# Have the forums been rendered unviable?



## Fallowfox (Jun 8, 2016)

The relentless attacks from east-asian spam bots, which are filling up the forums with spam threads and virulent hyperlinks, will have surely caused many people, dim enough to click on random links, to infect their computers with viruses and malware by now. 

The spam, furthermore, can sometimes make the site completely unusable; on some days the number of pages of spam can exceed 100 in a single subforum. 

This prompts me to wonder whether the forums have been so badly compromised that they need to be taken offline until the problem is fixed. It is not responsible or fair to subject random visiting guests to the possibility of virulent infection.


----------



## Somnium (Jun 8, 2016)

I think the anti-virus software should stop these viruses from spreading.


----------



## Samandriel Morningstar (Jun 8, 2016)

Anti-virus programs can only do so much.
Some viruses/malware and so on have been programed to disable anti-viruses/firewalls and all that and make them completely unusable so they can fully infect the computer in question without
so many hurdles to go over.


----------



## Fallowfox (Jun 8, 2016)

Samandriel Morningstar said:


> Anti-virus programs can only do so much.
> Some viruses/malware and so on have been programed to disable anti-viruses/firewalls and all that and make them completely unusable so they can fully infect the computer in question without
> so many hurdles to go over.



Furthermore not all guests who browse this forum will have proper anti virus software installed anyway. 

While there is an ongoing problem with virulent spam on the forums, it may be best that they are closed, to preclude the possibility of spreading the infections.


----------



## Samandriel Morningstar (Jun 8, 2016)

Fallowfox said:


> Furthermore not all guests who browse this forum will have proper anti virus software installed anyway.
> 
> While there is an ongoing problem with virulent spam on the forums, it may be best that they are closed, to preclude the possibility of spreading the infections.



Exactly,and I agree totally.
It'll save some unsuspecting people,or just generally unprepared people a lot of money on possible repairs if it gets that bad.


----------



## Ahkrin Descol (Jun 8, 2016)

I find the spam bots somewhat useful, if I click new posts the actual thread titles stand out more so I don't accidentally miss good threads.


----------



## Wither (Jun 8, 2016)

It sounds like we're putting down a sick dog. 
I'm okay with this.


----------



## Willow (Jun 8, 2016)

I'm going to preface this with the fact that I do not claim to fully understand the intentions of the staff or the nature of this attack, and that this viewpoint comes solely from my viewpoint as a [former] user of this forum and several others

the fact that it takes the staff so long to stop these attacks kind of makes me feel like they don't really care all that much about keeping the forums up and running. I'm sure someone will say that that's certainly not the case but then...why did it take almost two months to stop this last attack? these bots aren't any different from bots that infect any other big forum, yet FAF seems to be the only forum that seems to have this problem frequently. granted this was a pretty big attack, but it probably could have been easier to manage had the staff not let it sit and pile up for so long. 

if it's a problem of not having enough active staff, then they need to bring on more people who _can_ help deal with it

if it's a problem with the forum's security, then like you said, taking the forums offline again to fix the problems will probably be helpful too

it that doesn't work, the last option would be to find a different host with better security or better security tools to deal with spam, that is if these forums are really that important to Dragoneer. because it really isn't fair to users that they have to dig through so much spam just to find actual threads


----------



## ijoe (Jun 8, 2016)

Can't someone just throw together a script to detect the URL strings the spambots keep using and auto-delete their posts after five minutes?
So far I've only seen a few unique ones.


----------



## Kellan Meig'h (Jun 8, 2016)

As an Admin on several other sites, I know this can only be stopped with some rather egregious methods. Like blocking the entire Asia/China IP range for one.

A lesser but still effective method is to approve one at a time all new users. www.stopforumspam.com is commonly used to look for potential spammers but sometimes, just by the users info, such as a random letter user name, email to one country and IP from another, that is the cue. Banish them before they can post.

As it is, this forum is being rendered useless by these Korean(?) jack wagons. Last night, the board was essentially fooked, totally unusable in several sub-forums. As much as I don't need extra things to occupy my time, I'm willing to take on Mod status here, just to keep the board up. I do not like spammers one bit.

If this persists, I'm sad to say, I'm out of here. Having to scroll through dozens of pages to find a real post doesn't appeal to me.


----------



## Willow (Jun 8, 2016)

and just like that, it begins again

I'll pray for you guys


----------



## jayhusky (Jun 9, 2016)

Offers of modship have been put forward toward staff and @Dragoneer repeatedly, yet "things" apparently have been done to prevent the spam, but as far as I can see, it has had little to no effect, I do beg the question why FA moved from the vBulletin software it was previously using (which had almost 0% spam) to the Xenforo software which has had torrential attacks of the stuff.

Furthermore I doubt anything will actually happen until such a time as the forums do ultimately collapse into a peddling market for annoying hyperlinks and threads that all have the same title. 

I'm not attempting to be unfair toward the staff, but it really does seem as if since the forums went down and then were finally brought back, that the overall care for it has waned to non-existent.

