tag:help.lighthouseapp.com,2008-09-20:/discussions/problems/1791-spammers-taking-overLighthouse: Discussion 2012-05-18T23:11:52Ztag:help.lighthouseapp.com,2008-09-20:Comment/22964822010-10-30T08:12:01Z2010-10-30T08:12:01ZSpammers taking over<div><p>I think it will make more sense if you allow the ticket moderators (the ones to whom you can assign tickets too) to delete/block specific users. They have already been given powers by the 'admin' so they can be trusted with this ability. Also a captcha on the sign up form would do a world of good. But most importantly you need to limit the nos of comments/tickets that can be made in a short period of time. You <em>have</em> to present a captcha if a user makes too many comments within a minute.</p>
<p>Take for example this spammer: <a href="https://rails.lighthouseapp.com/users/122552">https://rails.lighthouseapp.com/users/122552</a> I have flagged many of it's comments as spam but of what use is the flagging tool? You can't expect too many users to be active on a issue tracker, therefore by the time a spamming account gets flagged enough nos of times, it has already done the damage. Basically, It doesn't stop the spam. Knowing this the person who is doing this can easily make new accounts and continue spamming.</p>
<p>I understand that not too many projects face this problem of spam and that too at such a magnitude but this problem is seriously affecting the capability of the genuine users who wish to help out with the issues.</p></div>Rohit Arondekartag:help.lighthouseapp.com,2008-09-20:Comment/22964822010-10-30T19:47:06Z2010-10-30T19:47:06ZSpammers taking over<div><p>Agreed about ticket moderators blocking and deleting users. Would make it a lot easier, and deleting a user should remove all of their posts as well if they aren't already.</p>
<p>Also, it really should moderate the amount of posts someone is doing. I don't think anyone would have a problem with putting a timer on how often you can post. Say if you make more than 4 posts in under a minute, etc.</p>
<p>Also the 'Spam?' button shouldn't just be associated with a post, but rather a user. If they post in 10 different threads, and the user gets say 5 different posts marked as Spam, its safe to assume they're spamming and the user blocked.</p></div>Denis Odorcictag:help.lighthouseapp.com,2008-09-20:Comment/22964822010-10-31T06:40:08Z2010-10-31T06:40:08ZSpammers taking over<div><p>What about instituting some kind of moderation system? Even just a very basic one that held comments by new users which contained external links would probably be a sufficient deterrent, as the spammers are likely relying on a short-term Google bump from the post being around before deletion.</p></div>Matt Jonestag:help.lighthouseapp.com,2008-09-20:Comment/22964822010-10-31T06:56:37Z2010-10-31T06:56:37ZSpammers taking over<div><p>If a user gets a few flags in different posts, yes, they get taken<br />
down automatically. The user who flags them affects the speed at which<br />
we take down the user. It is actually working, but in the last two<br />
days a few have made it through.</p>
<p>No-one is going to moderate posts.</p>
<p>I'll institute a few more checks on content for untrusted users.</p></div>Tiger Teamtag:help.lighthouseapp.com,2008-09-20:Comment/22964822010-11-01T12:29:04Z2010-11-01T12:29:04ZSpammers taking over<div><p>And again: <a href="https://rails.lighthouseapp.com/users/122702">https://rails.lighthouseapp.com/users/122702</a></p>
<p>The flagging of spam tickets should be a last resort and personally I don't think it's even useful on a issue tracker. Because an issue tracker is not exactly an active forum -- by the time somebody notices the spam it's already too late.</p>
<p>Rate limitation and captcha's are a must. Allowing ticket moderators to block/delete users would complete the set of defense mechanisms.</p></div>Rohit Arondekartag:help.lighthouseapp.com,2008-09-20:Comment/22964822010-11-01T12:40:14Z2010-11-01T12:40:14ZSpammers taking over<div><p>P.S I understand that you'll have worked very hard on getting those features into Lighthouse but like I've said before, this spam problem seems to be unique to Rails. Looks like somebody has a real issue with Rails. :P Also I sincerely believe that the rate limitation and captcha's will help alleviate most of the spam issues.</p></div>Rohit Arondekartag:help.lighthouseapp.com,2008-09-20:Comment/22964822010-11-01T12:47:34Z2010-11-01T12:47:34ZSpammers taking over<div><p>I agree with Rohit.</p>
