Difference between revisions of "Handling Spam Reports"

From Dreamwidth Notes
Jump to: navigation, search
(Our Definition of Spam)
(Special Cases)
Line 63: Line 63:
 
* If the IP address or username is already sysbanned, check the timestamp from when it was sysbanned as compared to when the comment was left. If the comment was left before the sysban, close. If the comment was left after the sysban, see [http://dw-antispam.dreamwidth.org/2000.html dw_antispam] (locked to members). If it is already listed as a known evader, just close the report, and tell someone if we get lots of them.  
 
* If the IP address or username is already sysbanned, check the timestamp from when it was sysbanned as compared to when the comment was left. If the comment was left before the sysban, close. If the comment was left after the sysban, see [http://dw-antispam.dreamwidth.org/2000.html dw_antispam] (locked to members). If it is already listed as a known evader, just close the report, and tell someone if we get lots of them.  
 
* If an OpenID user is spamming, alert a team lead and leave the report open.  
 
* If an OpenID user is spamming, alert a team lead and leave the report open.  
* If a Dreamwidth user is spamming, copy all of the information from the Spam Reports page and create an Abuse/ToS Support Request.  This could either be a spammer who got an invite code or be a sign of a hijacked accountDo not otherwise touch the report.  Also let <dwuser>azurelunatic</dwuser> or <dwuser>invisionary</dwuser> know.
+
* If a Dreamwidth user is spamming (actual spam, not non-spam), copy all of the information from the Spam Reports page and create an Anti-Spam Support Request.  The most common form of spam from registered users is SEO spamLeave the report open until a team lead handles it.
  
 
=About Sysban:talk_ip_test=
 
=About Sysban:talk_ip_test=

Revision as of 23:10, 21 January 2013

Let's get to know your friendly spam reports system. This tutorial will get you started with how to identify and block spammers. To avoid catching legitimate users with our spam-fighting efforts we only force spammers to answer a CAPTCHA before posting or commenting. We can do more than this, of course, if necessary...

To fight spam you will need some Privileges. Specifically, you will need siteadmin:spamreports and sysban:talk_ip_test. To get these privs talk to the wonderful anti-spam TL's - contact information at the end of this tutorial.

Our Definition of Spam

For our purpose, spam is defined as bulk unsolicited commercial messages -- like the crap that shows up in your email. This includes things like penis enlargements, fake diplomas, and the like. If a post is gibberish with an unintelligible link, treat it as spam.

Things that are annoying but not spam include:

  • Double-posts of the same comment from someone you know
  • A nasty anonymous comment
  • The several thousand comments from someone you used to get along with but don't anymore
  • Someone breaking a community's rules

If you are uncertain if something is spam, or it doesn't fall under the classic definition of spam, contact [info]azurelunatic and [info]invisionary for assistance.

Sometimes comments that are not spam and weren't intended to be marked as spam will be submitted accidentally.

Getting Started!

Training

See the entries in the training tag: http://dw-antispam.dreamwidth.org/tag/training (members-locked) These entries contain a partial simulation of the system with examples of situations you may encounter.

Important Pages

  • Load the Spam Reports page.
  • From the Spam Reports page, pick the Last 10 Reports View.
  • If you want to, you can also load the Sysban page, but it's no longer necessary to use this.

The Top 10 report gives the number of spam reports about an IP address, OpenID, or Dreamwidth account. Also logged are the IP address and the date and time of the most recent report, as well as the comment that was marked as spam.

Identifying Spam

  • Open the link for any spam report.
  • Review the information in the spam report. Spam is often painfully obvious, but if you have any questions, do not hesitate to consult a TL.
  • If you believe the comment in question is spam, proceed.

Eliminating Spammers

  • Make sure the report is spam, and that it is not already sysbanned.
  • At the bottom of the report, check the box to create a sysban for the IP address.
  • Your username and the timestamp that you loaded the page are already recorded in the notes. You may leave as-is, or add a comment (informative or witty).

Click the button to close all and sysban.

  • Proceed to the next report.

Old Method

  • On the Sysban page, pick 'talk_ip_test' and click Add New. The Sysban Management page will load.
  • In the Value field, enter the IP address from the spam report.
    • Copy/Paste is your friend to avoid errors and to speed up the process.
  • Set duration to Forever - no mercy!
  • Indicate the date that you are entering the ban, preferably with the time of day down to the minute in UTC/GMT (server time). (If there isn't a handy quick way for you to enter that, the 'Report Time: ' from the most recent report will do.
  • Enter a note that indicates that the IP address is that of a spammer. Creativity in spammer sysban notes is encouraged for the amusement of the team. Also sign your note with your DW username, such as "~ invisionary".
  • Click the Add button.
  • You will most likely get the message "Ban successfully added."
    • If someone has beat you to them, you will get "Ban not valid: This is already banned".
    • If for any reason you have made a mistake, a 'Go Back' link is available, which will show you the IP address you were just dealing with.
  • Click the Return to Sysban Page button to do it all over again.
  • Back on the Spam Reports page click the 'Close All' button to close all open reports on the IP/user.
  • Use the 'Front Page' link to return to the Spam Reports page, or otherwise return to the Top 10 by going back and refreshing your browser.

Special Cases

  • If the spam report is not spam (as defined by this tutorial), close the report without sysbanning.
  • If the IP address or username is already sysbanned, check the timestamp from when it was sysbanned as compared to when the comment was left. If the comment was left before the sysban, close. If the comment was left after the sysban, see dw_antispam (locked to members). If it is already listed as a known evader, just close the report, and tell someone if we get lots of them.
  • If an OpenID user is spamming, alert a team lead and leave the report open.
  • If a Dreamwidth user is spamming (actual spam, not non-spam), copy all of the information from the Spam Reports page and create an Anti-Spam Support Request. The most common form of spam from registered users is SEO spam. Leave the report open until a team lead handles it.

About Sysban:talk_ip_test

The sysban:talk_ip_test command does not completely block the IP address or account from accessing Dreamwidth. It forces all people and bots connecting to Dreamwidth from that IP address/with that username to correctly fill out a CAPTCHA when commenting. Ideally, bots will then fail this test, while humans will succeed, so you need not fear accidentally blocking a user, only annoying them.

Membership in the Anti-Spam Team

The current Anti-Spam Team Leads are [info]azurelunatic and [info]invisionary. Please contact either of us if you would like to work towards eradicating spammers from the face of Dreamwidth by repeatedly carrying out one of the most monotonous and thankless tasks you've done outside of data entry.

While membership on the Anti-Spam team does not require a Non-Disclosure Agreement, use discretion with the information contained in spam reports. Do not share any potentially sensitive information such as telephone numbers, addresses, et cetera, that may be found in them.

There is a community for spamfighters - join us at [info]dw_antispam!

The anti-spam team has #dreamwidth-antispam registered on IRC - we are Azz and skrshawk there.

In #dreamwidth-antispam, you can find DWSpamBot, which announces new spam and when the spam queue has been cleared. It can also tell you what's in the queue with the command "SpamBot: spam".

Syntax for granting privs (for Anti-Spam leads)

The syntax to grant the necessary privs on the console is: priv grant siteadmin:spamreports,sysban:talk_ip_test username

Useful Links

Closed Reports by IP 
http://www.dreamwidth.org/admin/spamreports.bml?mode=view&by=ip&what=xxx.xxx.xxx.xxx&state=closed