• Save 15% on ALL SFF Network merch, until Dec 31st! Use code SFF2024 at checkout. Click here!

Forum spam attack

confusis

John Morrison. Founder and Team Leader of SFF.N
SFF Network
SFF Workshop
SFFn Staff
Jun 19, 2015
4,347
7,462
sff.network
To be honest, my favourite anti-spam tool, and the only one we can reveal, is the report function. Our users are fantastic at finding spam and letting us know about it, so we can deal with it! We appreciate the help :)
 

Choidebu

"Banned"
Original poster
Aug 16, 2017
1,199
1,205
Yea when I saw the attack last night there were no admins/mods (that I know of) online. So I report one of the spam post hoping some email notif will fly out and find you guys.

About anti spam tactics, honestly, it's not as crucial to keep it a secret and not discuss it publicly. 'Security through obfuscation' never works. In the net it's all transparent. With heuristics and network any bot can retry, disperse and retry again. Captcha works. If you need anything more sophisticated than that, then this must be a CIA forum or something and spamming would be the last of your concern.

By the way it looks korean but on my mobile at least some japanese hiragana are mixed up as well. Dunno why.

Edit: it doesn't have to be captcha. One of those 'I'm not a robot' checkboxes is fine too
 

Biowarejak

Maker of Awesome | User 1615
Platinum Supporter
Mar 6, 2017
1,744
2,262
Yea when I saw the attack last night there were no admins/mods (that I know of) online. So I report one of the spam post hoping some email notif will fly out and find you guys.

About anti spam tactics, honestly, it's not as crucial to keep it a secret and not discuss it publicly. 'Security through obfuscation' never works. In the net it's all transparent. With heuristics and network any bot can retry, disperse and retry again. Captcha works. If you need anything more sophisticated than that, then this must be a CIA forum or something and spamming would be the last of your concern.

By the way it looks korean but on my mobile at least some japanese hiragana are mixed up as well. Dunno why.

Edit: it doesn't have to be captcha. One of those 'I'm not a robot' checkboxes is fine too
I mean those checkboxes are technically still captcha :)
 

jØrd

S̳C̳S̳I̳ ̳f̳o̳r̳ ̳l̳i̳f̳e̳
sudocide.dev
SFFn Staff
Gold Supporter
LOSIAS
Jul 19, 2015
818
1,359
About anti spam tactics, honestly, it's not as crucial to keep it a secret and not discuss it publicly. 'Security through obfuscation' never works.

Sure but having a thread discussing it in depth is essentially telling anyone who cares to read it specifically how to work around the measures that are in place on this forum in particular, its an arms race so its safe to assume thats a thing that will happen anyway but making it easier isnt something that makes any sense. its not security through obscurity or obfuscation, its a defence in depth thing. Think of an SSH server, you might run a key w/ a passphrase & another factor such as one time pass codes or a ubikey or whatever but then also put it on a non-standard port and disable root login. Some of those measures would be considered security through obscurity but when used as part of a larger strategy they reduce your attack surface. the same applies to dealing w/ spam in some respects.

I believe we're here to give input & discuss suggestions.

Definitely not to ask forum admins to post the anti-spam tactics.. :cool:
The point i was aiming to make is that you likely wont receive any feedback or discussion from moderators / staff about your ideas or proposals in anything that even resembles specificity.

EDIT: typos
EDIT: its also worth noting that some of the moderators run w/ the hidden account feature turned on (this is a feature available to any user account that prevent them from being marked as online in the user list and such) so it wont always be obvious when those people are online.