I’m honestly surprised how so many spambots manage to get through the captcha system. Perhaps google’s reCaptcha will do a better job? In worst case maybe have a manual account activation by admin like some forums do?
No, reCAPTCHA was broken years ago, which is why we switched away from it. (We had a lot more spam before we switched).
Apparently Google has just come up with a new version of reCAPTCHA, though, which may be worth considering.
Keep in mind that it’s not clear that they are in fact spambots. It’s perfectly possible that they are humans who are getting paid for solving a CAPTCHA (with a service like Amazon’s MTurk), in which case there’s not much we can do.
There have also been (for years) a large number of advertisements dumped into the showcase forum (by humans, not bots) peddling generic game content not really related to Panda 3D. The showcase forum description is pretty vague, but perhaps the original intent for it was to be a place where users can share their projects made with Panda, rather than a competitor to TurboSquid. 
It has not been as bad recently, but in the past at times you would see many more advertisements than project threads on the first page, so it seems to ebb and flow.
Occasionally people have found such advertisements useful, which is why I have tolerated such threads, on the condition that they stick to only one thread per advertiser, and the offers are useful for Panda3D users specifically.
We can forbid it if people find it annoying, though.
Would an asset market subforum be useful for that?
A separate subforum is not needed if there are only 4-5 members advertising in my opinion. I don’t think this is a real issue, but creating a topic and requiring everyone to advertise only in that topic could work.
I think that would be kinda messy, the current way is fine imo, I mean there are not really many showcase threads, so a few advertisement threads can’t hurt to increase the boards activity.
Maybe we could mark the advertisement threads with a different color so everbody knows what kind of post it is?
I don’t think that will be any more messy than the way it is now: offtopic advertisement threads scattered in a showcase forum section.
But honestly, there are many other more important things to spend our time on.
I didn’t know there were things such as “MTurk”. But even then I visit variety of forums, including for other popular game engines, and they don’t seem to have this issue, so I still think there is a way to decrease the amount of spam threads. Could be just the fact that other forums have moderators as well though.
Oh, I’ve used the new reCaptcha on another forum I help manage and the number of spam accounts caught in our secondary spam filter dropped to about 1 every other week from a few tens every day.
I’ve just implemented Google’s new reCAPTCHA. I hope it helps.
Great! We’ll just have to wait and see.
Dare I say the spamthreads got worse since yesterday. cough
Using anything from Google is like using Internet Explorer.
The most attacked CAPTCHA system will be the one from the biggest player in the field.
I suggest finding the least known one and implementing that …
… or implementing your own, which is probably the best of all options in regards to bots, at least.
Though I understand that it’s just another time-waster.
So how about alternatives? A welcome thread. Posting priviledges are restricted to that thread
and only after being “enabled” one is allowed to post in other subforums and threads as well.
The downside? One has to manually approve of people.
The upsides? Bots are out, because they’re easily spottable this way and there’s only a limited set
of generic messages that will be used anyway. Humans would have to write messages,
which cuts in the $/hour, which is bad. For their employers. Which means they’ll seek different targets.
Just an idea. I know I’d try it. The point should not be to keep them out,
it should be to make it seriously unattractive to come here in the first place.
And humans won’t mind being forced to write introductory posts if they understand what it’s for.
Even I’d understand and I really hate them. xD
There were only two^Wthree new spam accounts today, one of which had already registered late September so went through the old CAPTCHA. The other did have a registration date of today, though, which is a bit discouraging.
I did try a lesser known CAPTCHA in the past - the downside with lesser known CAPTCHA is that I have to hand-code the implementation rather than there being widely available plug-ins - though I remember that being just as ineffective. It does make me think that at least some of our spammers were registered by humans.
I’m not convinced that your method would be more effective, since I’ve seen some clever techniques used by spammers in the past - they’d take replies to random posts on the forums, change up some words, and then post them again, making them look like genuine Panda developers (although sometimes a bit out-of-place). Then, some time later, they edit their posts or change their forum signature to include spam links. It’s hard to tell them apart from a human until the deed is done.
Plus, I’d prefer spending a few minutes each day manually deleting new spam users than doing something that might deter genuine people from participating in the forums.
Sophisticated bots or cheap labour … whatever is done, in the end there’s no way software can keep them out. Whiiich brings up an important question:
How they find this forum to be effective advertising space?
Or is it about “one more link on google” ?
Makes sense. In the end that’s the least amount of hassle compared to spending hours trying to figure out a way only to throw it away eventually.
Btw, have you thought about offering legit advertising space?
That might sound like a dumb idea, but if you can’t fight them, join them etc etc.
Of course, in the end they’re a minor nuisance, at least for now.
It’s not about advertising. It’s about SEO. But you’re right; I’m fairly convinced at this point we’re dealing with human spammers, not bots, which complicates the whole issue. I could start tracking which IP ranges are being used and block them, but I dislike that approach since it we have a high chance of also inadvertently blocking genuine users that way.
I’m not convinced that even if we did offer advertising space (which I’m sure would be a controversial decision, given that we are an open-source project whose servers are fully sponsored by CMU) this would act as a deterrent for spam-bots.
Ah yes… SEO. And hiding the forums from search engines is counter productive.
hm…
Honestly, I can’t count how many forums I’ve registered in and Google’s Captcha has proven to be pretty good and widely used.
I know some people are against Google’s philosophy (namely total disrespect for privacy) but you have to look at it realistically, it’s probably the best option we have right now.
You have to remember that there’s no way to know if the spambot registers automatically, or is registrered manually by a spammer. If the latter, no type of captcha will get rid of it.
So has there been only one spammer registrered after the new Captcha system? Sounds like an improvement to me.
Nah … of course there’s ways to know. The difference between a bot and a human is not a flat wall,
it’s more like two gradients which move closer and closer over time. That probs made no sense.
I’ve sent rdb a PM and suggested a few things I’d not want in public.
We all shouldn’t want that. This whole conversation shouldn’t be public, tbh.
But that’s just me taking this stuff seriously, because it’s a nice challenge.
No, several. In fact, there seems to have been no decrease in spam registrations.
I’ve kept track of the spammer details but there seems absolutely no pattern in the IP addresses whatsoever. Interestingly, though, all but one of them used a GMail account to register.
This is getting slightly out of hand.