LQ Suggestions & FeedbackDo you have a suggestion for this site or an idea that will make the site better? This forum is for you.
PLEASE READ THIS FORUM - Information and status updates will also be posted here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I think it needs more than a tighter signup process though. There must be some madatory, dead end, moderation process for new members - something effective that they simply cannot bypass.
Won't happen, at least not with me onboard. Having some spammer's actions restrict access for legitimate users doesn't fly with me.
Quote:
Obviously that means the end of the truly open forum model, but I think that is where we are as a global society at this time, in more ways than internet access controls. The game as we have tried to play it is simply over.
Until the nature of man can be changed, we need a better model.
I think you are giving this incident too much weight. The battle against spammers is normal and comes down to a simple "Who is better, the person writing the filter rules or the person trying to circumvent them". For countless times Jeremy was the winner, implementing filter rules that prevented thousands of spam threads. This one time the spammers have won, and of course it looks massive, but only because we usually don't see the the masses of spam filtered out. So, for me it is: Jeremy has adapted the filters, the incident is over, the forum has been cleaned, so let's just move on. Yes, this was annoying, but since I became a mod that was the first time that something like this happened and I seriously doubt that it will happen again soon, so I see no need to restrict anything for legitimate users.
And I agree that Jeremy has done an amazing job of keeping the site clean and open. He deserves all the credit that we can give him, and the mods, for that! My hat is off, especially because I have had to fight my own battles on this front (not so much spam, but targeted, massive intrusion and DDOS attempts).
I also agree with your sentiment about keeping the site open, despite my deep cynicism.
But I know there is a fundamental difference between filtering "normal" attacks that any open site endures, and doing battle with sustained targeted attacks, which must ultimately go beyond anything termed "filters".
This one looked more organized than the normal category (from my admittedly limited perspective) which may be why it was more successful. If so, it will probably adapt and grow...
Anyway, hats off to Jeremy and the mods - and as others have said, if we can help in any way please let us know!
Last edited by astrogeek; 01-21-2016 at 05:35 PM.
Reason: typos
I think Tobi is right. I have seen some level of spamming here occasionally over the years since I first joined years ago but nothing at yesterday's level so I think generally Jeremy has been filtering most of it out successfully.
I don't like the idea of making a mod approve someone before they can post. Many users (including me) come here the first time because they are in the middle of a problem.
I think it needs more than a tighter signup process though. There must be some madatory, dead end, moderation process for new members - something effective that they simply cannot bypass.
Won't happen, at least not with me onboard. Having some spammer's actions restrict access for legitimate users doesn't fly with me.
I agree totally with the kudos being passed around to the moderators and Jeremy, totally.
But sorry, TobiSGD, but this doesn't make sense to me, and no amount of spin is going to.
You phrase it as "restrict access"...yet by changing it to "user verification", it doesn't sound as bad, does it? Yes, the moderators and Jeremy have done (and CONTINUE to do), a great job with filters, and user moderation/control. But we've all seen other users banned over the years...and I'm fairly positive that they would ALL argue that they were 'legitimate' users, even though their behavior spoke otherwise.
But it's OK to ban them AFTER they get here, but not ask them BEFOREHAND to show due-diligence?? That's a reactive stance, rather than a proactive stance. This is what makes no sense to me.
I've been a proponent of having new users having their first 5 posts moderated when they join. ONLY five...after that, game on. It would not only make it much, MUCH harder for spammers to do what they did, but also clean up a good bit of 'post spam', like the ones we see by the dozens each week:
Where to download xxx distro?
Give links for yyy
I need a script
Pointing people to stick posts/guidelines/whatever, does no good...it hasn't slowed down posters like this one tiny bit, and never will.
In the last 2-3 years I've only witnessed two occurrences of large spam which affected the forums. And they've never been shut down either, just invaded. Both times it lasted a very short time.
In the last 2-3 years I've only witnessed two occurrences of large spam which affected the forums. And they've never been shut down either, just invaded. Both times it lasted a very short time.
Agreed, and that's only due to the moderators/Jeremy.
You phrase it as "restrict access"...yet by changing it to "user verification", it doesn't sound as bad, does it?
