To be honest, my favourite anti-spam tool, and the only one we can reveal, is the report function. Our users are fantastic at finding spam and letting us know about it, so we can deal with it! We appreciate the help 
Yea when I saw the attack last night there were no admins/mods (that I know of) online. So I report one of the spam post hoping some email notif will fly out and find you guys.
About anti spam tactics, honestly, it's not as crucial to keep it a secret and not discuss it publicly. 'Security through obfuscation' never works. In the net it's all transparent. With heuristics and network any bot can retry, disperse and retry again. Captcha works. If you need anything more sophisticated than that, then this must be a CIA forum or something and spamming would be the last of your concern.
By the way it looks korean but on my mobile at least some japanese hiragana are mixed up as well. Dunno why.
Edit: it doesn't have to be captcha. One of those 'I'm not a robot' checkboxes is fine too
About anti spam tactics, honestly, it's not as crucial to keep it a secret and not discuss it publicly. 'Security through obfuscation' never works. In the net it's all transparent. With heuristics and network any bot can retry, disperse and retry again. Captcha works. If you need anything more sophisticated than that, then this must be a CIA forum or something and spamming would be the last of your concern.
By the way it looks korean but on my mobile at least some japanese hiragana are mixed up as well. Dunno why.
Edit: it doesn't have to be captcha. One of those 'I'm not a robot' checkboxes is fine too
- Jul 19, 2015
- 818
- 1,359
Sure but having a thread discussing it in depth is essentially telling anyone who cares to read it specifically how to work around the measures that are in place on this forum in particular, its an arms race so its safe to assume thats a thing that will happen anyway but making it easier isnt something that makes any sense. its not security through obscurity or obfuscation, its a defence in depth thing. Think of an SSH server, you might run a key w/ a passphrase & another factor such as one time pass codes or a ubikey or whatever but then also put it on a non-standard port and disable root login. Some of those measures would be considered security through obscurity but when used as part of a larger strategy they reduce your attack surface. the same applies to dealing w/ spam in some respects.
The point i was aiming to make is that you likely wont receive any feedback or discussion from moderators / staff about your ideas or proposals in anything that even resembles specificity.I believe we're here to give input & discuss suggestions.
Definitely not to ask forum admins to post the anti-spam tactics..
EDIT: typos
EDIT: its also worth noting that some of the moderators run w/ the hidden account feature turned on (this is a feature available to any user account that prevent them from being marked as online in the user list and such) so it wont always be obvious when those people are online.