Personally I would like to know that if it is the long term plan of anyone in a "power position" of FA, as to if the forums are to be left to die or if they are actually to be nurtured and made a viable part of the community, as FA prided itself on its status as the largest most diverse furry community website many years ago, it seems that ethos has just been pushed under the carpet and forgotten about.


----------



## Willow (Jun 9, 2016)

jayhusky said:


> Offers of modship have been put forward toward staff and @Dragoneer repeatedly, yet "things" apparently have been done to prevent the spam, but as far as I can see, it has had little to no effect, I do beg the question why FA moved from the vBulletin software it was previously using (which had almost 0% spam) to the Xenforo software which has had torrential attacks of the stuff.


every once in awhile vBulletin would have attacks, but the old FAF had actual mods who would ban them. I'm guessing that the reason they switched to this software though is because Dragoneer didn't have the license for it. 




> I'm not attempting to be unfair toward the staff, but it really does seem as if since the forums went down and then were finally brought back, that the overall care for it has waned to non-existent.
> 
> Personally I would like to know that if it is the long term plan of anyone in a "power position" of FA, as to if the forums are to be left to die or if they are actually to be nurtured and made a viable part of the community, as FA prided itself on its status as the largest most diverse furry community website many years ago, it seems that ethos has just been pushed under the carpet and forgotten about.


honestly Dragoneer and the staff abandoned the forums years ago before it went down. that's why it always seemed like there was a huge gap in the furries from the mainsite and the ones who were here.

it would have been a lot better if they'd just brought it back for support because this...it's really bad


----------



## Deleted member 82554 (Jun 9, 2016)

Wither said:


> It sounds like we're putting down a sick dog.


The sick dog was already put down and it was raised from the dead. There just ain't no killing it.


----------



## jayhusky (Jun 9, 2016)

Willow said:


> every once in awhile vBulletin would have attacks, but the old FAF had actual mods who would ban them. I'm guessing that the reason they switched to this software though is because Dragoneer didn't have the license for it.



Ok, granted, no forum software is impervious to attack and yes the former staff were "on the ball" much more than the current staff. 
I grant the current staff have other jobs and pretty much all the staff here are volunteers and aren't paid as such, but the actual staffing here on the forums is terribly lacking.



Willow said:


> honestly Dragoneer and the staff abandoned the forums years ago before it went down. that's why it always seemed like there was a huge gap in the furries from the mainsite and the ones who were here.
> 
> it would have been a lot better if they'd just brought it back for support because this...it's really bad



I must confess, I see dragoneer less and less around the forums, and I grant you he is likely tied up with the email backlog from the attack last month, but even the other staff are somewhat missing.

I'd personally offer my help as a mod, but on a strictly non-nda, (No Non-Disclosure Agreement) basis, I personally would not want to be told what I cannot say or reveal about the spambots (Giving country location and number of connections, but nothing that would identify an individual or company and/or jeopardise their welfare/integrity), and If I was purely deleting spam threads and tidying up spam accounts, I really don't see the need for one in the first place, even personally identifiable information (email addresses and the like, the choice to show it is often left to the individual user anyway). I don't expect to be asked to help, the offer is there, but terms need to be mutually beneficial and not heavily one-sided.


----------



## Kellan Meig'h (Jun 9, 2016)

My current Admin positions are Non-NDA. When I send spammers packing, I don't disclose squat about them. Don't need to. An NDA is to protect the owners, really. It's nothing about the forum or site, it's just a way for when the owners get their panties in a twist. The owners can send you packing and you're bound by that NDA to not disclose why they sent you down the road, irregardless to the reason.

I'm pretty sure this site is headed to Zombie status. I should have my head examined for this but I'm going to stay and see if it gets better around here.


----------



## ArielMT (Jun 9, 2016)

This forum once had a team of volunteers who gave a minute or two of their time scattered throughout the day, every day, to banning the spammers who somehow successfully registered, before the forums could be overwhelmed with half a thousand new spam threads a day.

If the half of forum staff who are in any way active logged in more than once or twice a week or turned on forum report email notifications, then they could clean the spam very nearly as soon as anyone noticed it posted.  If the current forum admins configured and tuned the anti-spam features already at hand, then even that load would be lightened.


----------



## Kellan Meig'h (Jun 10, 2016)

Just turn on New User Moderation. Yeah, so a legitimate user has to wait to use the board but it does stop the spam.

Board is becoming unusable again. Spammers are back.


----------



## Samandriel Morningstar (Jun 10, 2016)

Kellan Meig'h said:


> Just turn on New User Moderation. Yeah, so a legitimate user has to wait to use the board but it does stop the spam.
> 
> Board is becoming unusable again. Spammers are back.



If users had to be verified here by staff members that are barely here to begin with,they'd be screwed.
Email verification may be a better idea for that.


