading a post by jvvg that even spambots have the intelligence to bypass it. Not good. We need something to gain the high ground and we need to do it fast, or else we will face another spambot invasion far worse than Scratch has encountered before. I'm not cynical, but the vulnerability of Scratch is a reality.
What are these spammers capable of?
There are a number of technological adaptations that allow spambots to do almost anything a person can. The main weapons of them include Optical Character Recognition (to “read” CAPTCHAs), Averaging (which reduces noise of a CAPTCHA image), and even artificial intelligence that can answer security questions (such as "What is 2+2?). What makes these spammers tough to stop is that they can hide behind multiple proxies, making an IP ban nearly ineffective against them.
It can be difficult to tell if a spammer is a bot or human, depending on the behavior. Often times, a spambot will be aided by a human to fill in certain fields on a page to avoid suspicion that it is indeed a spambot. On Scratch, I have witnessed spambots (likely aided by someone) do the following actions:Sometimes it's not obvious if the person really is a spambot. But it takes just one spam post to aid in Search Engine Optimization to identify a user as a bot. But before that, you can often mistake a spambot for a legitimate user based on prior behaviors, such as “innocent” commenting/posting.
- Fill in information in the About Me and What I'm Working On sections of profiles.
- Comment on profiles, projects, etc.
- Reply to comments.
- Post on other forum topics.
- Create projects
What should I look for?
Keep your eyes peeled for any suspicious topics that seem to not belong. For instance, the following are common spam topic titles found in the Scratch Forums:You should report these IMMEDIATELY. The longer these topics last on the forums, the more people will view them, and the greater SEO it will accomplish. Scratch was, is, and always will be commercial-free, so help get rid of these topics ASAP!
- Dude vs Dude2 Live Stream
- hey bro whats up
- that was great man (use of the word “man” is common)
- Website Reviews from [Company Name]
- Kitchen Appliance Sale
- {OM}Watch XXXXXXX Online
How do I report?
The report button is located in the bottom right corner of every post; when you click it, you will be asked to put in a reason for why you are reporting that post, so put in “Spam” or “Spambot” as the reason. It should take a few minutes (hours?) for a moderator/admin to pick up on the report and take down the topic along with terminating the spambot account. To see if any spambots have infected the forums, click the link “See unanswered posts” at the bottom-right of the main discuss page and locate suspicious topics.
How can we stop spam?
However, all hope is not lost. We have come up with powerful defenses against spam:Circular CAPTCHA (Suggested by Lirex)
This is a new kind of CAPTCHA where letters and symbols are arranged clockwise or counterclockwise on a circle. However, this poses two major problems: 1) Real people could have a hard time disinguishing between M,W, and 3; and 2) It does not prevent spambots from using their OCR powers.Destruction of External Links (Suggested by me)
Spambots are responsible for sending out links to assigned websites. If we can destroy those links at the moment of posting, the SEO will no longer work. This will not prevent spambots from registering, but will render their posts completely harmless, link-wise. This also means that “legitimate Scratchers can't post legitimate external links” (scimonster), unless a whitelist of websites is used.Honeypot (Suggested by scratchisthebest)
This puts a new field on the registration page that is not supposed to be filled in. Spambots are notorious for filling in absolutely everything on a fill-out form, and may not catch that this field should be left empty, and therefore preventing their registration.Verification (Suggested by jvvg)
jvvg explains it:
“On the registration page, make a frame that points to a secondary form and ask the user to submit the form in the frame before registering.
When the secondary form is submitted, mark that IP as verified for 10 minutes.
When submitting the registration form, check that the IP was verified within the last 10 minutes, and reject the request if it wasn't.”CAPTCHA Images (Suggested by me)
Because spambots use OCR to “read” words almost perfectly, they can bypass any CAPTCHA with those weird morphed words. So instead of using words to verify a user, use images of simple everyday objects and a list of answers, one of which is correct. For instance, there could be an image of an apple, and the user must answer what the image is generally, given three or more radical answers and one correct answer. Guess incorrectly for two or so times consecutively, and you will be unable to register for 30 minutes. However, language barriers are a problem because there would need to be 50+ translations for every possible answer.
The fate of Scratch hangs in the balance. Is it up to each and every one of you to defend it from malicious spammers.
- ScratchJahd2011
- Scratcher
500+ posts
Spambot activity - How you can stop it
BREAKING NEWSJust yesterday, I reported 3 topics in a row made by the same spam - bot. Spam-bots are now also capable of spamming the forums repeatedly, not just once.
Um… They are already capable of doing that when they started… It's really annoying…
…..
- joshuaho
- Scratcher
1000+ posts
Spambot activity - How you can stop it
They haven't done that since the first time I saw a spam topic.BREAKING NEWSJust yesterday, I reported 3 topics in a row made by the same spam - bot. Spam-bots are now also capable of spamming the forums repeatedly, not just once.
Um… They are already capable of doing that when they started… It's really annoying…
College student studying Communication and Fire Technology, communication lab tutor, guitar and piano player, perfectionist, and just some guy who regularly eats and trains physically to stay healthy.
- Harakou
- Scratcher
1000+ posts
Spambot activity - How you can stop it
They've always done it. Usually they'll make a couple threads and drop the account, presumably to go spam some other site.They haven't done that since the first time I saw a spam topic.BREAKING NEWSJust yesterday, I reported 3 topics in a row made by the same spam - bot. Spam-bots are now also capable of spamming the forums repeatedly, not just once.
