Difference between revisions of "Handling Spam Reports"

From Dreamwidth Notes
Jump to: navigation, search
(Membership in the Anti-Spam Team)
(Syntax for granting privs (for Anti-Spam leads))
 
(36 intermediate revisions by 8 users not shown)
Line 1: Line 1:
Let's get to know your friendly spam reports system. (This tutorial assumes that you have the [[Support Privileges]] siteadmin:spamreports and sysban:talk_ip_test. If you do not have these, you will not be able to access the pages mentioned in this tutorial. Any user is welcome to request membership to the Anti-Spam team.)
+
Let's get to know your friendly spam reports system. This tutorial will get you started with how to identify and block spammers. To avoid catching legitimate users with our spam-fighting efforts we only force spammers to answer a CAPTCHA before posting or commenting.  We can do more than this, of course, if necessary...
  
=The basics!=
+
To fight spam you will need some [[Privileges]].  Specifically, you will need [http://www.dreamwidth.org/admin/priv/?priv=siteadmin&viewarg=spamreports siteadmin:spamreports] and [http://www.dreamwidth.org/admin/priv/?priv=sysban&viewarg=talk_ip_test sysban:talk_ip_test].  To get these privs talk to the wonderful anti-spam TL's - contact information at the end of this tutorial.
  
* Load the [http://www.dreamwidth.org/admin/spamreports.bml Spam Reports] page. 
+
=Our Definition of Spam=
* In another tab or window, load the [http://www.dreamwidth.org/admin/sysban.bml Sysban] page.
+
  
* From the Spam Reports page, pick the Top 10 by IP Address report.  
+
For our purpose, spam is defined as bulk unsolicited commercial messages -- like the crap that shows up in your email.  This includes things like penis enlargements, fake diplomas, and the like.  If a post is gibberish/content clearly copied from somewhere else with an unintelligible link, treat it as spam. "Testing"/reputation-building content from spammers, when identifiable as such, should be reported as spam.  
  
The Top 10 by IP Address report gives the number of spam reports about this IP address, the IP address, and the date and time of the most recent report linked to a copy of the most recent comment reported as spam for this IP address.
+
Things that are annoying but not spam include:
  
* Open the link for any spam report.
+
* Double-posts of the same comment from someone you know
* Review the information in the spam report. Spam is often painfully obvious.
+
* A nasty anonymous comment
 +
* The several thousand comments from someone you used to get along with but don't anymore
 +
* Someone breaking a community's rules
  
* If, in your opinion, the comment in question is spam, move to the Sysban page.  
+
Reports of non-spam will be closed without action. Repeated reports of non-spam from the same source may result in temporary or permanent loss of spam-reporting ability for that account.  
  
* On the Sysban page, pick 'talk_ip_test' and click Add New.
+
If you are uncertain if something is spam, or it doesn't fall under the classic definition of spam, file a support request in the Anti-Spam category.  
* The Sysban Management page loads.
+
* In the Value field, enter the IP address from the spam report.
+
* Pick a Duration of Forever.
+
* Enter a Note that indicates that the IP address is that of a spammer. Creativity in spammer sysban notes is encouraged.
+
* Click the Add button.
+
* You will most likely get the message "Ban successfully added." unless someone has beat you to them, in which case you will get "Ban not valid: This is already banned".
+
** (Click the Return to Sysban Page button to do it all over again.)
+
  
* Move back to the Spam Reports page. Click the 'Close All' button.
+
Sometimes comments that are not spam and weren't intended to be marked as spam will be submitted accidentally.
** If for any reason you have made a mistake, a 'Go Back' link is available. Otherwise, use the 'Front Page' link to return to the [http://www.dreamwidth.org/admin/spamreports.bml Spam Reports] page, or otherwise return to the Top 10 by IP Address page to do another.  
+
  
 +
=Getting Started!=
  
* If the spam report is not spam, close the report without sysbanning the IP address.  
+
==Training==
 +
See the entries in the training tag: http://dw-antispam.dreamwidth.org/tag/training (members-locked)
 +
These entries contain a partial simulation of the system with examples of situations you may encounter.  
  
