Life is as tedious as a twice-told tale
Vexing the dull ear of a drowsy man;
And bitter shame hath spoil’d the sweet world’s taste
That it yields nought but shame and bitterness William Shakespeare, “King John”, Act 3 scene 4, c. 1595
In my previous article—Before the dawn of the beginning—we looked at some of the problems with crowdfunging for Joomla—not just to provide a source of income for the Joomla! 4 project but also the problems that proposals for crowdfunding the project will cause. This topic continues my story about how I arrived at the decision to build this websiteMuch of the material for this article is sourced from my comments on the Joomla! forum posted about a month ago..
I love the Joomla! forum. I love the questions that are asked; I learn much from the questions, comments, opinions, thoughts that people have about Joomla. The Joomla! forum provides me both with information as well as with a source of entertainment … regardless of whether I agree or disagree with other people’s views.
Like most people, I don’t like junk: I don’t like non Joomla-related advertising or discussions that veer widely off-topic that we forget why we use the forum; nuisances … spam!
Every day we see a dozen or more spam posts at the Joomla! forum. I’m not talking about other people’s forums—yours or mine: I’m talking about the Joomla! forum.
The Joomla! forum moderators do a fine job. They’re not thanked for what they do (and I think that’s disappointing that they’re not thanked) but it’s a full-time job. The forum moderators who are active on the forum (i.e. they’re there most days) are mostly located in Europe (or within a few hours’ travel from Europe) and, obviously, they can’t monitor every discussion (in every language) that appears on the forum. They rely on us forum users to advise them when we see something that is amiss and to report instances of forum abuse. The forum abuse has to occur before they can act.
This article investigates the cause of problems at the Joomla! forum and suggests some ways to address them.
Where does the spam come from?
Almost all of the spam originates from fake user accounts created by ’botsI am not going to explain how these registration ’bots work. It does not take too much effort to search the internet—particularly among the dozens of black hat hacker websites that exist—to see how they work. phpBB-based forums (and their derivatives) appear to be a particular favourite target for these groups.. After these fake accounts are registered, human actors use those accounts—sometimes immediately, sometimes days or weeks afterwards—to post their garbage. Some forum junk is posted automatically by non-human actors (i.e. spam ’bots) specifically designed to advertise products, services or scams.
As evidence of this, since the Joomla! forum website was created on 12-Aug-2005, there are now 733,939 forum accountsas at 27-Aug-2019. That is, 5,128 days since that website was created, on average over 140 accounts are created every day (or, roughly, 1 account per 10 minutes) in that time.
Less than one forum account in every ten is actually used to post a message on the forum. That is, 90% of all forum accounts never visibly interact with the forum or they’re used to post junk.
What prevents fake account registration?
There isn’t a high bar to overcome to create a forum account: you just need an email account, fill in a couple of text boxes, click the CAPTCHA and you’re done. The forum rules state that email addresses used with account registration must be legitimate (i.e. disposable addresses are not allowed) but there’s no mechanism to verify that an email address exists or that it’s not one of those “disposable” ones.
CAPTCHA does not prevent registration ’bots. If it did prevent non-human means of account registration then we would not see 1 account registrations/10 minutes.
IP blocking doesn’t work, either. This is because many automated registration agents use fast-flux DNS networks.
“Stop forum spam”/heuristic algorithms don’t work either because, in the time it takes for honeypot farming to identify one source, hundreds of other sources are created. It’s a losing battle trying to keep pace with the wave of spam sources; it’s like trying to play a game of whack-a-mole.
Is it a problem for the Joomla! forum?
It depends on which side of the fence you live. I can’t speak for the Joomla! forum management team; it may not be a problem for team members. I only speak for myself and for the few people who have added their support in seeking an answer. We think it’s a problem, even if other people may disagree. I’m simply providing feedback about the Joomla! forum and one of the problems that we have with it.
How does the Joomla! forum deal with spam?
At the moment, there is only one mechanism for “taking out the garbage”. The garbage needs to be brought to the attention of forum moderators (by using the forum “Report this post” feature) and, when moderators next visit the forum (which could be several hours later), wait for the moderators to deal with reports of spam. However, there is not a 100% consistent approach in the way that all forum moderators handle the reported posts: to their credit, most forum moderators delete the spam posts and block the forum account(s) used to create it; some forum moderators do not block the offending forum account; to our dismay, some forum moderators do neither (especially in the international/foreign-language forums that are infrequently or irregularly monitored).
Can the problem be resolved?
Well, it largely depends on whether the Joomla! forum management team agrees that there’s a problem in the first place. It may also depend on whether there are other mechanisms in the [phpBB] forum software that can counteract the success of registration ’bots in being able to bypass CAPTCHA and use disposable email addresses, etc. It also depends on a will by the Joomla! forum managers to do something about it. These are questions that I cannot answer.
A potential cause for further concern is not having enough forum moderators so that the Joomla! forum can be monitored continuously, instead of monitoring the forum about 50% of the time. Recruiting additional forum moderators to the Joomla! forum is not an easy task, either. Why would people volunteer their time to undertake this task when there are few rewards and have to endure the tedium of performing the same “garbage collection” duties day-in-day-out? So, unless the Joomla! forum management team is prepared to implement additional mechanisms to prevent the continual scourge of fake/spam accounts being created, we—users of the Joomla! forum—will have to suffer the constant bombardment of the Joomla! forum with all its junk posts.
Again, these are questions that I cannot answer.
Summary
I would like to know if the forum management team have any plans to address the issues I have raised.
There’s still more to come in my next article.
