> Forums > Active Social > Feedback and Requests > ENH - Spam Bot/User Removal Utility
Last Post 09 Jul 2010 01:24 AM by Smart-Thinker. 12 Replies.
AddThis - Bookmarking and Sharing Button Printer Friendly
  •  
  •  
  •  
  •  
  •  
PrevPrev NextNext
You are not authorized to post a reply.
Author Messages
Will Morgenweck Forum Admin
DotNetNuke Staff
Will Morgenweck
Post Count:7702

--
08 Jul 2010 09:52 AM
    One of the advantages of running activesocial.com is that we get to see all different kinds of traffic.  The domain, activesocial.com, was being used by a dating site before we acquired the name.  Needless to say, we see a great number of spammers.  In most cases the spammers are bots and our typical prevention mechanism work very well.  However, the "spam industry" is becoming more resourceful and using actual people to complete the registration process.

    Since it's not as easy as just deleting the user account, I would like to discuss creating a "spammer" removal utility.  If your site hasn't been hit by a spammer then you will probably think this is overkill.  Those that have had to deal with spammers will probably know exactly what I'm talking about and hopefully will add to the discussion.

    I would like to add a feature in Active Social that gives the admin the ability to remove a user with various options.   There could be various ways to incorporate this utility into Active Social or even anywhere in DotNetNuke.  We can assume that this utility is going to receive a user id in some fashion and special authentication should be required.  The utility will first look through all database tables with a UserId column and store these as "Possible User Data" locations.  The admin will also have the option to add other tables that may use a different name for the UserId column.    The next step would be to see how much data belongs to this user.  Tables along with number of rows would be presented to the admin.  The admin would then have the option to select which data should be removed.  Data integrity(relationships) would need to be enforced as well.  For example, wouldn't be able to delete the user without also deleting the profile.  However, you could keep forum posts and completely delete all other user records.  We would also need a file system scan for user stored files.  Active Social should properly delete all pictures and files uploaded by the user.

    Another approach could be to remove all data, but leave the account in place.  This would be better for integrity within DotNetNuke 5.x systems.  We could provide an option that essentially disables the account. 

    Please share your thoughts so we can gauge the importance of this enhancement.
    Will Morgenweck
    Director of Product Management
    DotNetNuke Corp.
    DavidE
    Customers
    DavidE
    Post Count:106

    --
    08 Jul 2010 10:48 AM
    Hi Will,

    This would be an excellent enhancement. I don't have much experience with the spam bots, but as I go live this is an issue I have been concerned about. Having mechanisms to deal with the various methods spammers utilize in Active Social would be ideal. The method you present seems to provide a good level of flexibility for the admin.

    Thanks,
    Dave
    Smart-Thinker
    Customers
    Smart-Thinker
    Post Count:550

    --
    08 Jul 2010 11:14 AM
    I get around 25 signups on PokerDIY a day, but since I turned on 2-stage verification my REAL users (ie. those who verify with an email) has dropped to about 8 a day!! I get a lot of human spammers on outsourcing jobs - some who even use real emails and validate their account (check my forums on PokerDIY, there is a SPAM forum (that's good Google Juice, I need all the content and you'll see different users pasting the same content from different accounts.

    Anyway - back to the question - I currently have a stored proc that takes in a Username and does a hard delete on a whole lot of tables to permanently delete real problem users (I don't get them often and just ignore most spammers - they wont bother most other users). Obviously a stored proc is not great - it would be cool to have a UI to delete various elements of data - possible it could remove them from a role (so it ties in with 2 Stage verification) and even email them/warn them or insert a PM into their inbox.

    I have to say - it's a nice feature, but there's loads of other features I would consider more important than this when time is factor. It's more of a nice to have IMHO.

    thanks
    Rodney Joyce
    PokerDIY.com - Connecting Poker Players
    Frozen DNN
    Customers
    Frozen DNN
    Post Count:1387

    --
    08 Jul 2010 01:25 PM
    It's a great idea. In addition to all the above, it would be nice if would ban the IP address internally. In the profile info template next to the IP address of the user there should be a ban this IP button. Click on it and that IP is banned from posting on forum or participating anywhere else on the website. It would be nice if we can set the redirect for that IP address. Also, to go to the extreme (this may not apply to many websites, who rely on members all over the world) it would be nice if would ban countries! Most of the spam bots come from Korea, Russia etc...
    DotNetNuke Corp. has a time machine. It acquires modules and sends them back to the stone age. e.g. Active Social.
    Matt M
    Customers
    Matt M
    Post Count:375

    --
    08 Jul 2010 03:56 PM
    Can't we just have a question at signup - Are you a spammer? Because of course they'll answer Yes ...

    No?

    Ok, well being serious now ... although I think there's some value in your suggested approach Will, can I suggest that an (optional) interactive process for users would work well? I'm thinking a karma- or points-style system ala Slashdot / Digg / et al. If users have it in their power to score posts, then you have an opportunity for them to help keep the spammers out (since spam annoys the users just as much as you).

    A system like that done well makes it easy to drown out the garbage, and trivial for admins to identify the spam accounts. Plus of course you could tie it into progressive site privileges as their score increases.