<p>Waiting for 3-4 different people before a spammer is identified is no good. Moderator's can definitely and responsibly identify a spammer. As far as corrective action is concerned, moderators should be able to delete the user simply (and alongwith it, all the spammer's posts and changes).</p>
<p>For preventative measures, I really urge you to ensure you have Captcha at signup and Captcha if you post more than X posts per minute. The captcha itself should be what you have here on this discussion board (not the ugly numbers one).</p>
<p>Moderators (almost all are volunteers) are the ones effected the most by spam, since we're watching most tickets. It really sucks when you suddenly have to wade thru 70 odd tickets to cherry pick real discussions.</p></div>Aditya Sanghitag:help.lighthouseapp.com,2008-09-20:Comment/22964822010-11-01T20:13:47Z2010-11-01T20:13:47ZSpammers taking over<div><p>Hi Guys,</p>
<p>Thanks for the feedback. We really want to solve this in a way that works for everyone.<br />
</p>
<p>Deleting a user has other effects in the system. A user profile is global and tied to many parts of a project.</p>
<p>I like the suggestions by Rohit and others.<br />
</p>
<p>1) Allowing project members (who are already deemed trustworthy by admins) to mark users as spammers is a good step. And it would also be good to immediately hide those user's comments and tickets from everyone else.</p>
<p>2) Captcha when creating a profile. This would go a long way in helping stop the flow of incoming spammers before they're able to wreak havoc on your project.</p>
<p>3) Rate limiting. I'm not completely sold on this one yet. But, if measures one and two didn't significantly help improve the spam problem then this might be the next logical step.</p></div>Justin Palmertag:help.lighthouseapp.com,2008-09-20:Comment/22964822010-11-01T21:25:15Z2010-11-01T21:25:15ZSpammers taking over<div><p>Would marking a user as spammer revert the changes for their comments or would that be something that is done when their comments are deleted? Just thinking like in the case a spammer changes the assigned to for the ticket, would that be reverted on marked as spam or deletion?</p>
<p>I'm really for a captcha on signup, that would stop the automated signup, but for the ones manually signing up it wouldn't.</p>
<p>I'm also very very much for rate limiting, much like Stack Overflow does it where if you post a question or answer in a quick succession to your previous one then it presents a captcha again. Whilst this would be slightly annoying for power users of Lighthouse, I think it would at least slow down the spammers if not deter them.</p>
<p>Sorry for brevity but I'm on my phone in a car on a freeway. Typing is not enjoyable.</p></div>Ryan Biggtag:help.lighthouseapp.com,2008-09-20:Comment/22964822010-11-01T22:14:29Z2010-11-01T22:14:29ZSpammers taking over<div><p>Untrusted users can't change anything about a ticket, they can only<br />
add a comment. This is something we fixed a few weeks ago.</p></div>Tiger Teamtag:help.lighthouseapp.com,2008-09-20:Comment/22964822011-02-19T01:51:54Z2011-02-19T01:51:54ZSpammers taking over<div><p>This continues to go on - to me, the single biggest irritant is
that once a post is marked as spam, it <em>can't</em> be deleted
via the web interface (gives an "invalid ticket comment" message in
the flash) and the links are still visible to Google.</p>
<p>In effect, good-intentioned users flagging a post makes the spam
immortal!</p>
<p>Any way we could make spam posts add rel="nofollow" to embedded
links? Or, failing that, at least allow them to be deleted?</p></div>Matt Jonestag:help.lighthouseapp.com,2008-09-20:Comment/22964822011-02-23T15:28:57Z2011-02-23T15:28:57ZSpammers taking over<div><p>Matt -</p>
<p>I've added your request to our further tweaking of spam.
Appreciate your patience.</p>
<p>Thanks,<br>
Nicole</p></div>Nicoletag:help.lighthouseapp.com,2008-09-20:Comment/22964822011-07-25T11:42:58Z2011-07-25T11:43:00ZSpammers taking over<div><p>Hello!<br>
Is there a possibility to:<br>
1. Mark whole topic as spam (and delete spam topic after 2..4 users
mark it as spam).<br>
2. Completely hide/remove spam comments. Comments with '(This
comment has been marked as spam)' are taking too much place.<br>
3. Revert age of topic to previous value after the last comment was
flagged as spam.<br>
4. Set autocomplete='off' in 'Verify Human' answer field here below
(Firefox is showing me my answers for previous posts).</p>
<p>Thank you for your support.</p></div>Victor