In addition to cleaning up any spam posts and blocking (suspending) spammer accounts, the Sites team at Moodle HQ have been working on improving our spam defences as follows:
1) As suggested by Ken in the discussion SPAM from Moodle Forums? we have implemented a throttling feature preventing users with new accounts from making lots of posts in a short space of time (MDLSITE-3871). Previously spammers made 20 or more posts before being detected and blocked; now they can only post twice.
2) The moodle.org reCAPTCHA has been updated to use the 'No CAPTCHA reCAPTCHA' API from Google (MDLSITE-3878). Unfortunately though the new reCAPTCHA does not seem to have had any effect.
3) We have tried increasing the level of Cloudflare protection to block spammer IP addresses. However this resulted in many genuine posters reporting that they were blocked (MDLSITE-3873), and so Cloudflare has been reset back to its previous level.
4) Whilst blocking spammer accounts, we've been looking for patterns and have added many email domains to the denied email domain list. Obviously though we can't add gmail.com.
5) We have implemented Akismet filtering on posts made by users with new accounts (MDLSITE-3879). This feature seems to be working well, though there are further improvements still to be made (MDLSITE-3894).
Apologies if you have received any notifications of spam forum posts. To help us ensure that all spam is deleted and spammer accounts blocked, if you receive a spam forum post notification, please check if the post is still available on moodle.org, and if so, log in and click the 'Report to moderator' link.
Many thanks to Moodle HQ developer Dan for quickly developing more spam defences. If you have further suggestions for fighting spam on moodle.org, please let us know.
Thanks for these detailed information.
And for all the work done so that most of us just don't see/know there is SPAM on moodle.org
Thanks very much indeed Helen
We are aware of your efforts
Hi Helen: May I ask a naive question about why humans don't moderate the forums? When Moodle 2.0 was released, it seemed as though the posts were released in batches, which made me think a moderator was approving them. Could the volunteer spirit that animates Moodle not induce moderators to take turns approving posts? Or is the number of messages simply too large? Or are there concerns about moderators not being able to keep up? I appreciate the machines, but sometimes a sentient human seems like the only solution. Thanks. - Peter
Speaking as one of them, I can assure you human beings do moderate the forums I suspect the 'batches' impression was probably more likely to be caused by the timing of the cron releasing them.
I think from my own point of view, if we were also asking moderators to pre-approve all posts, that would be even more detrimental to the forums than the level of spam. Genuine posts could be waiting hours at times to be approved before being seen and responded to. For example, although there are three of us in the English language Themes forum, we are all UK based. Given that we have forum posters from all over the world (who answer queries as well as post them), relying on the three of us to pre-approve all posts would not be practical. And if its a forum that already only has one moderator...
I also think that moderators themselves could feel under more pressure (even if its only the kind we put on ourselves) to then answer those posts directly, while the current situation is that others may have responded before we even see the post (at least thats often the case for me as I also work full time and can't always guarantee being on the forums other than a quick visit some days)
Just my thoughts on the idea
Thanks, Richard. I wonder about a combination of approaches, such as having a moderator approve a brand-new poster's post the first time, after which the poster gains the credential to post unapproved. I read recently about trying this approach to fight spam generally, in which senders would need to demonstrate that they are "legit" (not spammers) before being allowed to use the network - kind of like putting on a stamp on the envelope before you mail it. Maybe Moodle could be a leader in this area? Just an idea (yet another idea). Thanks. - Peter
Thanks, Richard. I wonder about a combination of approaches, such as having a moderator approve a brand-new poster's post the first time, after which the poster gains the credential to post unapproved.
Yep, thats an idea we might implement. The reason why we haven't yet is just a matter of the fact the Moodle forum doesn't yet support it and it would take quite a bit of time to implement.
Its safe to say that the current stage of dealing with the current spam it is a little bit of 'firefighting' and very much an arms race. When we cut off one technique you see the behaviour change to get round it. Hopefully we'll get a bit of time to look at the moderation system once we've got the situation under control - we've had waves like this in the past, but once its over there become so many other more important bits of work to do..
The levels in Discourse look interesting: https://meta.discourse.org/t/what-do-user-trust-levels-do/4924/2. Obviously that is a long way from where Moodle is now, but it is an interesting concept.
Agreed Tim. This is fascinating. I had not seen this before.
And on the other topic of spamming: you win some days, and you lose on others. I think only 3 or so spams yesterday escaped into the wild. Pretty good I'd say. A 'win' day I'd say.
there may be some spam on tracker also:
Or is just someone who don't know how to use the technology? =)