lamernews
lamernews copied to clipboard
antirez
Dealing with spammers
Would be cool to have:
- only allow one upvote/downvote from the same ip per news entry within 24hrs.
- limit the number of news an ip can submit within 24hrs (let's say one can only post 5 news entries/day).
- admin feature where one can delete/edit offensive news or comments
Someone could easily spoof this by logging in through a proxy server and upvote/downvote from there.
The best way to deal with spammers for me is to let the community "flag" posts that people may think is spam.
Any thoughts on a user flagging a news item as Spam? I did a quick POC and the screenshots are attached. I wish EchoJS had this feature as this would help users identify a news item as spam on the main news list page avoiding a clickbait. For now have attached the Karma for Spam to the NewsDownVoteKarma.
Hey all, one of the community moderators of Echo JS here.
@sidkris77 asked:
Any thoughts on a user flagging a news item as Spam?
I've had an rough idea about implementing a report spam-feature for that doesn't require any modification to lamernews for quite a while now, but couldn't act on it yet due to not having much spare time.
The way it would work involves using a microservice (like webtask.io, now.sh, etc.) to listen for incoming (authorized) requests that have the offending URL as a query parameter and notify moderators via their preferred method (email, slack, etc.). Sending the requests would be handled via a bookmarklet, executed on the discussions-page (e.g. https://example.com/news/12345).
It is definitely not the most optimal let alone a feasible solution, especially for mobile users.
You could also consider looking up IP addresses against lists of known "troublesome" IPs and in DNSBLs. This is what we've started to do as we've got lots of bot/junk email submissions on our newsletter signup pages. It's a way to get rid of automated junk, rather than a human trying to spam, however.
I haven't got a lot of time to go into all the details, but to provide some pointers:
- do a reverse DNS lookup on the IP and reject any that contain certain hostnames (so certain heavily abused VPN providers, for instance)
- https://apility.io/ has an API that can give you a simple yes/no answer on abuse potential, it's free (or at least it is in whatever way we use it)
- https://getipintel.net/ is a neat way to find out if an IP is associated with VPNs, spamming, etc.
- DNSBLs are a great way to check abuse potential of IP addresses via DNS - they are commonly used for spam filtering in email, but I have also found IPs likely send to send email spam are also likely to be used by bots and Web spam too - https://en.wikipedia.org/wiki/DNSBL
Even if you didn't want to block people using misused VPNs, Tor and the like, due to a sense of not wanting to censor people, you could at least use the information to throttle them or show them a CAPTCHA, etc. I just outright block them because I'm dealing with email where zero tolerance is the best policy.
I was just about to suggest Captcha when I read the last part of your message.
How about requiring sign in (via Github / Google / Twitter) to post? Given the nature of the website, I would assume that most people who want to post relevant news have a Github account for example. On top of that limits could be enforced like max number of posts per day etc.
I can recommend Firebase for auth a lot, but also Auth0 seems to be very convenient.
In running http://www.rubyflow.com/ I can confirm a lot of spammers now have GitHub accounts and will happily run automated spamming campaigns through them. However, GitHub does remain a great way to authenticate users IMHO.
Then what about if there is minimal limit of total Github stars? On paper that seems like a good option.
I don't think GitHub stars would be the right way. Think the system has to deal with it intelligently rather than be restrictive.
how about a new feature "mute(disable) user" from admin panel and adding some captcha for new registrations?
