Show Navigation
Conversation
Notices
-
!Hubzilla Support Forum Due to a bad privacy setting on my behalf, my moderation queue is flooded with spam. Is there an easy way to just wipe the entire queue? Trying to click Delete on every single item takes forever, and due to a lack of paging, it's impossible to know where the end of the spam is.
-
sry not an answer to your question.
but thought something like this would be needed to prevent it (forgot it's name, that's why I upload an image of an example)
-
Yeah, I agree, some form of CAPTCHA would be useful for accounts that want to allow anyone on the Internet to comment.
-
Hm... CAPTCHA? Kind of kills all privacy to use a third party service... #justsayin'
-
well, you could also host a captcha at the same site. No need to use a third party service per se.
-
yes. the captcha I showed is a self-hosted one.
-
An extra field on a form worded so that hunans don't fill it in can help stop a lot of spam on open comment forms.
(can say anything as long as any human seeing it leaves it blank)
and you can hide it with css
(so anyone using a modern browser doesn't even have to see that field - don't do that inline though - spambots look at the form, but probably not many would bother looking at separate css files)
Spambots often put random rubbish into every field (I guess in case it turns out to be required)
then if theres something in the field block them from posting!
There are lots of little tricks like that you can do if you think about how spambots behave ..
Another thing that could help is if they send a user-agent string that looks like a common browser, check that it behaves like that browser. (there are lots of things you could check along those lines and if you are careful about it possibly without even blocking the occasional human that might turn up using an ancient browser)
Spambots often try to look like commonly used browers to avoid being blocked by their user-agent string but they are actually more likely to be just scripts without a lot of the features of the browsers they try to look like.
also ANY not-common extra step in the posting process could trip up a lot of the more stupid bots.
eg perhaps an extra stip that shows something the user needs to copy into a field in another step - with a separate form - just another idea
pretty much anything thats different to common cms default forms could trip up a lot of the more stupid bots.
regarding captchas try to make sure they don't lock out real humans!
(eg someone with poor eyesight or using a screenreader could have problems getting though image based captchas - and if its something like a puzzle make sure its easy enough for humans wanting to post to work out the right answer!)
- blocklists like stopforumspam, etc can also help
though I think for those its better to download blocklist data daily (eg with a script in cron)
and do the checks locally on locally-cached data rather than doing the checks the way some of those blockists suggest (which would involve waiting for a request to send te ip to their site)
I don't think its a good idea to leave people waiting for anything to do an external request,
and it could be a privacy issue for real users.
Doing a daily download of blocklist data and doing the checks against locally cached data avoids those privacy and latency/reliability issues.
you probably don't need to go that far for moderated comments though
try the tricks based on the differences in behaviour between stupid bots and humans first.
most bots are not very smart .
also while on this topic I should also say it would probably also be a good idea to change the paths of the registration and login forms so they don't have words related to those things in their paths.
I've seen a lot of requests turn up in web server logs over the years for paths with names that look related to login or registration forms that don't exist and aren't linked from anywhere, but are probably where some commoly used cms put their rego and login forms by default.
It looks like some bots that just try those common paths in case there's something there.
Those kinds of 404 requests are almost certainly NOT humans and probably not nice.
There is a very small minority of smarter bots out there that can get though email verification to register on websites, so tripping up bots in registration and login forms or making those things less easily discoverable by spambots is also worth looking at.
-
A checkbox "I'm a bot [ ]"
-
A checkbox "I'm a bot [ ]"
Just to be sure give it some of the crappy "What symbols do you see"-Captchas below so that the bot feels challenged ;)
-
Back to the original problem since I didn't see any sign of it being resolved yet.
delete from item where item_blocked = 4
This will remove any moderated items on your server, including those owned by others. If you want to be more specific add "and uid = xx" replacing xx with your channel_id.
This is begging for improvement.
-
Perfect, thank you Mike!