New accounts are not allowed to post to the forum, please wait a few days before contributing.
Forums » Feature Requests » Effective antispam on myCast
I am a fairly experienced operator on forums and other communities, and naturally part of that is working with spam. In this thread I'll get into specifics with how to deal with spam, including where this site is falling short. These options hinge on time, money, and manpower to execute, so I don't expect all this to happen or be considered immediately. I may have missed things based on my inexperience: I am an outsider peering in and I am not intimately familiar with other issues the forum may have. Food for thought to help administrators set some goals. I don't expect to turn up much after this but you can solicit my further input if desired.
Lets start with current measures:
Forum posting delay.
This reaction is crude, to be frank. The fact it only sets a timer and I could in theory spam after is not ideal. As a hypothetical spammer I can immediately upon registration create publicly reachable spam stories or profile information:
https://www.mycast.io/stories/a-story-of-mycast-and-100mg-of-kmora-jelly
https://www.mycast.io/profiles/197851/username/raidarr
As a new user I could have been spamming in this thread already without review or flagging just by being dormant a bit. This is the problem and at the heart of suggestions to come.
The second measure is 'hire more staff'.
Obviously easier said than done. Clearly at least one new moderator has showed up recently and I've heard there is more time for admin attention. My impression is that the new moderator was figuratively handed a gun and told 'go shoot spambots'. It's something but it is not definitive. The moderator seems unable to address lingering accounts which are not considered new. Sleepers and compromised old accounts are an infamous venue for spam. They seem to have few tools except for reactionary whack a mole and there doesn't seem to be much of a 'team' to coordinate with, following suggestions will consider how to empower them. But for one it is obvious the team structure needs to expand somewhat as this site is humble in size, but has attracted an audience.
Potential new measures:
Integrating StopForumSpam.
I know this seems to be manual spam based on prior discussion threads, but the nature of the spam seems eligible for that project. Without more backend awareness I am not sure how feasible this option is.
Flagging suspicious content in all areas.
Odd links or phrasing from new users. This flagging should drop the profile, story or post/thread into a queue for moderator review. This should happen a few times for new users to really hit at spam and eliminate 'pump and dump' as a useful attack vector. They can see their content but it does not become public yet. if too complex this could be a blanket policy for all content, but that would be aggressive and possibly out of the team's ability to control. Preferably the team matches the size or efficiency for this or flagging and auto private until approved only deals with stuff that mentions likely spam material, which I demonstrated through the story linked above. This flag could silently apply to content even from established accounts which are later compromise, though obviously this would require an admin on deck who can tune the filter accordingly and moderators who can dismiss obvious non-spam.
IP whacking.
This is only so effective. If you haven't already you may consider proactively taking out VPNs and very likely proxies based on publicly available lists, reducing likely vectors at least. Of course this doesn't do much to deal with botnets and legitimate but very concentrated IP ranges, but if this hasn't been considered it may simplify things a little. By whacking I do not mean blocking the IP literally from the server, but a softblock that either inconveniences creation and requires a manual eye or autoflags.
Splitting moderation duties.
Taking the flagging idea and adding a junior moderator group: if spam, send to a trusted queue for for nuke by more senior mods and freeze the account/hide content in the meantime. If not spam, approve immediately. Add to queue (but do not change the content yet) based on reports and flags. This would apply to all major spam vectors and replace the timed delay on the forum.
Lets start with current measures:
Forum posting delay.
This reaction is crude, to be frank. The fact it only sets a timer and I could in theory spam after is not ideal. As a hypothetical spammer I can immediately upon registration create publicly reachable spam stories or profile information:
https://www.mycast.io/stories/a-story-of-mycast-and-100mg-of-kmora-jelly
https://www.mycast.io/profiles/197851/username/raidarr
As a new user I could have been spamming in this thread already without review or flagging just by being dormant a bit. This is the problem and at the heart of suggestions to come.
The second measure is 'hire more staff'.
