Profile spam

[MikeMarsUK]

Les found that spammy user accounts are being created:

​http://climateapps1.oucs.ox.ac.uk/beta/top_users.php?sort_by=total_credit&offset=240

With profiles such as the following:

​http://climateapps1.oucs.ox.ac.uk/beta/view_profile.php?userid=427

If the serverside web pages were to be changed so that profiles are hidden until credit > 0, then that would mean that there would be no point in creating the new accounts (since they're just there as googlebait).

I'd also suggest that moderators could do some of the profile screening work, since that would make the profile screening option more practical (I'm sure the admins have better things to do than screen 100 or more profiles every day).

There would be no point in using Akismet to check the profiles, since in it's current form the Boinc Akismet implementation is completely useless (far too many false positives on PMs and forum posts). This is because it isn't being trained to recognise false positives. Perhaps moderators could do the training work (i.e., checking flagged PMs/forum posts/profiles to see if they are OK). Of course on PMs there is a privacy expectation, so the user would need to be asked whether they want the PM to be manually checked by a moderator to see if it's OK.

I put this as 'major' since there is the potential for thousands of profiles to be created in a short time, but if you feel that this priority is inappropriate please change it.

[MikeMarsUK]

I note that the Boinc devs are already aware of the issue:

​http://lists.ssl.berkeley.edu/pipermail/boinc_dev/2007-September/008784.html

Perhaps Moderators could be given a button which will allow them to hide profiles.

[Nicolas]

We need to check what mechanism they are using to create the account. Adding a captcha to create_account_form.php would help, unless they are using the same mechanism the core client or account managers use.

[MikeMarsUK]

There are no computers listed against the spammy accounts, does that help to pinpoint the route?

---

If the serverside web pages were to be changed so that profiles are hidden until credit > 0, then that would mean that there would be no point in creating the new accounts (since they're just there as googlebait).

If this is done, then the homepage/URL should also be hidden until credit > 0.

The name of the user is also spammy, which is harder to deal with. The user might potentially be exported to stats sites, which would make them even more useful to spammers (since it'd be multiple sites and links from one single account registration). Are zero credit users exported in the XML?

[MikeMarsUK]

... and prevent zero-RAC users becoming UoTD.

​http://www.climateprediction.net/board/viewtopic.php?p=68080#68080

[Rytis]

I changed the code to require RAC>1. I like the idea to hide profiles until there is credit. I will also be working on Akismet code to enable training so that it can actually be used.

[MikeMarsUK]

Is there any protection against rogue users creating unlimited numbers of spammy teams?

I don't think it'd be popular blocking team creation if credit = 0 since teams like Synergy and so forth will typically be created when a project first opens, and the creator probably won't have credit yet.

[MikeMarsUK]

Thanks Rytis, I appreciate you looking at this issue - it should help a lot :-)

[Ageless]

Is it also possible to have Akismet check on user names? So that if you make a user name with one of the forbidden words in, that it will not let you? Or would that mean you need to rewrite a big portion of the code for Akismet (or any other spam checker) to integrate correctly?

[Ageless]

reCAPTCHAs added in [13961] -> closed.