how is 4ch spam protected?

short question: how do you protect your board from automated bot spamming? i cant see any captcha! normally, from my expirience, a board  would  be instantly spammed to death without captcha or such protective measures. but 4ch board seems to be free of those problems... how do you do that ?

Read the fucking HTML source. It's not hard to figure out.

all i can see in the html source is an added ID to some form elements. but how is that supposed to prevent some automatic form fill in - tool from spamming the forum?

<span style="display: none;width: 0px"><input name="email" type="text" /> DON'T TYPE STUFF HERE</span>

test

>>4
I'm hopeless at HTML. What does that mean?

thanks! but - this simple trick really does it? what about spammers who just ignore that hidden input field?

ahhh, interesting....

die

NO ONE SPAMS 4CHAN BECAUSE IT WOULD BE LIKE PISSING IN AN OCEAN OF PISS.  SPAMMERS ARE AFRAID OF US.  I THINK A WHOLE BUNCH OF PEOPLE ARE AFRAID OF US.

CLEARLY YOU ARE NOT AWARE OF THE "TIME" ASPECT OF THIS UNIVERSE

>>10
I thought that only applied to /b/

why spam the mother of all spam?
even the fool spammers are not that fool

>>10
We never forgive. We are a gang of hackers who hang around this secret hacker website.

>>14

/me blows up a van

>>15
via TCP/IP

>>1
PROTIP: /b/ IS FILLED WITH AUTOPOSTED BOT FAGGOTRY

YOU JUST CANT POST MOAR THAN ONCE A SECOND TO STOP FLOODING

>>18
PROTIP: FUCK OFF
PROTIP: SHUT UP
PROTIP: STICK IT UP YOUR DICK

>>18
OKAY YOU FUQIN ANGERED AN EXPERT PROGRAMMER
GODFUCKIGNDAMN
FIRST OF ALL, YOU DON'T FUQIN KNOW WHAT A MAN PAGE IS
SECONDLY, THIS IS /prog/ DO NOT DEMAND USEFUL ANSWERS THE WAY YOU WANT THEM TO BE
THIRDLY PROGRAMMING IS ALL ABOUT PHILOSOPHY AND ``ABSTRACT BULLSHITE'' THAT YOU WILL NEVER COMPREHEND
AND FUQIN LASTLY, FUCK OFF WITH YOUR BULLSHYT
EVERYTHING HAS ALREADY BEEN ANSWERED IN >>3,4,10

OF FUCK RECURSIVE QUOTING

TEATS OR GITFOH

99% of the time, hidden fields, and maybe some really simple and straightforward heuristics are all that you need. (For example: dump any message containing "[url=" or "<a href=", or any message containing the same text in more than one of the fields -- a lot of spambots just fill in the same text in every field, because they generally suffer from amazingly clumsy programming.)

That's really all it takes. I've been running a board for over a year, and have yet to see one single successfully posted spam message since I added these checks. Stupidly obvious or not, spammers haven't bothered to adapt to this technique yet.

For a while, I logged the IP address and post data (just the form field text, no attached files) for every foiled spambot attempt. The logfile would take up more than a megabyte *per day*.

Captchas are a stupid way to prevent spam. They're easier to break than one might expect (have a look at PWNtcha), and they do more to annoy legitimate posters than to curb spam. Simple tactics like adding a hidden field are just as effective and don't get in the way of normal posting. About the only thing they're useful for is slowing down flooders, and a "delete all posts and ban IP" button -- even as short a ban as 15-30 minutes -- is still more effective.

>>22
SHHHHHH!!!!

Captchas are a stupid way to prevent spam.
If spammers can't be bothered to circumvent dummy fields, why would they try to circumvent captchas?

Like you say, captchas help slow flooding. Some of us other board admins don't live to moderate the boards. It's sink or swim, &c.

(also, proxies)

>>24
Proxy checker and a list of known proxy IPs. I don't live to moderate my board either; I just have other measures in place. (And, another simple check -- which most boards already have -- is a post delay, which also helps to slow posting down. All the captcha is doing if you have a post throttling mechanism is keeping the flooders busy while their time window resets.)