=About Sysban:talk_ip_test=
+
==Important Pages==
 +
* Load the [http://www.dreamwidth.org/admin/spamreports.bml Spam Reports] page.
 +
* From the Spam Reports page, pick the Last 10 Reports View.
 +
* If you want to, you can also load the [http://www.dreamwidth.org/admin/sysban.bml Sysban] page, but it's no longer necessary to use this.
  
The sysban:talk_ip_test command does not completely block the IP address from accessing Dreamwidth. It forces all people and bots connecting to Dreamwidth from this IP address to correctly fill out a CAPTCHA. Ideally, bots will then fail this test, while humans will succeed, so you need not fear accidentally blocking a user, only annoying them.
+
The Top 10 report gives the number of spam reports about an IP address, OpenID, or Dreamwidth account. Also logged are the IP address and the date and time of the most recent report, as well as the comment that was marked as spam.
  
 +
==Identifying Spam==
 +
* Open the link for any spam report.
 +
* Review the information in the spam report. Spam is often painfully obvious, but if you have any questions, do not hesitate to consult a TL.
 +
* If you believe the comment in question is spam, proceed.
 +
 +
==Eliminating Spammers==
 +
* Make sure the report is spam, and that it is not already sysbanned.
 +
* At the bottom of the report, check the box to create a sysban for the IP address.
 +
* Your username and the timestamp that you loaded the page are already recorded in the notes. You may leave as-is, or add a comment (informative or witty).
 +
* Click the button to close all and sysban.
 +
* Proceed to the next report.
 +
 +
===Old Method===
 +
* On the Sysban page, pick 'talk_ip_test' and click Add New.  The Sysban Management page will load.
 +
* In the Value field, enter the IP address from the spam report.
 +
** Copy/Paste is your friend to avoid errors and to speed up the process.
 +
* Set duration to Forever - no mercy!
 +
* Indicate the date that you are entering the ban, preferably with the time of day down to the minute in UTC/GMT (server time). (If there isn't a handy quick way for you to enter that, the 'Report Time: ' from the most recent report will do.
 +
* Enter a note that indicates that the IP address is that of a spammer. Creativity in spammer sysban notes is encouraged for the amusement of the team.  Also sign your note with your DW username, such as "~ invisionary".
 +
* Click the Add button.
 +
* You will most likely get the message "Ban successfully added."
 +
** If someone has beat you to them, you will get "Ban not valid: This is already banned".
 +
** If for any reason you have made a mistake, a 'Go Back' link is available, which will show you the IP address you were just dealing with.
 +
 +
* Click the Return to Sysban Page button to do it all over again.
 +
* Back on the Spam Reports page click the 'Close All' button to close all open reports on the IP/user.
 +
* Use the 'Front Page' link to return to the [http://www.dreamwidth.org/admin/spamreports.bml Spam Reports] page, or otherwise return to the Top 10 by going back and refreshing your browser.
 +
 +
==Special Cases==
 +
* If the spam report is not spam (as defined by this tutorial), close the report without sysbanning.
 +
* If the IP address or username is already sysbanned, check the timestamp from when it was sysbanned as compared to when the comment was left. If the comment was left before the sysban, close. If the comment was left after the sysban, see [http://dw-antispam.dreamwidth.org/2000.html dw_antispam] (locked to members). If it is already listed as a known evader, just close the report, and tell someone if we get lots of them.
 +
* If an OpenID user is spamming, alert a team lead and leave the report open.
 +
* If a Dreamwidth user is spamming (actual spam, not non-spam), copy all of the information from the Spam Reports page and create an Anti-Spam Support Request.  The most common form of spam from registered users is SEO spam.  Leave the report open until a team lead handles it.
 +
 +
=About Sysban:talk_ip_test=
 +
 +
The sysban:talk_ip_test command does not completely block the IP address or account from accessing Dreamwidth. It forces all people and bots connecting to Dreamwidth from that IP address/with that username to correctly fill out a CAPTCHA when commenting. Ideally, bots will then fail this test, while humans will succeed, so you need not fear accidentally blocking a user, only annoying them.
  