Um… They are already capable of doing that when they started… It's really annoying…
- cheeseeater
- Scratcher
1000+ posts
Spambot activity - How you can stop it
This is reaching a ridiculous level
I reported 32 (and it keeps going up) spam posts today, all with phone numbers, emails and websites. This is becoming unacceptable. I am asking for sign-up to have a capatcha, when people sign up they are mostly doing it with an adult, so they can help. I am worried that the Scratch forums may become unsafe.
I reported 32 (and it keeps going up) spam posts today, all with phone numbers, emails and websites. This is becoming unacceptable. I am asking for sign-up to have a capatcha, when people sign up they are mostly doing it with an adult, so they can help. I am worried that the Scratch forums may become unsafe.
- ScratchJahd2011
- Scratcher
500+ posts
Spambot activity - How you can stop it
This is reaching a ridiculous level
I reported 32 (and it keeps going up) spam posts today, all with phone numbers, emails and websites. This is becoming unacceptable. I am asking for sign-up to have a capatcha, when people sign up they are mostly doing it with an adult, so they can help. I am worried that the Scratch forums may become unsafe.
I agree! The ST must create at least one of the suggested CAPTCHA right this moment!
…..
- LuxrayStar
- Scratcher
100+ posts
Spambot activity - How you can stop it
This is reaching a ridiculous level
I reported 32 (and it keeps going up) spam posts today, all with phone numbers, emails and websites. This is becoming unacceptable. I am asking for sign-up to have a capatcha, when people sign up they are mostly doing it with an adult, so they can help. I am worried that the Scratch forums may become unsafe.
I agree! The ST must create at least one of the suggested CAPTCHA right this moment!
Agree to above.
- ppettitt
- Scratcher
100+ posts
Spambot activity - How you can stop it
This is reaching a ridiculous levelMany kids will probably sign up with and adult, but I signed up without one. All I did was ask my parents if it was okay to sign up for Scratch, and they said it was okay. Many kids (especially the younger ones) probably will be signing up with an adult, but that doesn't mean all. I would go for the easier captcha Like the one Lirex suggested:
I reported 32 (and it keeps going up) spam posts today, all with phone numbers, emails and websites. This is becoming unacceptable. I am asking for sign-up to have a capatcha, when people sign up they are mostly doing it with an adult, so they can help. I am worried that the Scratch forums may become unsafe.
What about a CAPTCHA like this one?
thanks to that 3, w, or m?). I'd even think that XRumer might be able to get through it, but then again, the circular nature of the text might stump it.I modified it a bit to get this: I had some trouble reading that, and I'm still not sure what to put down (
I do like the design and colors, though.
My thoughts,
ErnieParke
Even if it doesn't stop all spam bots, it will stop some. And it could probably be solved by kids without an adult. So as long as it's easier so it can be read by kids, I agree with having a captcha on sign up.
The semicolon will never be forgotten!
;
- LuxrayStar
- Scratcher
100+ posts
Spambot activity - How you can stop it
I found a ton of spam posts made by “Different” Spammers, and each post has pretty much the same stuff.
Edit: It grew to almost a page of almost nothing but Spam!
Edit: It grew to almost a page of almost nothing but Spam!
Last edited by LuxrayStar (Feb. 11, 2014 17:59:06)
- cheeseeater
- Scratcher
1000+ posts
Spambot activity - How you can stop it
Thats what I saw! I found a ton of spam posts made by “Different” Spammers, and each post has pretty much the same stuff.
Edit: It grew to almost a page of almost nothing but Spam!
- scratchisthebest
- Scratcher
1000+ posts
Spambot activity - How you can stop it
At this point, any captcha is good. It doesn't matter if it's perfect, as long as it slows down a few bots.
I am a Lava Expert
- cheeseeater
- Scratcher
1000+ posts
Spambot activity - How you can stop it
Exactly. A few people are turning down the good ideas to try and think of the At this point, any captcha is good. It doesn't matter if it's perfect, as long as it slows down a few bots.perfect spam busters. Nothing is perfect. Because there is always a case of HTML5 not supported, or it being too hard. If we just stick to a normal capacha of some sort, then spam would go way down. How many spam-bot even have XRumer software in them? If it can get though a lot of capatchas then it must be expensive. I doubt many have it. (Unless they develop it themselves).
EDIT: Just after posting this, I reported 3 more spam-bot topics.
Last edited by cheeseeater (Feb. 12, 2014 06:42:55)
- ScratchJahd2011
- Scratcher
500+ posts
Spambot activity - How you can stop it
I suggest someone contacting the ST and telling them to make one of the CAPTCHAs here. The spambots are getting out of hand!
…..
- cheeseeater
- Scratcher
1000+ posts
Spambot activity - How you can stop it
4 (and probably counting) on the New Scratchers forum. All the same bot, about magic. It seems to be in another language, and broken English. There are emails, phone numbers, and site, that I can guarantee are dangerous. I seem to remember this type of spam yesterday, there were heaps of it. Now they know how weak Scratch is, they will just keep coming back…
- QuillzToxic
- Scratcher
1000+ posts
Spambot activity - How you can stop it
Nothing is permanent
Last edited by QuillzToxic (Feb. 15, 2014 10:47:11)
- Discussion Forums
- » Suggestions
- » Spambot activity - How you can stop it