Fighting spam on moodle.org

Fighting spam on moodle.org

by Helen Foster -
Number of replies: 10
Picture of Core developers Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers Picture of Translators
You may have noticed that the moodle.org forums have recently become the target of a lot of spam activity. sad

In addition to cleaning up any spam posts and blocking (suspending) spammer accounts, the Sites team at Moodle HQ have been working on improving our spam defences as follows:

1) As suggested by Ken in the discussion SPAM from Moodle Forums? we have implemented a throttling feature preventing users with new accounts from making lots of posts in a short space of time (MDLSITE-3871). Previously spammers made 20 or more posts before being detected and blocked; now they can only post twice.

2) The moodle.org reCAPTCHA has been updated to use the 'No CAPTCHA reCAPTCHA' API from Google (MDLSITE-3878). Unfortunately though the new reCAPTCHA does not seem to have had any effect.

3) We have tried increasing the level of Cloudflare protection to block spammer IP addresses. However this resulted in many genuine posters reporting that they were blocked (MDLSITE-3873), and so Cloudflare has been reset back to its previous level.

4) Whilst blocking spammer accounts, we've been looking for patterns and have added many email domains to the denied email domain list. Obviously though we can't add gmail.com. wink

5) We have implemented Akismet filtering on posts made by users with new accounts (MDLSITE-3879). This feature seems to be working well, though there are further improvements still to be made (MDLSITE-3894).

Apologies if you have received any notifications of spam forum posts. To help us ensure that all spam is deleted and spammer accounts blocked, if you receive a spam forum post notification, please check if the post is still available on moodle.org, and if so, log in and click the 'Report to moderator' link.

Many thanks to Moodle HQ developer Dan for quickly developing more spam defences. If you have further suggestions for fighting spam on moodle.org, please let us know.
Average of ratings: Useful (11)
In reply to Helen Foster

Re: Fighting spam on moodle.org

by Séverin TERRIER -
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Testers Picture of Translators

Thanks for these detailed information.

And for all the work done so that most of us just don't see/know there is SPAM on moodle.org smile

Average of ratings: -
In reply to Helen Foster

Re: Fighting spam on moodle.org

by Franco Pantoja -
Picture of Particularly helpful Moodlers

Thanks very much indeed Helen

We are aware of your efforts


Best regards!!

Average of ratings: -
In reply to Helen Foster

Re: Fighting spam on moodle.org

by Peter Seaman -

Hi Helen: May I ask a naive question about why humans don't moderate the forums? When Moodle 2.0 was released, it seemed as though the posts were released in batches, which made me think a moderator was approving them. Could the volunteer spirit that animates Moodle not induce moderators to take turns approving posts? Or is the number of messages simply too large? Or are there concerns about moderators not being able to keep up? I appreciate the machines, but sometimes a sentient human seems like the only solution. Thanks.  -  Peter

Average of ratings: -
In reply to Peter Seaman

Re: Fighting spam on moodle.org

by Richard Oelmann -
Picture of Core developers Picture of Plugin developers Picture of Testers

Hi Peter,

Speaking as one of them, I can assure you human beings do moderate the forums smile I suspect the 'batches' impression was probably more likely to be caused by the timing of the cron releasing them.

I think from my own point of view, if we were also asking moderators to pre-approve all posts, that would be even more detrimental to the forums than the level of spam. Genuine posts could be waiting hours at times to be approved before being seen and responded to. For example, although there are three of us in the English language Themes forum, we are all UK based. Given that we have forum posters from all over the world (who answer queries as well as post them), relying on the three of us to pre-approve all posts would not be practical. And if its a forum that already only has one moderator...

I also think that moderators themselves could feel under more pressure (even if its only the kind we put on ourselves) to then answer those posts directly, while the current situation is that others may have responded before we even see the post (at least thats often the case for me as I also work full time and can't always guarantee being on the forums other than a quick visit some days)

Just my thoughts on the idea smile

Average of ratings: Useful (3)
In reply to Richard Oelmann

Re: Fighting spam on moodle.org

by Peter Seaman -

Thanks, Richard. I wonder about a combination of approaches, such as having a moderator approve a brand-new poster's post the first time, after which the poster gains the credential to post unapproved. I read recently about trying this approach to fight spam generally, in which senders would need to demonstrate that they are "legit" (not spammers) before being allowed to use the network - kind of like putting on a stamp on the envelope before you mail it. Maybe Moodle could be a leader in this area? Just an idea (yet another idea). Thanks.  -  Peter

Average of ratings: -
In reply to Peter Seaman

Re: Fighting spam on moodle.org

by Dan Poltawski -
Thanks, Richard. I wonder about a combination of approaches, such as having a moderator approve a brand-new poster's post the first time, after which the poster gains the credential to post unapproved.

Yep, thats an idea we might implement. The reason why we haven't yet is just a matter of the fact the Moodle forum doesn't yet support it and it would take quite a bit of time to implement.

Its safe to say that the current stage of dealing with the current spam it is a little bit of 'firefighting' and very much an arms race. When we cut off one technique you see the behaviour change to get round it. Hopefully we'll get a bit of time to look at the moderation system once we've got the situation under control - we've had waves like this in the past, but once its over there become so many other more important bits of work to do..

Dan

Average of ratings: -
In reply to Helen Foster

Re: Fighting spam on moodle.org

by Tim Hunt -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

The levels in Discourse look interesting: https://meta.discourse.org/t/what-do-user-trust-levels-do/4924/2. Obviously that is a long way from where Moodle is now, but it is an interesting concept.

Average of ratings: Useful (1)
In reply to Tim Hunt

Re: Fighting spam on moodle.org

by Derek Chirnside -

Agreed Tim.  This is fascinating.  I had not seen this before.

And on the other topic of spamming: you win some days, and you lose on others.  I think only 3 or so spams yesterday escaped into the wild.  Pretty good I'd say.  A 'win' day I'd say.

-Derek

Average of ratings: -
In reply to Derek Chirnside

Re: Fighting spam on moodle.org

by Daniel Neis Araujo -
Picture of Core developers Picture of Plugin developers Picture of Translators

Hello,


there may be some spam on tracker also:

https://tracker.moodle.org/secure/ViewProfile.jspa?name=preguntas.del.snna

https://tracker.moodle.org/browse/CONTRIB-5999


Or is just someone who don't know how to use the technology? =)


Kind regards,

Daniel

Average of ratings: -
In reply to Daniel Neis Araujo

Re: Fighting spam on moodle.org

by Helen Foster -
Picture of Core developers Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers Picture of Translators
Thanks Daniel, I have deleted the issue. It looked to me like the person didn't understand what the Moodle Tracker was for.
Average of ratings: -