Ask HN: 2 karma minimum to lock out spam bots
I just flagged two submissions that were blatant spam, both submitted by accounts created two seconds before the post.
Wouldn't a 2 point karma minimum to url submission and voting fix a lot of spam posts? For legitimate users it's pretty easy to get one upvote on a comment and as a nice bonus it would raise the chance that the user has a basic grasp of community values.
For spam bots OTOH it's impossible to submit links before they get one upvote and it's impossible to upvote themselves before they get one upvote. I think that it effectively locks them out.
48 comments
[ 4.8 ms ] story [ 143 ms ] threadSome variant of this method might work to circumvent such a policy; find a similar thread, pick a comment from it, and post it, perhaps? It might only work 20% of the time, but that's good enough to get some spam accounts with URLs approved.
Of course this would all take effort, and might be enough to lock out a lot of would-be spammers, or at least convince them to go somewhere else.
Spammers are crafty...
10+ would be nicer, anyone truly interested in HN would understand why! :)
It turned out (based on IP address analysis) that the accounts were being created by humans in the Philippines and then handed over to spammers in Dubai. Ah globalization...
If you have an efficient spam vector, it's not unusual to see low-wage humans manipulating the system to get around captcha.
Yeh they can use a ton of proxies to get round that but I bet it cuts the account creation right down.
And it shouldnt affect 99.999999% of "real" users.
The better thing to do is to simply notice what they're doing and flip the IsSpammer bit on all those new accounts (including the first one.) That way you can correctly classify any content they may post from those accounts in the future.
Probably both have merits but I am inclined to agree yours is the better way :D
So at least one of them has to say something that the original community finds useful. And if he/she does manage to upvote his friends, those upvotes will generally be cancelled out by the community (not because they are fighting spam, but because they don't agree with the upvote)
For instance, they'd employ Markov Chains to re-hash comments in a post, or from older posts, or from the text of the article.
One thing I've learned: spammers don't give up. If you give them an easy way to submit that's even easier for you to clean up, that's better than starting an all-out war that'll just increase the spam content and make it more difficult to filter out.
Your points suggest that my utopia-philic thinking is probably less useful than accepting that some clean up is just a necessary overhead (cf: "Eternal vigilance is the price of liberty."). Thank you.
Surely there are easier ways of getting 30 hits.
We don't have to make an unbreakable system, just one that makes us less profitable than the rest of the internet.
"To see naked pictures of Marissa Mayer, please type the words below into the box."
The best you can do is allow the post to go thru and make it appear to the spammer that they have succeeded. Let them view their post on the homepage and go away with a nice warm feeling of satisfaction, secure in the knowledge that they don't need to improve their algorithm at all for this site.
It's pretty straightforward to modify your display mechanism to include spam posts if and only if they originate from the same IP address as the viewing client.
I implemented this on Blogabond, and it had two positive effects: My Spam corpus is growing at a faster rate (thus making it more effective), and the sophistication level of the average attack has dropped sharply.
Since this site was built by Mr Bayesian himself, it never occurred to me that it might have weak spam filtering.
I read the cons on this suggest, but what about turning the approach just around: Keep the spam in by default, just the folks with higher karma get the spam filtered out? That way, the successfully submitted spam could not only be verified from the original source but also from every other node of, say, a bot net.
+1 for captcha for users under certain karma level. +1 for 2 karma to be eligible to post urls.
By the way there is no reason to pick these thresholds out of thin air - presumably one can look at say the karma distribution of link submitters and figure out what the highest threshold that would inconvenience the least number of people is. For example, I would be truly surprised if 95% of stories were not submitted by people with a karma of 5 or more.
Second, the idea that puzzle-solving-ability is somehow closely related to interesting/insightful writing is specious. People are smart in different ways, and as a programmer myself, the kind of smart that I want most is the kind I don't have, which is often not the problem-solving kind.
All that having been said, I'm not against a captcha. I just don't think it'd be delightful and I don't believe that it'd somehow raise the quality of posts around here (beyond from removing some spam).
eg, what's LV + IV? Answer has to be given in latin numerals, too.
We could ask for a basic derivative (for example, of a polynomial), or the value of 'x' in a simple algebraic equation x+5 = 2x + 10
This would probably be very effective at limiting the growth rate of HN, too.