Spam
From StatusNet
Spammers are not listed on the 'Public' page.
[edit] Ideas for fighting spam
- Every time someone enters an URL in their profile the URL should be checked against the FLOSS TypePad AntiSpam db.
- Time limit: If an account subscribes to N accounts in M minutes, it's probably spam and should either be auto-blocked or checked out by StatusNet staff or a trusted volunteer with the power to block spammers.
- Use Project Honeypot.
- Spambots like to hang out together and subscribe to each other.
- Third-party services. There's a Mollom and BlogSpam plugin. We need plugins for Akismet and Defensio, and we need to make sure that those services know we'll be checking with them.
- User reporting. "This is spam". Probably our first line of defense; data from here can help feed automated systems below. (available UserFlag plugin 0.9.0)
- Captchas. These keep bots from doing things only people should do. I think the reCaptcha plugin is great for registration. Not sure how it would work for posting.
- Captchas are bad! Please try almost everything else before resorting to this. --Forteller 21:06, 29 December 2009 (UTC)
- Throttles. These keep the same account from posting too often. This is already in place, but I'm not sure how accurate it is.
- IP lookups. We should try to prevent posting from known botnets or open proxies. We may want to keep our own IP block list.
- Bayesian filters. Checking words, author, context, that kind of thing. Seems to be pretty effective.
- Keyword filters. More direct: you can't say "viagra" on this system.
- This is even worse than Captchas. Please no censorship --Forteller 21:06, 29 December 2009 (UTC)
- Bad behaviour. Sniffs HTTP messages for tell-tale signs of poorly-programmed Web tools. Not sure it's going to be effective for StatusNet; poorly-programmed Web tools are our major interface.
- Bad Behaviour website. This is FLOSS (GPL). --Forteller 21:06, 29 December 2009 (UTC)
- Invisible field on signup. If one adds an invisible field on the registration page, one can easily stop spam-bots. Bots will most likely fill in all fields, but humans will not see the invisible field and thus not fill it out. Do not accept any registration where there's anything in the invisible field.