    The risk with such a system is that of multiple spammers 'gaming' the scoring system. But after a while of the system being in operation, you restrict new accounts to be unable to rank until they've reached a certain level of karma - meaning that your existing "good" users are the ones making judgement over whether this account's for real or not.

    I realise no system is completely foolproof; it just seems to me that this might logically build on work you've already done, and actually benefit the social functionality by rewarding high value contributions.
    AuTechHeads - An Australian group for geeks. Visit us at http://www.autechheads.com!
    Tareq
    Customers
    Tareq
    Post Count:442

    --
    08 Jul 2010 05:54 PM
    I agree with Rodney on this one. It will be a handy feature but there are several other features I would like to see first before this. Spam usually gets to be pain when your site is big and have enough users to spam to. I think there are only a few who does own a large site using AS that will benefit from this right now. I also like some of Matt's idea with Karma points.
    SilverSurfer
    Customers
    SilverSurfer
    Post Count:173

    --
    08 Jul 2010 06:26 PM
    Will, have you ever looked into Project Honeypot? You can create a hook into their database which contains the IPs of known spammers and this list is added to daily.

    It would be AWESOME if there was an option with the AS registration process to use this system. The way it could be implemented is the first time they click to register their IP address gets submitted in the background and if they're on the list they then get redirected to a custom page. Maybe the page says something like "Sorry but we are experiencing problems with our registration process."

    Here is the info about their API

    http://www.projecthoneypot.org/httpbl_api.php
    SilverSurfer
    Customers
    SilverSurfer
    Post Count:173

    --
    08 Jul 2010 06:32 PM
    There are also some existing .net code modules for HoneyPot which should cut down on the programming. I have not checked these out yet but take a look, it might be easy to add these to the AS registration process. Prevention is always better than the cure. :-)

    http://code.google.com/p/blacklistprotector/

    http://gatekeeper.codeplex.com
    Will Sugg
    Customers
    Will Sugg
    Post Count:534

    --
    08 Jul 2010 10:05 PM
    I have also started seeing what I think are 'human' spammers. The way I stop them is that when they hit 'Sign Up' they have to fill out a short email contact form that requires them to enter their name, email and asks why they want to join. If their response to this question 'jibes' - this community is one of farm/ag related people mostly in Maine - I send them the link to sign up (hidden in the menu). If their answer is sparse I look up their email address on Google (especially if @hotmail or other free ones rather than a Maine ISP domain I recognize). If they are associated with anything related to the topic I send them the link.

    But I have dozens like this:

    Your Name anitababy70
    Your Email anitahaka90@yahoo.com
    Your Farm or Business Name anita
    Your website any
    Why do you want to create a MOFGA.net profile?
    am looking good amam looking good amam looking good amam looking good amam looking good amam looking good amam looking good

    that obviously don't get the link.

    This is cumbersome but no spammers have gotten on yet. Plus this client would totally freak if one did so it is worth it (and they get billed).

    It would be tougher to do this on a more 'generic' social site but on a more specific one like ours (or scuba divers in Ohio, bikers in Kentucky, etc.) the human filter may be the best defense.

    thanks,

    Will

    SilverSurfer
    Customers
    SilverSurfer
    Post Count:173

    --
    08 Jul 2010 10:26 PM
    We have a forum and I can tell you that it's human spammers that are the problem. Most of them seem to originate in India, I'm guessing there are boiler rooms where people are paid minimum wage to sit and create account on forums.

    We sometimes disable registrations during certain periods of the day when they are the most active and hope that the more committed users will hang around long enough to be able to join.
    Ben Thompson
    Customers
    Ben Thompson
    Post Count:230

    --
    08 Jul 2010 10:31 PM
    We also have a problem with spammers using up our SMTP allocation. And I agree with SilverSurfer, more often human these days.
    I see good value in a tool to detect unusual activity. Could be the amount of messages sent compared to others, message content, keywords etc.

    Definately required to keep the admin of social solutions focused on the positives.
    www.itproject.com.au
    Steven Webster
    Customers
    Steven Webster
    Post Count:1682

    --
    09 Jul 2010 12:39 AM
    I get human spammers on bikeclicks but not too many. Usually we spot them right away. They tend to send out PMs. I'll get one or a member will report them and we'll turn off their account within the hour. On the other hand...we also get a lot of promoters who join the site, join ten groups and the post plugs for their race or ride in those ten groups within 20 minutes of membership. They don't really participate in the group beyond promotion.

    It doesn't happen often...but I'm considering adding the community role and verification so members have to "prove" their worth before they can advertise.

    Steven Webster
    Manager, Community Platform
    F5 Networks, DevCentral
    Smart-Thinker
    Customers
    Smart-Thinker
    Post Count:550

    --
    09 Jul 2010 01:24 AM
    I think 2 Stage verification is essential these days if you dont want your IP blacklisted...
    thanks
    Rodney Joyce
    PokerDIY.com - Connecting Poker Players
    You are not authorized to post a reply.
    > Forums > Active Social > Feedback and Requests > ENH - Spam Bot/User Removal Utility
    test
    Copyright 2012 by DotNetNuke Corporation / Terms of Use / Privacy