Opened 18 years ago
Closed 17 years ago
#400 closed Enhancement (fixed)
Profile spam
Reported by: | MikeMarsUK | Owned by: | Rytis |
---|---|---|---|
Priority: | Major | Milestone: | Undetermined |
Component: | Web - Forums | Version: | |
Keywords: | spam profile forum | Cc: |
Description ¶
Les found that spammy user accounts are being created:
http://climateapps1.oucs.ox.ac.uk/beta/top_users.php?sort_by=total_credit&offset=240
With profiles such as the following:
http://climateapps1.oucs.ox.ac.uk/beta/view_profile.php?userid=427
If the serverside web pages were to be changed so that profiles are hidden until credit > 0, then that would mean that there would be no point in creating the new accounts (since they're just there as googlebait).
I'd also suggest that moderators could do some of the profile screening work, since that would make the profile screening option more practical (I'm sure the admins have better things to do than screen 100 or more profiles every day).
There would be no point in using Akismet to check the profiles, since in it's current form the Boinc Akismet implementation is completely useless (far too many false positives on PMs and forum posts). This is because it isn't being trained to recognise false positives. Perhaps moderators could do the training work (i.e., checking flagged PMs/forum posts/profiles to see if they are OK). Of course on PMs there is a privacy expectation, so the user would need to be asked whether they want the PM to be manually checked by a moderator to see if it's OK.
I put this as 'major' since there is the potential for thousands of profiles to be created in a short time, but if you feel that this priority is inappropriate please change it.
Change History (9)
comment:1 Changed 18 years ago by
comment:2 Changed 18 years ago by
We need to check what mechanism they are using to create the account. Adding a captcha to create_account_form.php would help, unless they are using the same mechanism the core client or account managers use.
comment:3 Changed 18 years ago by
There are no computers listed against the spammy accounts, does that help to pinpoint the route?
If the serverside web pages were to be changed so that profiles are hidden until credit > 0, then that would mean that there would be no point in creating the new accounts (since they're just there as googlebait).
If this is done, then the homepage/URL should also be hidden until credit > 0.
The name of the user is also spammy, which is harder to deal with. The user might potentially be exported to stats sites, which would make them even more useful to spammers (since it'd be multiple sites and links from one single account registration). Are zero credit users exported in the XML?
comment:4 Changed 18 years ago by
... and prevent zero-RAC users becoming UoTD.
http://www.climateprediction.net/board/viewtopic.php?p=68080#68080
comment:5 Changed 18 years ago by
Status: | new → assigned |
---|
I changed the code to require RAC>1. I like the idea to hide profiles until there is credit. I will also be working on Akismet code to enable training so that it can actually be used.
comment:6 Changed 18 years ago by
Is there any protection against rogue users creating unlimited numbers of spammy teams?
I don't think it'd be popular blocking team creation if credit = 0 since teams like Synergy and so forth will typically be created when a project first opens, and the creator probably won't have credit yet.
comment:7 Changed 18 years ago by
Thanks Rytis, I appreciate you looking at this issue - it should help a lot :-)
comment:8 Changed 17 years ago by
Is it also possible to have Akismet check on user names? So that if you make a user name with one of the forbidden words in, that it will not let you? Or would that mean you need to rewrite a big portion of the code for Akismet (or any other spam checker) to integrate correctly?
comment:9 Changed 17 years ago by
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
reCAPTCHAs added in [13961] -> closed.
I note that the Boinc devs are already aware of the issue:
http://lists.ssl.berkeley.edu/pipermail/boinc_dev/2007-September/008784.html
Perhaps Moderators could be given a button which will allow them to hide profiles.