I'm not saying that the average spammer is *going* to circumvent captchas. All I'm suggesting is, why go to the trouble of implementing a captcha system when tossing a dummy field and two if statements in the code will accomplish essentially the same effect?

>>25
I had forgotten about the proxy detection system Wakaba has. It's supposed to be rather air-tight. Had any complaints?

I guess with automated backup that'd be workable, although there's still certain (more involved) workarounds.

>>26
Wakaba just executes a unix program to check for proxies.

>>23

you have the most coherent ID in all of /prog/
congrats

[spoiler]y[i]o[spoiler]u[spoiler] [sup]h[sup]a[i]v[sup]e[spoiler] [sup]t[b]h[spoiler]e[spoiler] [sub]m[i]o[i]s[spoiler]t[sub] [sup]c[sub]o[spoiler]h[spoiler]e[i]r[sub]e[i]n[b]t[spoiler] [sup]I[i]D[sup] [spoiler]i[sup]n[spoiler] [b]a[b]l[sup]l[sub] [sup]o[b]f[spoiler] [b]/[i]p[i]r^{og/
c_{ongrats
[/i][/spoiler][/sup][/sup][/i][/sup][/spoiler][/sup][/b][/spoiler][/spoiler][/i][/i][/spoiler][/spoiler][/spoiler][/i][/sub][/i][/spoiler][/sup][/i][/sup][/spoiler][/sup][/spoiler][/b][/b][/sup]}[/sup][/b][/i][/i][/sup][/b][/spoiler][/sub][/b][/sub]}[/sub][/sub][/spoiler][/spoiler]

[b]y[sup]o[sub]u[b][sup]h[sup]a[i]v[i]e[i][i]t[i]h[sup]e[sup][sub]m[spoiler]o[b]s[i]t[b][spoiler]c[sub]o[i]h[b]e[spoiler]r[sup]e[spoiler]n[sup]t[b][sup]I[b]D[sub][b]i[sub]n[b][i]a[spoiler]l[sup]l[sub][spoiler]o[spoiler]f[b][sub]/[sub]p[i]rog^{/_{congrats[/sup][/sub][/b][/sup][/sup][/i][/i][/i][/i][/sup][/sub][/b][/i][/b][/spoiler][/sub][/i][/b][/spoiler][/spoiler][/sup][/b][/sup][/b][/b][/sub][/b][/i][/spoiler][/sub][/spoiler][/b]}[/sub][/i][/b]}[/sub][/spoiler][/sup][/sub][/sup][/spoiler][/sup][/i]

_{y^{ouhavethemostcoherentIDinallof/prog/congrats}}

>>27
Uh, yes. That didn't answer my question.

I don't care how it does it. Does it cause problems?

>>32
If you have a shitload of open ports, it might give you a false positive. Solution? Don't use condoms with holes in them.

But the best, simplest method I've come up with is simply leaving everything disabled until someone comes along and tries to spam the board. Then ban the IP. He knows how to use a proxy? Get your continually-updated known proxy and tor node lists and run them through the banpanel. (After doing that, use a bit of SQL to delete all posts by currently banned IPs that were made within the last 'n' minutes. Much simpler than deleting the posts by hand.) Still having problems? Turn the proxy checker on. STILL getting flooded? Well then, you have a first-class hate machine... then enable the captcha, increase the time-between-posts to something like 5 minutes, and keep your finger on the ban button.

This way, the average user doesn't have to deal with captchas at all, unless they're really and truly necessary, anyone using a proxy legitimately is only minimally inconvenienced, and as an added bonus, you'll get a nice fat collection of proxy IPs for future reference. If they come back later and discover that you've gone back to normal operating mode, all you'll need to do is re-add those IPs to the ban list. Chances are, they'll try the same proxies again.

>>33
Uh... that sounds like far more effort than I'm willing to put up with, plus it leaves the board hosed in the meantime (I only check every few days since it's well-behaved).

Thanks for the details though. I'll think about it.

Ban 0.0.0.0/0.  Keeps shit real quiet.

>>35
except a netmask of 0 matches nothing, nubcakes

sucks to crack such an unfunny joke and then even fuck ip up

You just wanted to reply to 9   1 trillion an?

>>1,37
Oh, the irony.