 
=Membership in the Anti-Spam Team=
 
=Membership in the Anti-Spam Team=
  
The current head of the Anti-Spam Team is <dwuser>azurelunatic</dwuser>. Please apply to Miss Lunatic if you would like to work towards eradicating spammers from the face of Dreamwidth by repeatedly carrying out one of the most monotonous and thankless tasks you've done outside of data entry.  
+
The current Anti-Spam Team Lead is <dwuser>azurelunatic</dwuser>. Please fill out the survey in <dwcomm>dw_antispam</dwcomm> if you would like to work towards eradicating spammers from the face of Dreamwidth by repeatedly carrying out one of the most monotonous and thankless tasks you've done outside of data entry.  
  
 
While membership on the Anti-Spam team does not require a Non-Disclosure Agreement, use discretion with the information contained in spam reports. Do not share any potentially sensitive information such as telephone numbers, addresses, et cetera, that may be found in them.  
 
While membership on the Anti-Spam team does not require a Non-Disclosure Agreement, use discretion with the information contained in spam reports. Do not share any potentially sensitive information such as telephone numbers, addresses, et cetera, that may be found in them.  
  
The syntax to grant the necessary privs is:  
+
There is a community for spamfighters - join us at <dwcomm>dw_antispam</dwcomm>!
 +
 
 +
The anti-spam team has #dreamwidth-antispam registered on [[IRC]] - we are Azz there.
 +
 
 +
In #dreamwidth-antispam, you can find DWSpamBot, which announces new spam and when the spam queue has been cleared. It can also tell you what's in the queue with the command "SpamBot: spam".
 +
 
 +
==Syntax for granting privs (for Anti-Spam leads)==
 +
 
 +
 
 +
The syntax to grant the necessary privs on the [http://www.dreamwidth.org/admin/console console] is:  
 
priv grant siteadmin:spamreports,sysban:talk_ip_test <em>username</em>
 
priv grant siteadmin:spamreports,sysban:talk_ip_test <em>username</em>
  
The anti-spam team can probably be convinced to hang out on [[IRC]]; last known channel devoted to the purpose was #dw_spamreports.
+
==Useful Links==
 +
;Closed Reports by IP : http://www.dreamwidth.org/admin/spamreports.bml?mode=view&by=ip&what=xxx.xxx.xxx.xxx&state=closed
 +
 
 +
[[Category: Antispam]]

Latest revision as of 19:16, 12 September 2015

Let's get to know your friendly spam reports system. This tutorial will get you started with how to identify and block spammers. To avoid catching legitimate users with our spam-fighting efforts we only force spammers to answer a CAPTCHA before posting or commenting. We can do more than this, of course, if necessary...

To fight spam you will need some Privileges. Specifically, you will need siteadmin:spamreports and sysban:talk_ip_test. To get these privs talk to the wonderful anti-spam TL's - contact information at the end of this tutorial.

Our Definition of Spam

For our purpose, spam is defined as bulk unsolicited commercial messages -- like the crap that shows up in your email. This includes things like penis enlargements, fake diplomas, and the like. If a post is gibberish/content clearly copied from somewhere else with an unintelligible link, treat it as spam. "Testing"/reputation-building content from spammers, when identifiable as such, should be reported as spam.

Things that are annoying but not spam include:

  • Double-posts of the same comment from someone you know
  • A nasty anonymous comment
  • The several thousand comments from someone you used to get along with but don't anymore
  • Someone breaking a community's rules

Reports of non-spam will be closed without action. Repeated reports of non-spam from the same source may result in temporary or permanent loss of spam-reporting ability for that account.

If you are uncertain if something is spam, or it doesn't fall under the classic definition of spam, file a support request in the Anti-Spam category.

Sometimes comments that are not spam and weren't intended to be marked as spam will be submitted accidentally.

Getting Started!

Training

See the entries in the training tag: http://dw-antispam.dreamwidth.org/tag/training (members-locked) These entries contain a partial simulation of the system with examples of situations you may encounter.

Important Pages

  • Load the Spam Reports page.
  • From the Spam Reports page, pick the Last 10 Reports View.
  • If you want to, you can also load the Sysban page, but it's no longer necessary to use this.

