Nao

  • Dadman with a boy
  • Posts: 16,079
Bad Behavior
« on May 7th, 2011, 01:03 PM »
Feature: Bad Behavior
Developer: Arantor
Target: users, admins
Status: 99% (complete, needs testing in specific situations. Needs a UI for checking out the intrusion log.)
Comment:

This adds Bad Behavior protection to Wedge. It is integrated into the code and always executed. It's also very fast, so don't worry about performance. Bad Behavior's goal is to keep as much spam out of your forum by detecting any suspect behavior from a user that might link them to actually being a poorly programmed spam bot. If by any chance, an actual user has their action refused by Wedge, they will receive a proper error message and they can forward it to the admin (or the Wedge authors) along with a description of what they attempted to do.

Re: Bad Behavior
« Reply #1, on October 29th, 2012, 04:07 PM »
Was just looking for somewhere to ask this very question.

Bad Behaviour is a good first line of defence but are there any future anti spam measures anticipated.

We currently use Bad Behaviour in conjunction with Stop Spammer. Bad Behaviour seems to be having limited effect, its all set up perfectly, honeypots and everything else, and in the last 7 days its stopped 382 intrusions, but there are still huge amounts that get past it.

The stop spammer mod linked above is absolutely superb, We are well into 5 digits for spammers blocked (it checks email address, username and ip address) and as yet ive (europe based) not had to delete a single spammer although my aussie mods say they have deleted a handful from that timezone.

Would be interested to know what the anti spam plans are going forward (but appreciate you all have a lot on)

Re: Bad Behavior
« Reply #2, on October 29th, 2012, 04:17 PM »
I'm pretty sure I documented everything anyway, but nevertheless...

Bad Behaviour is integrated - tightly, it's not the same as you see on the Bad Behaviour site and for several reasons (it runs later in the process so things like translations are available, amongst other things), and that it's actually faster than the main BB implementation as far as I can tell but the speed difference is tiny.

There is a new CAPTCHA in Wedge, which has all new styles and just for good measure also has animated CAPTCHAs (yes, they're carefully written so as not to cause trouble with epilepsy, no, they haven't been broken in an automated fashion yet but it is pretty much inevitable), but the main line of defence is what it has been in SMF for years: admins writing *good* questions in the Q&A. Though Wedge's setup is stronger because it allows for multiple language questions with multiple options of answer per question.

There are a few other tricks of the trade added too, certain places have time gates (if the form is submitted too quickly, for example), other places have a few other tricks I don't really want to talk about without giving things away, but the spam rate here is pretty low - and there's nothing like Stop Spammer added here.

Not that I put any faith in Stop Spammer, which uses the SFS database which is still way too easy to get blacklisted accidentally in.

Re: Bad Behavior
« Reply #3, on October 29th, 2012, 04:27 PM »
thanks for that.

Sorry to ask things already answered. Have been browsing the site for about a year but still finding my way around. Theres a huge amount of info here.

Yes, the stop spammer isnt totally perfect although it puts things its not sure about in an approval queue so you can individually check certain users. The extra work on captchas etc sounds good. I guess its one of these things that once tested in a real world environment will prove its worth.

Many thanks.

Re: Bad Behavior
« Reply #4, on October 29th, 2012, 04:28 PM »
You do know that we've been running Wedge here for 6 months, right? ;)

Re: Bad Behavior
« Reply #5, on October 29th, 2012, 05:21 PM »
Quote from Arantor on October 29th, 2012, 04:28 PM
You do know that we've been running Wedge here for 6 months, right? ;)
Yup.

That would account for the lack of shoe spammers. :D

the downside of running a cycling forum, is because of some of the topics of discussion you tend to get an awful lot of persistent spammers trying to sell doping products.

Re: Bad Behavior
« Reply #6, on October 29th, 2012, 05:32 PM »
Heh, I can imagine.

But there are other neat tools that you can use, actually. We have the moderation filters system, which lets you moderate or even simply reject posts that contain certain words, and be selective about it.

To take your example, let us suppose that we have a drug called Unobtainium that is a doping agent. You can moderate any post that contains it, prevent any post that contains it, or you can limit it so that the post will be moderated or refused if the user has less than 10 posts, or is only in certain boards, or is posted by a non administrator. It's *very* flexible like that. ;)

Re: Bad Behavior
« Reply #7, on February 8th, 2013, 11:02 PM »
Quote from Arantor on October 29th, 2012, 05:32 PM
But there are other neat tools that you can use, actually. We have the moderation filters system, which lets you moderate or even simply reject posts that contain certain words, and be selective about it.
This reminds me... Moderation filters are a big plus in Wedge's feature list, yet it isn't in the Features sub-boards.
I remember I built that board topic list out of a long study of commits 1-700 or 1-750 approximately, meaning there are currently up to 1200 undocumented commits that contain many features we never advertised on these boards...

I'm not suggesting that anyone gets to work and builds a list of extra features... But we'll definitely have to do it at some point. :-/

Re: Bad Behavior
« Reply #8, on February 8th, 2013, 11:08 PM »
I think what will be far simpler is to just go through and review the features added/removed by comparison to SMF at the end, heh.

I will add the mod filters item to the Features board, meant to do it already.

Re: Bad Behavior
« Reply #9, on February 8th, 2013, 11:40 PM »
Quote from Arantor on February 8th, 2013, 11:08 PM
I think what will be far simpler is to just go through and review the features added/removed by comparison to SMF at the end, heh.
Ah, if only...!

"It is only with the heart that one can see rightly; what is essential is invisible to the eye." (Le Petit Prince)
Quote
I will add the mod filters item to the Features board, meant to do it already.
One of the 'easiest' ways to comb through the code would be to sort for anything starting with a '+'... At least in my commits, I use it to mention additions, rather than (less important) modifications.

Anyway... Time for bed. I did well today.