Any chance that the titles or tags that were changed by spammers can be reverted? For example if you go to page 7 of rails tickets, half of them on that page are set to 'Add magic encoding comment to generated files'. Can the timestamps of 'last updated' be reverted from the spammers too? Really old tickets have re emerged.
The rails tickets right now are a mess. It's going to be hell to have to go through them manually and fix all of this.
I think it will make more sense if you allow the ticket moderators (the ones to whom you can assign tickets too) to delete/block specific users. They have already been given powers by the 'admin' so they can be trusted with this ability. Also a captcha on the sign up form would do a world of good. But most importantly you need to limit the nos of comments/tickets that can be made in a short period of time. You have to present a captcha if a user makes too many comments within a minute.
Take for example this spammer: https://rails.lighthouseapp.com/users/122552 I have flagged many of it's comments as spam but of what use is the flagging tool? You can't expect too many users to be active on a issue tracker, therefore by the time a spamming account gets flagged enough nos of times, it has already done the damage. Basically, It doesn't stop the spam. Knowing this the person who is doing this can easily make new accounts and continue spamming.
I understand that not too many projects face this problem of spam and that too at such a magnitude but this problem is seriously affecting the capability of the genuine users who wish to help out with the issues.
Agreed about ticket moderators blocking and deleting users. Would make it a lot easier, and deleting a user should remove all of their posts as well if they aren't already.
Also, it really should moderate the amount of posts someone is doing. I don't think anyone would have a problem with putting a timer on how often you can post. Say if you make more than 4 posts in under a minute, etc.
Also the 'Spam?' button shouldn't just be associated with a post, but rather a user. If they post in 10 different threads, and the user gets say 5 different posts marked as Spam, its safe to assume they're spamming and the user blocked.
What about instituting some kind of moderation system? Even just a very basic one that held comments by new users which contained external links would probably be a sufficient deterrent, as the spammers are likely relying on a short-term Google bump from the post being around before deletion.
Support Staff37 Posted by Courtenay on 31 Oct, 2010 06:56 AM
If a user gets a few flags in different posts, yes, they get taken
down automatically. The user who flags them affects the speed at which
we take down the user. It is actually working, but in the last two
days a few have made it through.
No-one is going to moderate posts.
I'll institute a few more checks on content for untrusted users.
The flagging of spam tickets should be a last resort and personally I don't think it's even useful on a issue tracker. Because an issue tracker is not exactly an active forum -- by the time somebody notices the spam it's already too late.
Rate limitation and captcha's are a must. Allowing ticket moderators to block/delete users would complete the set of defense mechanisms.
P.S I understand that you'll have worked very hard on getting those features into Lighthouse but like I've said before, this spam problem seems to be unique to Rails. Looks like somebody has a real issue with Rails. :P Also I sincerely believe that the rate limitation and captcha's will help alleviate most of the spam issues.
40 Posted by Aditya Sanghi on 01 Nov, 2010 12:47 PM
I agree with Rohit.
Waiting for 3-4 different people before a spammer is identified is no good. Moderator's can definitely and responsibly identify a spammer. As far as corrective action is concerned, moderators should be able to delete the user simply (and alongwith it, all the spammer's posts and changes).
For preventative measures, I really urge you to ensure you have Captcha at signup and Captcha if you post more than X posts per minute. The captcha itself should be what you have here on this discussion board (not the ugly numbers one).
Moderators (almost all are volunteers) are the ones effected the most by spam, since we're watching most tickets. It really sucks when you suddenly have to wade thru 70 odd tickets to cherry pick real discussions.
Thanks for the feedback. We really want to solve this in a way that works for everyone.
Deleting a user has other effects in the system. A user profile is global and tied to many parts of a project.
I like the suggestions by Rohit and others.
1) Allowing project members (who are already deemed trustworthy by admins) to mark users as spammers is a good step. And it would also be good to immediately hide those user's comments and tickets from everyone else.
2) Captcha when creating a profile. This would go a long way in helping stop the flow of incoming spammers before they're able to wreak havoc on your project.
3) Rate limiting. I'm not completely sold on this one yet. But, if measures one and two didn't significantly help improve the spam problem then this might be the next logical step.
Would marking a user as spammer revert the changes for their comments or would that be something that is done when their comments are deleted? Just thinking like in the case a spammer changes the assigned to for the ticket, would that be reverted on marked as spam or deletion?
I'm really for a captcha on signup, that would stop the automated signup, but for the ones manually signing up it wouldn't.
I'm also very very much for rate limiting, much like Stack Overflow does it where if you post a question or answer in a quick succession to your previous one then it presents a captcha again. Whilst this would be slightly annoying for power users of Lighthouse, I think it would at least slow down the spammers if not deter them.
Sorry for brevity but I'm on my phone in a car on a freeway. Typing is not enjoyable.
This continues to go on - to me, the single biggest irritant is
that once a post is marked as spam, it can't be deleted
via the web interface (gives an "invalid ticket comment" message in
the flash) and the links are still visible to Google.
In effect, good-intentioned users flagging a post makes the spam
Any way we could make spam posts add rel="nofollow" to embedded
links? Or, failing that, at least allow them to be deleted?
Is there a possibility to:
1. Mark whole topic as spam (and delete spam topic after 2..4 users
mark it as spam).
2. Completely hide/remove spam comments. Comments with '(This
comment has been marked as spam)' are taking too much place.
3. Revert age of topic to previous value after the last comment was
flagged as spam.
4. Set autocomplete='off' in 'Verify Human' answer field here below
(Firefox is showing me my answers for previous posts).