Changing the name does not make the procedure any different. Sending all posts from a new member to the moderation queue and forcing them to wait for a mod to become available (after all, we are all humans, we have a life beyond LQ and are not here 24/7) is nothing else than restricting access.
Quote:
Yes, the moderators and Jeremy have done (and CONTINUE to do), a great job with filters, and user moderation/control. But we've all seen other users banned over the years...and I'm fairly positive that they would ALL argue that they were 'legitimate' users, even though their behavior spoke otherwise.
But it's OK to ban them AFTER they get here, but not ask them BEFOREHAND to show due-diligence?? That's a reactive stance, rather than a proactive stance. This is what makes no sense to me
I am sorry, but I prefer "innocent until proven guilty". Nothing more to say.
Changing the name does not make the procedure any different. Sending all posts from a new member to the moderation queue and forcing them to wait for a mod to become available (after all, we are all humans, we have a life beyond LQ and are not here 24/7) is nothing else than restricting access.
Incorrect. Restricting access is "You aren't allowed to join/post/do something else"....WAITING is not restricting anyone. And honestly, so what if there is a delay? This isn't the emergency room at the hospital, and as has been pointed out to countless people before, there are no 'urgent' threads here.
Quote:
I am sorry, but I prefer "innocent until proven guilty". Nothing more to say.
..and no one is saying ANYONE is guilty, are they? This is a safety measure, nothing more.
Do you leave your doors unlocked, and windows open when you leave your house? Hand random people keys with your address? After all...people are INNOCENT until proven guilty, right? Or do you use common-sense, and give keys to people you know can be trusted, and make everyone else wait until you get home, to determine whether they get in or not?
Yesterday's festivities skew things, whether you like it or not. Would this have been an issue if there was a five-post mod limit? Nope...ALL of those 'users' would have been shoved somewhere unseen, along with the many "plz to be giving the links" people. Spammers get deleted easily, others get an auto-response about question guidelines.
...remains valid. While you may come from an academia background, and I understand how environments can color your views, I do not, although I have spent quite some time in schools, pursing my degrees.
I also firmly believe that people will rise to whatever expectations are set of them. There are NO SHORTCUTS, EVER for anything, be it knowledge, skills, or strength. You will either suffer the pain of discipline, or the pain of regret, the latter being FAR worse. Someone might want bigger muscles, and it's for damned sure they won't get them sitting on the couch...they have to actually DO something. Want to learn how to write scripts/program?? There is NOTHING stopping anyone in this day and age, except lack of drive. Giving people handouts only spurs them on to do the bare minimum they have to, and you'll be doing it for them, for as long as you LET THEM get away with it.
I have seen posters here play what I call 'forum tennis'...they beg/whine for a sample script, and someone hands them one at another forum. They come HERE, and post it VERBATIM, saying "plz to be helping", and someone does more...which they take to ANOTHER forum, where someone completes it. What's missing? Effort on their part..they have learned and done NOTHING. They will be back, and do the same thing for EVERY assignment they get, until someone, somewhere, puts foot to ass and tells them to stand on their own two feet.
I don't ask anything of anyone, that I don't expect of and demand from myself. I ask for help, but I'm damned sure I'm out of options when I do, and that I've researched/done/tried EVERYTHING I can think of first.
CAPTCHA isn't perfect. If it has audio feedback there are text-to-speech converters. Either that or they preregistered a few accounts manually and then just let to the bot go.
Watching this last attack I think it should not be very difficult to greatly mitigate this type with a simple algorithm or two.
A continuously updated aggregate value such as...
Code:
unreplied-new-user-posts
------------------------ > threshold = activate mandatory moderation for new users
hour
... would at least prevent a successful bot attack from progressing until a moderator could investigate. Small inconvenience for most users.
Or something even simpler per-user would have stopped the recent abuse - for example, user with less than 100 posts exceeding 5 unreplied posts per hour is temporarily suspended pending moderation.
In the first couple of hours of this attack there were at least a few of those new users hitting the 100 posts point - that should raise a red flag in any environment! Stopping only those in their tracks would prevent the wall-of-spam without affecting any legitimate users.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.