Moodle community sites

Fighting spam on moodle.org

 
This discussion has been locked because a year has elapsed since the last post. Please start a new discussion topic.
Picture of Helen Foster
Fighting spam on moodle.org
Group Core developersGroup Documentation writersGroup Moodle HQGroup Particularly helpful MoodlersGroup Plugin developersGroup TestersGroup Translators
You may have noticed that the moodle.org forums have recently become the target of a lot of spam activity. sad

In addition to cleaning up any spam posts and blocking (suspending) spammer accounts, the Sites team at Moodle HQ have been working on improving our spam defences as follows:

1) As suggested by Ken in the discussion SPAM from Moodle Forums? we have implemented a throttling feature preventing users with new accounts from making lots of posts in a short space of time (MDLSITE-3871). Previously spammers made 20 or more posts before being detected and blocked; now they can only post twice.

2) The moodle.org reCAPTCHA has been updated to use the 'No CAPTCHA reCAPTCHA' API from Google (MDLSITE-3878). Unfortunately though the new reCAPTCHA does not seem to have had any effect.

3) We have tried increasing the level of Cloudflare protection to block spammer IP addresses. However this resulted in many genuine posters reporting that they were blocked (MDLSITE-3873), and so Cloudflare has been reset back to its previous level.

4) Whilst blocking spammer accounts, we've been looking for patterns and have added many email domains to the denied email domain list. Obviously though we can't add gmail.com. wink

5) We have implemented Akismet filtering on posts made by users with new accounts (MDLSITE-3879). This feature seems to be working well, though there are further improvements still to be made (MDLSITE-3894).

Apologies if you have received any notifications of spam forum posts. To help us ensure that all spam is deleted and spammer accounts blocked, if you receive a spam forum post notification, please check if the post is still available on moodle.org, and if so, log in and click the 'Report to moderator' link.

Many thanks to Moodle HQ developer Dan for quickly developing more spam defences. If you have further suggestions for fighting spam on moodle.org, please let us know.
 
Average of ratings: Useful (11)
C'est moi :-)
Re: Fighting spam on moodle.org
Group Documentation writersGroup Particularly helpful MoodlersGroup TestersGroup Translators

Thanks for these detailed information.

And for all the work done so that most of us just don't see/know there is SPAM on moodle.org smile

 
Average of ratings: -
FFP
Re: Fighting spam on moodle.org
 

Thanks very much indeed Helen

We are aware of your efforts


Best regards!!

 
Average of ratings: -
Picture of Peter Seaman
Re: Fighting spam on moodle.org
 

Hi Helen: May I ask a naive question about why humans don't moderate the forums? When Moodle 2.0 was released, it seemed as though the posts were released in batches, which made me think a moderator was approving them. Could the volunteer spirit that animates Moodle not induce moderators to take turns approving posts? Or is the number of messages simply too large? Or are there concerns about moderators not being able to keep up? I appreciate the machines, but sometimes a sentient human seems like the only solution. Thanks.  -  Peter

 
Average of ratings: -
Picture of Richard Oelmann
Re: Fighting spam on moodle.org
Group Core developersGroup Particularly helpful MoodlersGroup Plugin developersGroup Testers

Hi Peter,

Speaking as one of them, I can assure you human beings do moderate the forums smile I suspect the 'batches' impression was probably more likely to be caused by the timing of the cron releasing them.

I think from my own point of view, if we were also asking moderators to pre-approve all posts, that would be even more detrimental to the forums than the level of spam. Genuine posts could be waiting hours at times to be approved before being seen and responded to. For example, although there are three of us in the English language Themes forum, we are all UK based. Given that we have forum posters from all over the world (who answer queries as well as post them), relying on the three of us to pre-approve all posts would not be practical. And if its a forum that already only has one moderator...

I also think that moderators themselves could feel under more pressure (even if its only the kind we put on ourselves) to then answer those posts directly, while the current situation is that others may have responded before we even see the post (at least thats often the case for me as I also work full time and can't always guarantee being on the forums other than a quick visit some days)

Just my thoughts on the idea smile

 
Average of ratings: Useful (3)
Picture of Peter Seaman
Re: Fighting spam on moodle.org
 

Thanks, Richard. I wonder about a combination of approaches, such as having a moderator approve a brand-new poster's post the first time, after which the poster gains the credential to post unapproved. I read recently about trying this approach to fight spam generally, in which senders would need to demonstrate that they are "legit" (not spammers) before being allowed to use the network - kind of like putting on a stamp on the envelope before you mail it. Maybe Moodle could be a leader in this area? Just an idea (yet another idea). Thanks.  -  Peter

 
Average of ratings: -
Dan at desk in Moodle HQ, Perth
Re: Fighting spam on moodle.org
Group Core developersGroup Moodle Course Creator Certificate holdersGroup Moodle HQGroup Particularly helpful MoodlersGroup Plugin developersGroup Testers
Thanks, Richard. I wonder about a combination of approaches, such as having a moderator approve a brand-new poster's post the first time, after which the poster gains the credential to post unapproved.

Yep, thats an idea we might implement. The reason why we haven't yet is just a matter of the fact the Moodle forum doesn't yet support it and it would take quite a bit of time to implement.

Its safe to say that the current stage of dealing with the current spam it is a little bit of 'firefighting' and very much an arms race. When we cut off one technique you see the behaviour change to get round it. Hopefully we'll get a bit of time to look at the moderation system once we've got the situation under control - we've had waves like this in the past, but once its over there become so many other more important bits of work to do..

Dan

 
Average of ratings: -
Tim at Lone Pine Koala Sanctuary
Re: Fighting spam on moodle.org
Group Core developersGroup Documentation writersGroup Particularly helpful MoodlersGroup Plugin developers

The levels in Discourse look interesting: https://meta.discourse.org/t/what-do-user-trust-levels-do/4924/2. Obviously that is a long way from where Moodle is now, but it is an interesting concept.

 
Average of ratings: Useful (1)
Just wondering . . .
Re: Fighting spam on moodle.org
Group Particularly helpful Moodlers

Agreed Tim.  This is fascinating.  I had not seen this before.

And on the other topic of spamming: you win some days, and you lose on others.  I think only 3 or so spams yesterday escaped into the wild.  Pretty good I'd say.  A 'win' day I'd say.

-Derek

 
Average of ratings: -
Picture of Daniel Neis Araujo
Re: Fighting spam on moodle.org
Group Core developersGroup Particularly helpful MoodlersGroup Plugin developersGroup Translators

Hello,


there may be some spam on tracker also:

https://tracker.moodle.org/secure/ViewProfile.jspa?name=preguntas.del.snna

https://tracker.moodle.org/browse/CONTRIB-5999


Or is just someone who don't know how to use the technology? =)


Kind regards,

Daniel

 
Average of ratings: -
Picture of Helen Foster
Re: Fighting spam on moodle.org
Group Core developersGroup Documentation writersGroup Moodle HQGroup Particularly helpful MoodlersGroup Plugin developersGroup TestersGroup Translators
Thanks Daniel, I have deleted the issue. It looked to me like the person didn't understand what the Moodle Tracker was for.
 
Average of ratings: -