We just had the "watch movies online" spammer coming through again. All of its six threads were marked as spam within ~10 minutes, but it's still annoying and unsightly to have so many spam threads created in one fell swoop. (And we've had occasions where quite a few more spam threads were created.)
I'm generally not a fan of limiting new members too much in order to deal with spammers, as I believe the benefits don't outweigh the damage done to the experience of legitimate members, but here's something which might be worth trying: Limit how many threads new members can create within any given time period to the following maximums:
3 threads per 5 minutes.
4 threads per 10 minutes.
5 threads per 20 minutes.
6 threads per 60 minutes.
Enthusiastic new members sometimes do post 3 or 4 threads shortly after each other, but as they actually type them all out by hand, they should take more than 10 minutes in the process, and thus never really hit a limit (and if they do, they can be presented with a friendly "wait a few minutes before trying to post again" message). Spammers meanwhile tend to post more than 3 threads within 5 minutes, and so would be brought to an abrupt halt. They might wait around for the 4th thread creation, but nothing beyond that limit.
This won't stop spam, but it should reduce the disruption caused by spam those couple of times a week when a mass-blast of spam comes through.
You're right, the floods of spam really are the worst.
A small flaw with this suggestion is some of the spammers just create accounts, then wait a while to come back and post. I guess a workaround would be to let the clock start ticking from their first post. instead of when they sign up. That would indeed slow them down.
Another thought I've had is to do a similarity check for the first 5 posts or so a user makes. If it's too similar to previous ones (say 95% similar), then we put a temporary hold on future posts. That should slow them down a fair bit I'd think
The way I envision these limits is that they would count backward for every new thread started. So when they submit a new thread, see how many threads that user has already created in the last 5, 10, 20 and 60 minutes, and if any of those are over the specified maximum, don't allow the new thread. That way they can't even work around it by creating one innocent new thread, and come back the next day for the real spam flood.
The similarity check would also be a worthwhile improvement; would also prevent duplicate posts by non-spamming members.
I've made one other change today which might help - moving our DNS over to Cloudflare
They've got some smart systems in place to protect against botnets and spam at the DNS level, so it might well cut out some of the most annoying ones. We can only hope
Right, both rate limiting and duplicate checking are now also in place. As an added bonus, when a duplicate post has been detected, the previous post will also automatically be flagged as suspicious.
That will block the user from posting anything until it's cleared!
Does that duplicate post flag go into effect on the second post already? If so, that might be a bit too harsh; we do get quite a few people who're searching for travel companions posting the exact same thread both in the travel companions forum and in the relevant regional forum (especially for Australia/New Zealand, where I've basically given up trying to keep the travel companions threads out, as it's impossible to explain why the one 10 page thread is allowed (because the original post asked something about the advice), and the other isn't).
If it only takes effect on the third duplicate, then I'm all in favor of it.
It does it on the second post already. I kind of think it's ok to catch the travel companion ones also. But maybe let's try for a few days and see if there's too many others caught out. I set it to send me a message whenever it hits this so I can check for any false positives as well.
Note for moderators: you'll see posts flagged this way being called "suspicious" and they will be flagged by our new helpful user named ModBot. If they look fine, you can just unflag.
We just had the same spammer coming through again. Four threads in four minutes; but no fifth thread. I'd call that an improvement! \o/
Yay! I'm really over reading about what I can watch online.
"high quality, fake passports" spammer was stopped on the second post