Results 1 to 8 of 8

Thread: forum spam

  1. #1
    Join Date
    Jun 2008
    Location
    Earth - Denmark
    Posts
    10,730

    Default forum spam

    i've seen one for sure spam, and think i just saw a maybe second..

    while we all know it is impossible to keep it all out (and it is not
    a problem, so far), i think it just a matter of time before the Filth
    of the Earth (aka: spammers) find the nntp way in...and, i suggest
    before they do TPTB set the nntp server to use an ID/password for entry..

    --
    DenverD (Linux Counter 282315) via NNTP, Thunderbird 2.0.0.14, KDE
    3.5.7, SUSE Linux 10.3, 2.6.22.18-0.2-default #1 SMP i686 athlon

  2. #2
    Marcel Cox NNTP User

    Default Re: forum spam

    For almost 10 years, Novell has now been running their support forums on
    NNTP servers without password requirement and so far, spammers were never
    a big problem that couldn't be handled. The situation would be different
    if Novell's news server were linked to other public news servers.

    Requiring login for NNTP access has 2 disadvanatges:

    1) It may put off users from using the forums. I agree this is actually a
    week argument for forums where most users use the web and the web
    requiring authentication anyway.

    2) Password security
    Now this is a bigger issue. By default, the nntp protocol transmits the
    password in cleartext and thus malicious people could sniff the password.
    This is particularly an issue as you would typically want the nntp
    password to be the same as the web password. However the web password is
    the Novell customer password for all Novell web sites including for
    example license management for the products a customer may have purchased.
    As such, it is not a good idea to send such a password in clear over the
    internet. There would be 3 potential worarounds to this problem:
    - use a difefrent password for NNTP. How should that be managed???
    - use an authentication method that does not send the password as
    cleartext. Alas, such authentication methods are not standardized and most
    newsreaders do not support non default authentication methods
    - use NNTP over SSL or TLS. Unfortunately, this would lock out a number of
    newsreaders that don't support SSL, and it would also put a heavy CPU toll
    on the server which would have to encrypt all the NNTP data.

    --
    Marcel Cox

  3. #3
    Join Date
    Jun 2008
    Location
    Earth - Denmark
    Posts
    10,730

    Default Re: forum spam

    hmmmmmm...as per usual, my 'bright ideas' are much harder to
    implement than to 'dream up'!

    to me, now, it seems best to revisit the idea *IF* spam (via nntp)
    becomes a problem..

    --
    DenverD (Linux Counter 282315) via NNTP, Thunderbird 2.0.0.14, KDE
    3.5.7, SUSE Linux 10.3, 2.6.22.18-0.2-default #1 SMP i686 athlon

  4. #4
    Join Date
    Aug 2007
    Location
    Utah, USA, Earth, Milky Way
    Posts
    7,502
    Blog Entries
    3

    Default Re: forum spam

    Quote Originally Posted by DenverD View Post
    ..........it seems best to revisit the idea *IF* spam (via nntp)becomes a problem..
    We have had persistent & prolific spammers in the past and I suspect we'll run into them in the future. Be assured the forum staff have tools available to deal with such things once they happen. As Marcel pointed out, the way we have things set up (Novell login on the web, not feeding outside servers on NNTP, etc. etc. ) we've minimized our vulnerability to spam as much as we can in an open system and the staff will just jump on spam when we get it. We can also take measures to block spammers once we know who they are. My advice: don't lose any sleep over it. Thanks for being concerned enough to discuss it.
    My computer always used to beat me at chess, but it is no match for me since I changed the competition to kick boxing

  5. #5
    Join Date
    Jun 2008
    Location
    Earth - Denmark
    Posts
    10,730

    Default Re: forum spam

    > Thanks for being concerned enough to discuss it.

    yep, i've seen it pretty bad..

    i wonder if the best way to report spam is by replying to it (as i
    did yesterday, and soon a mod banned the spammer) *OR* use the
    "Contact Us" at the bottom of each page..

    you know, sometimes when they poke a hole they don't just send one
    (as they seem to have lately)...sometimes a quick finger in the ****
    can save a lot heartache later....and, well i used the "Contact Us"
    link earlier today and confirmed my suspicion that it is read by a
    normally office hours kinda guy ;-) and, wonder if it is also
    monitored when s/he is off doing other stuff??

    --
    DenverD (Linux Counter 282315) via NNTP, Thunderbird 2.0.0.14, KDE
    3.5.7, SUSE Linux 10.3, 2.6.22.18-0.2-default #1 SMP i686 athlon

  6. #6
    Join Date
    Jan 2008
    Location
    U.K East Anglia
    Posts
    2,581

    Default Re: forum spam

    quicker if you use the report post button, or just p.m. a mod/admin pointing to the offending post. to see which mod/admin is available click on view forum leaders link at the foot of the page

    Andy
    To be is to do = Immanuel Kant
    To do is to be = Descartes.
    Do be do be do = Frank Sinatra

    SuSE user since 7.0,Linux user since 1994

  7. #7
    Join Date
    Jun 2008
    Location
    Earth - Denmark
    Posts
    10,730

    Default Re: forum spam

    good advice....thx.

    --
    DenverD (Linux Counter 282315) via NNTP, Thunderbird 2.0.0.14, KDE
    3.5.7, SUSE Linux 10.3, 2.6.22.18-0.2-default #1 SMP i686 athlon

  8. #8
    Join Date
    Aug 2007
    Location
    Utah, USA, Earth, Milky Way
    Posts
    7,502
    Blog Entries
    3

    Default Re: forum spam

    > quicker if you use the report post button, or just p.m. a mod/admin
    > pointing to the offending post. to see which mod/admin is available
    > click on view forum leaders link at the foot of the page


    Agreed. Denver, if a moderator is online, pinging them is probably
    quickest. If nobody is currently online, the report-a-post button emails
    all the moderators AND posts it in a private forum where mods hang out.
    FWIW.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •