Spammers taking over

Rohit Arondekar's Avatar

Rohit Arondekar

19 Jul, 2010 09:11 AM

The Rails LH is being taken over by spammers!

Example of a spam comment:

I've found the following accounts to be spamming, can you please delete/ban them?

Does LH have a spam filter? If not is there any way of having some kind of a captcha while signing up for an account?

Showing page 2 out of 2. View the first page

  1. 31 Posted by Rohit Arondekar on 30 Oct, 2010 08:12 AM

    Rohit Arondekar's Avatar

    I think it will make more sense if you allow the ticket moderators (the ones to whom you can assign tickets too) to delete/block specific users. They have already been given powers by the 'admin' so they can be trusted with this ability. Also a captcha on the sign up form would do a world of good. But most importantly you need to limit the nos of comments/tickets that can be made in a short period of time. You have to present a captcha if a user makes too many comments within a minute.

    Take for example this spammer: I have flagged many of it's comments as spam but of what use is the flagging tool? You can't expect too many users to be active on a issue tracker, therefore by the time a spamming account gets flagged enough nos of times, it has already done the damage. Basically, It doesn't stop the spam. Knowing this the person who is doing this can easily make new accounts and continue spamming.

    I understand that not too many projects face this problem of spam and that too at such a magnitude but this problem is seriously affecting the capability of the genuine users who wish to help out with the issues.

  2. 32 Posted by Denis Odorcic on 30 Oct, 2010 07:47 PM

    Denis Odorcic's Avatar

    Agreed about ticket moderators blocking and deleting users. Would make it a lot easier, and deleting a user should remove all of their posts as well if they aren't already.

    Also, it really should moderate the amount of posts someone is doing. I don't think anyone would have a problem with putting a timer on how often you can post. Say if you make more than 4 posts in under a minute, etc.

    Also the 'Spam?' button shouldn't just be associated with a post, but rather a user. If they post in 10 different threads, and the user gets say 5 different posts marked as Spam, its safe to assume they're spamming and the user blocked.

  3. 33 Posted by Matt Jones on 31 Oct, 2010 06:40 AM

    Matt Jones's Avatar

    What about instituting some kind of moderation system? Even just a very basic one that held comments by new users which contained external links would probably be a sufficient deterrent, as the spammers are likely relying on a short-term Google bump from the post being around before deletion.

  4. Support Staff 34 Posted by Tiger Team on 31 Oct, 2010 06:56 AM

    Tiger Team's Avatar

    If a user gets a few flags in different posts, yes, they get taken
    down automatically. The user who flags them affects the speed at which
    we take down the user. It is actually working, but in the last two
    days a few have made it through.

    No-one is going to moderate posts.

    I'll institute a few more checks on content for untrusted users.

  5. 35 Posted by Rohit Arondekar on 01 Nov, 2010 12:29 PM

    Rohit Arondekar's Avatar

    And again:

    The flagging of spam tickets should be a last resort and personally I don't think it's even useful on a issue tracker. Because an issue tracker is not exactly an active forum -- by the time somebody notices the spam it's already too late.

    Rate limitation and captcha's are a must. Allowing ticket moderators to block/delete users would complete the set of defense mechanisms.

  6. 36 Posted by Rohit Arondekar on 01 Nov, 2010 12:40 PM

    Rohit Arondekar's Avatar

    P.S I understand that you'll have worked very hard on getting those features into Lighthouse but like I've said before, this spam problem seems to be unique to Rails. Looks like somebody has a real issue with Rails. :P Also I sincerely believe that the rate limitation and captcha's will help alleviate most of the spam issues.

  7. 37 Posted by Aditya Sanghi on 01 Nov, 2010 12:47 PM

    Aditya Sanghi's Avatar

    I agree with Rohit.

    Waiting for 3-4 different people before a spammer is identified is no good. Moderator's can definitely and responsibly identify a spammer. As far as corrective action is concerned, moderators should be able to delete the user simply (and alongwith it, all the spammer's posts and changes).

    For preventative measures, I really urge you to ensure you have Captcha at signup and Captcha if you post more than X posts per minute. The captcha itself should be what you have here on this discussion board (not the ugly numbers one).

    Moderators (almost all are volunteers) are the ones effected the most by spam, since we're watching most tickets. It really sucks when you suddenly have to wade thru 70 odd tickets to cherry pick real discussions.

  8. 38 Posted by Justin Palmer on 01 Nov, 2010 08:13 PM

    Justin Palmer's Avatar

    Hi Guys,

    Thanks for the feedback. We really want to solve this in a way that works for everyone.

    Deleting a user has other effects in the system. A user profile is global and tied to many parts of a project.

    I like the suggestions by Rohit and others.

    1) Allowing project members (who are already deemed trustworthy by admins) to mark users as spammers is a good step. And it would also be good to immediately hide those user's comments and tickets from everyone else.

    2) Captcha when creating a profile. This would go a long way in helping stop the flow of incoming spammers before they're able to wreak havoc on your project.

    3) Rate limiting. I'm not completely sold on this one yet. But, if measures one and two didn't significantly help improve the spam problem then this might be the next logical step.

  9. 39 Posted by Ryan Bigg on 01 Nov, 2010 09:25 PM

    Ryan Bigg's Avatar

    Would marking a user as spammer revert the changes for their comments or would that be something that is done when their comments are deleted? Just thinking like in the case a spammer changes the assigned to for the ticket, would that be reverted on marked as spam or deletion?

    I'm really for a captcha on signup, that would stop the automated signup, but for the ones manually signing up it wouldn't.

    I'm also very very much for rate limiting, much like Stack Overflow does it where if you post a question or answer in a quick succession to your previous one then it presents a captcha again. Whilst this would be slightly annoying for power users of Lighthouse, I think it would at least slow down the spammers if not deter them.

    Sorry for brevity but I'm on my phone in a car on a freeway. Typing is not enjoyable.

  10. Support Staff 40 Posted by Tiger Team on 01 Nov, 2010 10:14 PM

    Tiger Team's Avatar

    Untrusted users can't change anything about a ticket, they can only
    add a comment. This is something we fixed a few weeks ago.

  11. 41 Posted by Matt Jones on 19 Feb, 2011 01:51 AM

    Matt Jones's Avatar

    This continues to go on - to me, the single biggest irritant is that once a post is marked as spam, it can't be deleted via the web interface (gives an "invalid ticket comment" message in the flash) and the links are still visible to Google.

    In effect, good-intentioned users flagging a post makes the spam immortal!

    Any way we could make spam posts add rel="nofollow" to embedded links? Or, failing that, at least allow them to be deleted?

  12. 42 Posted by Nicole on 23 Feb, 2011 03:28 PM

    Nicole's Avatar

    Matt -

    I've added your request to our further tweaking of spam. Appreciate your patience.


  13. 43 Posted by Victor on 25 Jul, 2011 11:42 AM

    Victor's Avatar

    Is there a possibility to:
    1. Mark whole topic as spam (and delete spam topic after 2..4 users mark it as spam).
    2. Completely hide/remove spam comments. Comments with '(This comment has been marked as spam)' are taking too much place.
    3. Revert age of topic to previous value after the last comment was flagged as spam.
    4. Set autocomplete='off' in 'Verify Human' answer field here below (Firefox is showing me my answers for previous posts).

    Thank you for your support.

  14. Will Duncan closed this discussion on 28 Jul, 2011 07:48 AM.

Discussions are closed to public comments.
If you need help with Lighthouse please start a new discussion.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac