hahahaahhaa

human spam monkeys!!!!!!

hahahahahaaha

ahhh that was good.
my laugh for today...

hm...
if they are indeed mainly human spam monkeys (snicker guffaw)
then is there any possible way we could create an electrical feedback loop across the web to their keyboard...and fry them dead where they are siting in their underwear.
Possible?
Are we there yet where we can do such wizardry?

Or at the very least...
automatic counter spamming ...
they do have to give an email address...
sooooo...
just completely overwhelm them in spam...
or MAS as I like to call it...
Mutually Assured Spam.....

There has to be something akin to the old "BlackIce" counter (terror) mal programming at our disposal ...
I never believed in reactionary action...I've always believed in being proactive...
Why run and hide or try to block at our inconvenience?
It has never worked successfully for anyone ...ever...
I say set up automation so that once spam has been identified..
automatically the harassment begins...

God I loved blackice....it was good.
Especially loved the ability to report malicious activity and users to federal authorities with the click of a button....
ah the good old days...

Spammers most probably use disposable email addresses.

There are many websites that provide such addresses, the address or mails in them are automatically deleted after certain amount of time.
eg: 10minutemail.com

Ironically such services were built to beat spams.

Another idea would be instead of a captcha to use a set of standardized questions, like "which command do you type to get root on the N900?" (answer: "sudo gainroot") and such. Obviously one time when registering.

This would require some effort, but even for new users who have a genuine interest in joining the community but lack the knowledge it would motivate them to search for the answers, which is always a good thing in any forum.

Costs nothing, protects from "spam monkeys" and encourages the right attitude in a forum

Very good idea.

First off, I want to thank xes and everyone else who puts in their free time to keep TMO running.

I don't want this to sound like a complaint but I do think it's unacceptable that a site like TMO is blocking Tor access. This is not your average internet community. Many TMO users hold freedom and privacy values in high regard. Blocking Tor exit node IP addresses completely disregards these two values. Whilst it might be reducing spam and other attacks, it is potentially blocking legitimate new users who may have otherwise made a valuable contribution to our community if they could only access this site.

I'm not totally convinced that TMO spam is manually posted by humans. These days I don't tend to open spam threads but the ones that I have seen here could have easily been posted by a bot.

Most of the spam that I have seen here contains a hyperlink in the first post from the spam account. One anti-spam measure which has been suggested before (but not in this thread) would be to block posts containing links from new users until a minimum age/post/thank limit has been reached.

CAPTCHA solutions have been known to help but it's already been stated how they are an annoyance to legitimate users. A good compromise might be to only challenge users with CAPTCHA if they are accessing the site from a Tor IP address. This is actually quite a common practice that some CDNs use on Tor users.

I'm not saying that xes should be the one to implement all of this. I think this should probably go to the council to discuss a way forward.

they are not blocking tor specifically, just malicous ip addresses, some of which happen to be tor exit nodes,

for those who wish to use tor i think a hidden service is the way to go,
xes does not want a tor node on the infrastrusture, which i think is fair enough
so:

does the tor node need to be on the infra, or can someone host it elsewere, it looks like some kind of port foward?

would a hidden service work for the existing setup ( static.maemo.org for example may cause issues )

Indeed. The downside of Tor is that many abuse the anonymity.

The problem I have with allowing Tor only through a hidden service is accessibility. A Tor hidden service would only help existing members or those who know of its existence. A potential new community member who uses Tor, who happens to stumble onto TMO via the regular domain name will still be blocked and won't necessarily go searching for the .onion hidden service.

I think you guys are missing the point here - and discussing stuff without any knowledge.

To give you some:

1. Anyone accessing has to pass our firewall
2. Anyone accessing has to pass our IP-filter
3. New registrations need to pass Stopforumspam
4. New registrations need to pass all other sorts of checks in forms, do math and so on
5. Newcomers need to fill a current google captcha and pass akismet's filtering until the 6th post
6. Proxied IPs are demasked if possible, public proxies get listed in blacklists too.

The blacklist is there to prevent mass-registrations by farms, the registrations are scripted and a pool of minions just solves math and captchas and what else.

No forum upgrade what so ever will let us get rid of the blacklist, what it might get rid of is the now frequent single link single post spam we have for a couple of weeks now. Last patch was applied yesterday btw.

this is a valid issue, but as things stand now, unless someone suitable stands up with enough time on their hands to upgrade the forum software and other bits, to allow for better and smarter spam control that may be a compromise we need to make.

as an aside do you think advising them that a .onion exists on a "your ip is blocked" page would be enough?

ps: the setup of the *.maemo.org sites may make a .onion unsuitable anyway (mutiple domains/servers?, one page)