----------



## jayhusky (Jun 10, 2016)

ArielMT said:


> This forum once had a team of volunteers who gave a minute or two of their time scattered throughout the day, every day, to banning the spammers who somehow successfully registered, before the forums could be overwhelmed with half a thousand new spam threads a day.
> 
> If the half of forum staff who are in any way active logged in more than once or twice a week or turned on forum report email notifications, then they could clean the spam very nearly as soon as anyone noticed it posted.  If the current forum admins configured and tuned the anti-spam features already at hand, then even that load would be lightened.



I remember when you were a Admin/Mod here and while I didn't agree with some of the steps the team took at the time, the speed and efficiency of nuking spam and tidying up content that shouldn't have been, was excellent, to say the least.

Personally I've become so fed up with all the spam, I only read the threads I'm actually subscribed to, I skip straight past the index and straight to notifications.
(If you want the link its 

```
https://forums.furaffinity.net/account/alerts
```
Just change your bookmarks to that and then you don't see the spam on the homepage anymore.

I'm pretty sure numerous people have offered some form of help, but the calls keep going unanswered. 



Kellan Meig'h said:


> Just turn on New User Moderation. Yeah, so a legitimate user has to wait to use the board but it does stop the spam.
> 
> Board is becoming unusable again. Spammers are back.



True new user moderation would be a good idea, even some form of lockdown system where posts cannot be over 90% similar? Boilerplate posting etc.
Someone must have cleaned up since I was last here though, can't see much spam right now (though its probably lurking somewhere.



Samandriel Morningstar said:


> If users had to be verified here by staff members that are barely here to begin with,they'd be screwed.
> Email verification may be a better idea for that.



Hmm, well if the staff would accept some new staff members, I'm sure a small team could actively process new users. perhaps two factor verification?

1) the user registers and much verify the account via email in order to use it
2) First 5 posts are automatically moderated and only once they have been approved can the user post freely.
But i do wholly agree, things need to change here.


----------



## Kellan Meig'h (Jun 10, 2016)

Samandriel Morningstar said:


> If users had to be verified here by staff members that are barely here to begin with,they'd be screwed.
> Email verification may be a better idea for that.


AFter some searching, it would seem the bots have figured a way around email verification. Whether by automation or what, they can verify themselves through email. New Member Verification, Q&A, fill out a randomly placed field with an answer that might be presented as a gif image,  and use stopforumspam blacklist seem to be the recommended methods.

Looks like some cleanup was done but our friends are back. If it were me, I would go to New User Verification.


----------



## Yukkie (Jun 10, 2016)

I've said before, having some kinda thread-creating-limit of sorts (like 5 each day) would be helpful in slowing them down. Wouldn't stop them, but yeah. Because what kinda _actual_ person would make over ten threads in one day? Dunno, makes sense to me. But I honestly have no clue, would that even be possible in the first place?


----------



## ArielMT (Jun 10, 2016)

As recently as the IMVU acquisition, this forum had a spam filtering form of new user moderation: Anything that looked remotely like spam within the first five posts of a new user was automatically placed in the post moderation queue.  (I'm pretty sure it was still there right up to the mass resignations, split, and shutdown.)  Although it caused us to have to, most frequently, approve new users' replies to their own Introductions threads, it caught more spam than most of you would've realized if not for the current problem.  I can't remember if it was something Carenath, Arshes, or Surgat set up, but it was pretty early on in the forum's history, back when it ran on vBulletin.


----------



## jayhusky (Jun 10, 2016)

Yukkie said:


> I've said before, having some kinda thread-creating-limit of sorts (like 5 each day) would be helpful in slowing them down. Wouldn't stop them, but yeah. Because what kinda _actual_ person would make over ten threads in one day? Dunno, makes sense to me. But I honestly have no clue, would that even be possible in the first place?


I don't see why it couldn't be done, Xenforo uses PHP and MySQL, so it wouldn't be too hard to write a plug-in for the forum which checks the users ID as well as how many threads they have made in the same day, the only trick would be negiotating the count at the midnight handover as it could allow 10 threads to be made in the space of 5 minutes. For example the 5 allocated ones at 23:59 on 01/01/2016 and 5 more at 00:04 on 02/01/2016 (01/02/2016 in the US date format.)



ArielMT said:


> As recently as the IMVU acquisition, this forum had a spam filtering form of new user moderation: Anything that looked remotely like spam within the first five posts of a new user was automatically placed in the post moderation queue. ............ I can't remember if it was something Carenath, Arshes, or Surgat set up, but it was pretty early on in the forum's history, back when it ran on vBulletin.



I think it was Surgat (although I could be wrong), I remember something being posted by that account relating to that particular feature, and as far as my memory serves, Arshes and Carenath were often busy with moderation of the forums overall (cleaning out spam, locking threads on request, bans etc).
Heck I even remember when the forums ran MyBB, back when it had its own domain too.


----------



## ArielMT (Jun 10, 2016)

jayhusky said:


> Heck I even remember when the forums ran MyBB, back when it had its own domain too.


Your memory is longer than mine.


----------



## jayhusky (Jun 10, 2016)

ArielMT said:


> Your memory is longer than mine.


Been around here since '07, so I've seen a lot of stuff come and go.


----------