Obviously easier said than done. Clearly at least one new moderator has showed up recently and I've heard there is more time for admin attention. My impression is that the new moderator was figuratively handed a gun and told 'go shoot spambots'. It's something but it is not definitive. The moderator seems unable to address lingering accounts which are not considered new. Sleepers and compromised old accounts are an infamous venue for spam. They seem to have few tools except for reactionary whack a mole and there doesn't seem to be much of a 'team' to coordinate with, following suggestions will consider how to empower them. But for one it is obvious the team structure needs to expand somewhat as this site is humble in size, but has attracted an audience.
Potential new measures:
Integrating StopForumSpam.
I know this seems to be manual spam based on prior discussion threads, but the nature of the spam seems eligible for that project. Without more backend awareness I am not sure how feasible this option is.
Flagging suspicious content in all areas.
Odd links or phrasing from new users. This flagging should drop the profile, story or post/thread into a queue for moderator review. This should happen a few times for new users to really hit at spam and eliminate 'pump and dump' as a useful attack vector. They can see their content but it does not become public yet. if too complex this could be a blanket policy for all content, but that would be aggressive and possibly out of the team's ability to control. Preferably the team matches the size or efficiency for this or flagging and auto private until approved only deals with stuff that mentions likely spam material, which I demonstrated through the story linked above. This flag could silently apply to content even from established accounts which are later compromise, though obviously this would require an admin on deck who can tune the filter accordingly and moderators who can dismiss obvious non-spam.
IP whacking.
This is only so effective. If you haven't already you may consider proactively taking out VPNs and very likely proxies based on publicly available lists, reducing likely vectors at least. Of course this doesn't do much to deal with botnets and legitimate but very concentrated IP ranges, but if this hasn't been considered it may simplify things a little. By whacking I do not mean blocking the IP literally from the server, but a softblock that either inconveniences creation and requires a manual eye or autoflags.
Splitting moderation duties.
Taking the flagging idea and adding a junior moderator group: if spam, send to a trusted queue for for nuke by more senior mods and freeze the account/hide content in the meantime. If not spam, approve immediately. Add to queue (but do not change the content yet) based on reports and flags. This would apply to all major spam vectors and replace the timed delay on the forum.
2FA is a fine suggestion for general account security. It is draconian to require for every account that registers, which is why I passed it up as a suggestion relating to antispam. You say "more effective" but I doubt it is more effective on its own than the half dozen or so combined thoughts presented here in facing spam (without serious compromises to user experience).
Some other user here once suggested an idea about banning/blocking disposable emails, which i think is where those spammer accounts came from. That way, people are able to create multiple spam accounts as well as trolls creating duplicate/clone accounts either for trolling or voting manipulation. So i think it's time for this website to prevent disposable emails from signing in. I agree on blocking VPNs and Proxies, because several of the recent spammer accounts had been using VPN with their IPs registered from other countries (from what i saw, the spammers' main domain are usually located in countries like India, Vietnam, South Africa and China. But sometimes changed to US, UK, Russia, Japan, Hong Kong, Taiwan, Singapore, Uganda etc.)
2FA is a fine suggestion for general account security. It is draconian to require for every account that registers, which is why I passed it up as a suggestion relating to antispam. You say "more effective" but I doubt it is more effective on its own than the half dozen or so combined thoughts presented here in facing spam (without serious compromises to user experience).
Perhaps 2FA can be part of the accounts settings.
It is good to have in general, yes. And as a matter of practice it would be reasonable to require everyone with moderator access and above to use it - as long as there are options and it is not shoehorned in one single venue, ie, the abusable email sms pushes, and there is some documentation on handling it responsibly so people do not brick their accounts easily.
Join myCast
Do you love movies? Fan casting? myCast is the place for you!
Join thousands of other users in fan casting your favorite stories. Take 30 seconds to create a completely free profile, which will allow you to:
- Add your own stories and characters
- Make casting suggestions
- Vote and comment on casting suggestions
- Add and edit talent profiles
- Post to the forums
Need an account?
Create a free account
Join myCast
Do you love movies? Fan casting? myCast is the place for you!
Join thousands of other users in fan casting your favorite stories. Take 30 seconds to create a completely free profile, which will allow you to:
- Add your own stories and characters
- Make casting suggestions
- Vote and comment on casting suggestions
- Add and edit talent profiles
- Post to the forums