The Top 10 report gives the number of spam reports about an IP address, OpenID, or Dreamwidth account. Also logged are the IP address and the date and time of the most recent report, as well as the comment that was marked as spam.

Identifying Spam

  • Open the link for any spam report.
  • Review the information in the spam report. Spam is often painfully obvious, but if you have any questions, do not hesitate to consult a TL.
  • If you believe the comment in question is spam, proceed.

Eliminating Spammers

  • Make sure the report is spam, and that it is not already sysbanned.
  • At the bottom of the report, check the box to create a sysban for the IP address.
  • Your username and the timestamp that you loaded the page are already recorded in the notes. You may leave as-is, or add a comment (informative or witty).
  • Click the button to close all and sysban.
  • Proceed to the next report.

Old Method

  • On the Sysban page, pick 'talk_ip_test' and click Add New. The Sysban Management page will load.
  • In the Value field, enter the IP address from the spam report.
    • Copy/Paste is your friend to avoid errors and to speed up the process.
  • Set duration to Forever - no mercy!
  • Indicate the date that you are entering the ban, preferably with the time of day down to the minute in UTC/GMT (server time). (If there isn't a handy quick way for you to enter that, the 'Report Time: ' from the most recent report will do.
  • Enter a note that indicates that the IP address is that of a spammer. Creativity in spammer sysban notes is encouraged for the amusement of the team. Also sign your note with your DW username, such as "~ invisionary".
  • Click the Add button.
  • You will most likely get the message "Ban successfully added."
    • If someone has beat you to them, you will get "Ban not valid: This is already banned".
    • If for any reason you have made a mistake, a 'Go Back' link is available, which will show you the IP address you were just dealing with.
  • Click the Return to Sysban Page button to do it all over again.
  • Back on the Spam Reports page click the 'Close All' button to close all open reports on the IP/user.
  • Use the 'Front Page' link to return to the Spam Reports page, or otherwise return to the Top 10 by going back and refreshing your browser.

Special Cases

  • If the spam report is not spam (as defined by this tutorial), close the report without sysbanning.
  • If the IP address or username is already sysbanned, check the timestamp from when it was sysbanned as compared to when the comment was left. If the comment was left before the sysban, close. If the comment was left after the sysban, see dw_antispam (locked to members). If it is already listed as a known evader, just close the report, and tell someone if we get lots of them.
  • If an OpenID user is spamming, alert a team lead and leave the report open.
  • If a Dreamwidth user is spamming (actual spam, not non-spam), copy all of the information from the Spam Reports page and create an Anti-Spam Support Request. The most common form of spam from registered users is SEO spam. Leave the report open until a team lead handles it.

About Sysban:talk_ip_test

The sysban:talk_ip_test command does not completely block the IP address or account from accessing Dreamwidth. It forces all people and bots connecting to Dreamwidth from that IP address/with that username to correctly fill out a CAPTCHA when commenting. Ideally, bots will then fail this test, while humans will succeed, so you need not fear accidentally blocking a user, only annoying them.

Membership in the Anti-Spam Team

The current Anti-Spam Team Lead is [info]azurelunatic. Please fill out the survey in [info]dw_antispam if you would like to work towards eradicating spammers from the face of Dreamwidth by repeatedly carrying out one of the most monotonous and thankless tasks you've done outside of data entry.

While membership on the Anti-Spam team does not require a Non-Disclosure Agreement, use discretion with the information contained in spam reports. Do not share any potentially sensitive information such as telephone numbers, addresses, et cetera, that may be found in them.

There is a community for spamfighters - join us at [info]dw_antispam!

The anti-spam team has #dreamwidth-antispam registered on IRC - we are Azz there.

In #dreamwidth-antispam, you can find DWSpamBot, which announces new spam and when the spam queue has been cleared. It can also tell you what's in the queue with the command "SpamBot: spam".

Syntax for granting privs (for Anti-Spam leads)

The syntax to grant the necessary privs on the console is: priv grant siteadmin:spamreports,sysban:talk_ip_test username

Useful Links

Closed Reports by IP 
http://www.dreamwidth.org/admin/spamreports.bml?mode=view&by=ip&what=xxx.xxx.xxx.xxx&state=closed