Fossil Forum

First spam attempt stopped by design
Login

First spam attempt stopped by design

Chronological

First spam attempt stopped by design

(1) By Warren Young (wyoung) on 2018-11-11 21:06:12 [link] [source]

After 111 days, this forum just fought off its first true spam posting. I don't mean nuisance or off-topic stuff from well-meaning but misguided Fossil users, I mean full-strength, no questions asked, go to jail and do not collect $200 spam.

From my semi-outsider perspective, I can see that someone signed up as a forum user and manually posted the message to get around the Fossil anti-bot barriers. I didn't see the moderation request notification until about 10 hours later, by which time one of the other moderators had already rejected it. Those of you not on moderation duty never even saw it.

I also see that that user's account has been deleted. Were measures taken to prevent that user from signing up again? IP block, perhaps?

Regardless, it appears that the implementation of Fossil forums — which was designed to be proof against spam — is working.

(2) By Stephan Beal (stephan) on 2018-11-11 21:20:37 in reply to 1 [link] [source]

Indeed, it works, but i'm concerned that the moderation overhead may increase over time as more bots arrive. It's easy to think "maybe the bots will give up when they meet with little or no success," but that's not been my experience :/.

i'll take this opportunity to warn users who set up their own fossil forums not to allow unmoderated traffic, because a the bots have finally arrived and will start spamming unmoderated forums.

(3) By anonymous on 2018-11-11 22:26:27 in reply to 1 [link] [source] 

> Regardless, it appears that the implementation of Fossil forums — which was
> designed to be proof against spam — is working.

Sure, even before Fossil Forum, the mailing list was not delivering spam to people; I cannot recall having seen even one piece of spam that was sent to the mailing list over the years.  This is not exactly much of a win to claim that Fossil Forum finally does what MLMs have already done for years (permit only subscribers or use moderation to thwart spam).

The primary difference now is that spammers cannot easily harvest email addresses; however, that also has the drawback that people cannot easily communicate with other members of the community except through the public postings on the Fossil Forum.

(4) By anonymous on 2018-11-11 23:15:46 in reply to 3 [link] [source]

Sure, even before Fossil Forum, the mailing list was not delivering spam to people; I cannot recall having seen even one piece of spam that was sent to the mailing list over the years. This is not exactly much of a win to claim that Fossil Forum finally does what MLMs have already done for years (permit only subscribers or use moderation to thwart spam).

The primary difference now is that spammers cannot easily harvest email addresses; however, that also has the drawback that people cannot easily communicate with other members of the community except through the public postings on the Fossil Forum.

I can remember this mailing list being hit by spammers heavily once or twice while being part of this community and definitively the forum is working better in that sense. But for me, the big advantage of forums over mailing list is to enable the communication between users of a particular Fossil repository, and having it in the same block chain (if desired). That is something that previous mailing list didn't provide.

Cheers,

Offray

(5) By anonymous on 2018-11-12 04:24:53 in reply to 4 [link] [source] 

> I can remember this mailing list being hit by spammers heavily once or twice 
> while being part of this community and definitively the forum is working
> better in that sense.

I challenge you to find one instance of spam being sent to the mailing list.  Archives are here:

https://marc.info/?l=fossil-users

I'll be extremely impressed if you can find one.

Spammers targetted individual users maybe, but again, I don't recall having ever seen spam be sent to the mailing list or delivered to subscribers via the mailing list.

(6) By Warren Young (wyoung) on 2018-11-12 08:32:22 in reply to 5 [link] [source]

That archive is filtered, with the specific goal of weeding out spam. (Scroll to the bottom.)

Personal archives of mailing list subscribers are also suspect since they will usually be the product of at least one spam filter. If you want to issue a useful challenge, you'll have to find or supply an unfiltered archive.

Our spammer is persistent: I just squished a second attempt shortly before replying to this message.

(7) By Shal Farley (Shal) on 2018-11-12 20:58:15 in reply to 5 [link] [source]

anonymous,

The only spam I recall while a member of fossil-user was the one that would spam back to anyone who sent a message.

Those somewhat NSFW spam messages did not go to the list, they went direct to my inbox from varying email addresses. The only real reason I know that they were enabled by harvesting my email address from a fossil-user posting is that they retained the Subject text of the post, as if in reply to it.

So, yes. As another anonymous post said, the key factor is that this mechanism doesn't broadcast the poster's email address to all subscribers.

That too could have been accomplished within the mechanism of an email list; but once the discussion turned to finding a solution it seems this Forum implementation was desired for more reasons than just anti-spam. As long as I receive postings by email I've no real objection to having to come to the forum web site to post.

Shal

(8) By anonymous on 2018-11-14 17:27:57 in reply to 3 [link] [source]

The primary difference now is that spammers cannot easily harvest email addresses; however, that also has the drawback that people cannot easily communicate with other members of the community except through the public postings on the Fossil Forum.

It is mentioned in another thread that Tox maybe an alternative private communication channel between members https://fossil-scm.org/forum/forumpost/ae19c00ea7 The Tox addresses themselves include anti-spam: the ability to change the last bits of the address, which does not effect already added contacts.

(9) By sean (jungleboogie) on 2018-11-15 05:45:13 in reply to 3 [link] [source]

The primary difference now is that spammers cannot easily harvest email addresses; however, that also has the drawback that people cannot easily communicate with other members of the community except through the public postings on the Fossil Forum.

People don't even know your real identity or an online handle for you, and we can't distinguish you from one anonymous poster to another. Why would there be a need to contact you?

(10) By Richard Hipp (drh) on 2018-11-15 13:41:40 in reply to 3 [source]

I cannot recall having seen even one piece of spam that was sent to the mailing list

The sqlite-users mailing list has recently been infiltrated by spammers. See (1) and (2) for examples. I do not yet know how these messages made it onto the sqlite-users mailing list.

(11) By anonymous on 2018-11-15 15:35:53 in reply to 10 [link] [source] 

> The sqlite-users mailing list has recently been infiltrated by spammers. See
> (1) and (2) for examples. I do not yet know how these messages made it onto
> the sqlite-users mailing list.

If the mailing list is subscribers-only, then clearly they subscribed and hopefully there is a log of how they became subscribed.  Does the sqlite-users mailing list routinely get spam?  Or is this some kind of freak event that somehow magically coincides with someones request to produce evidence of spam on one of the mailing lists?