Everything in a Democracy has its Flaws, but If it Ain't Broke, Don't Fix it!!!
I say, IMHO Just Leave it alone.
B_T

I respect your opinion but I believe that the site is broke. It wasn't me but one of our more vigilant members who brought up the issue. I really don't mind getting the spam reports and dealing with them (if another mod hasn't gotten to them first- which is usually the case.) But if this security breach results in someone having their computer trashed I think it is a problem. Or if it gets us listed as a Malicious Site by browsers or search engines.

These spambots are not that smart. They usually give stock replies prompted by certain words scanned in posts. Asking them questions like "Why do you want to join Music Electronics Forum?" should separate the wheat from the chaff.

One of the first computer games I got for my Tandy EX-1000 was built around artificial intelligence. As I recall it was called ELIZA named after one of the first AI games which was developed in the 60's:

ELIZA - Wikipedia, the free encyclopedia

According to the Forum page we have 21,224 members of which 1,074 are active. If the powers that be eventually decide to implement some sort of vetting process for new members it shouldn't affect all of the existing members who have been vetted by the passage of time (unless there are "sleepers" ready to attack when their master gives the word. )

Steve Ahola

P.S. Hmmm... I think I may have spotted another 'bot who joined yesterday and made just one post with no spam link. Could I get a second opinion on this? (I don't mind nonhuman members unless they start posting crap links.)

http://music-electronics-forum.com/t28514/

Who Knows, we may all be Spam Bots, living under a Secret Identity!
T

One of our more vigilant members- no, not a vigilante!- just reported the following post as a possible 'bot (no spam at this time)

OTL Amp

Since the original question was posted, we have gotten more of these mysterious guests. So what is their game???
On one hand it could be completely benign like a computer student/fanatic just seeing if he can program a 'bot that can join forums and start threads and post replies. In the past I would give them the benefit of the doubt since that fits in with the DIY vibe of this forum.
However on the other hand their intentions could be malicious and once they have joined and made a few innocuous posts they might deliver their payload whatever it might be. (I have a hunch that many forums are watching out for 'bots that join and immediately dump their load.)

Steve Ahola

P.S. I guess I could send a PM to both of these suspected 'bots and welcome them to the Forum.

Well let's not confuse separate issues. Spambots may be annoying, but as you mentiion, they also were not at fault for the malicious site warning. SO let's not bring up the malware issue when talking about the spambots. The "security breach" of spambots is not the threat to anyone's computer. The malware is far more likely to come via those google ads striping the page tops.

SO if someone actually reviews all new applicants, how does that stop hackers? If I want to screw with your computer, all I have to do is get a free hotmail account, join up the forum, and once accepted as a real human, I could post some links to entrap the innocent, and move on to the next forum.

Yup. The last time I did it I used the screen name "Enzo".

The fact that spambots were not responsible for the Malicious Site warning here last November does not mean they couldn't do it in the future. I suspect that malicious links have been posted here by 'bots but they were not found during two separate visits by the web spider bots scouring the internet which I believe is a requirement before a site gets the Malicious label that the search engines use, perhaps due to the vigilance of some of the members here who report spam whenever they find it.

So what would be the payoff for such a hacker? It seems like a lot of trouble just to attack a small forum like ours (~21k total members but ~1000 active members.***) The point of spambots is to attack thousands of forums, the more the merrier. I think that most forums these days are using Turing tests like CAPTCHAs for member applications to help protect against spambot attacks. (I think that the payoff for malicious 'bots is to turn computers into zombies which then launch their own 'bot attacks without the user knowing it.)

Maybe I'm an alarmist but I see the Web getting more and more dangerous every day. What used to be playful pranks is now a very serious business. There are thugs out there trying to screw you up, just like wandering around the bad part of town late at night. While it may seem like I am over-reacting I think that it is better to be safe than sorry. And yes, I am not one to fight to the death defending the status quo. Don't worry- I really doubt that things will change here until a lot more people ask for them.

From the Wikipedia entry on Internet bots:

The most widely used anti-bot technique is the use of CAPTCHA, which is a type of Turing test used to distinguish between a human user and a less-sophisticated AI-powered bot, by the use of graphically encoded human-readable text.

Here is more from that page:

Malicious purposes

Another, more malicious use of bots is the coordination and operation of an automated attack on networked computers, such as a denial-of-service attack by a botnet. Internet bots can also be used to commit click fraud and more recently have seen usage around MMORPG games as computer game bots. A spambot is an internet bot that attempts to spam large amounts of content on the Internet, usually adding advertising links.

There are malicious bots (and botnets) of the following types:

* Spambots that harvest email addresses from internet forums, contact forms or guestbook pages
* Downloader programs that use up bandwidth by downloading entire web sites[citation needed]
* Web site scrapers that grab the content of web sites and re-use it without permission on automatically generated doorway pages[clarification needed]
* Viruses and worms
* DDoS attacks
* Botnets / zombie computers; etc.
* File-name modifiers on peer-to-peer file-sharing networks. These change the names of files (often containing malware) to match user search queries.
* Automating the entry of internet sweepstakes or instant win games to get an advantage
* Automating tasks on promotional web sites to win prizes
* Votebots which automatically cast votes for or againsts certain forms of user-contributed content such as videos on Youtube or reader comments on blog pages.

Steve Ahola

*** I think that most of the 20k members who are not active members joined to try to resolve a specific problem related to music and electronics. Once they got their answer (or didn't!) they probably never came back to visit or hang out.

I was just thinking that we could have an entire subforum for the various 'bots who have become members here. Let them chatter back and forth at each other to their heart's content (or should that read "to their CPU's content?") Perhaps we could label their forum the Chatterbox (Humans need not apply!)

Steve Ahola

We (human members) must be allowed to at least look though. It would be funny as hell to watch the bots prattle on and praise each others input when nothing is being said...

"I like this post. It is very accurate."

"You are right. Now I see it is easy."

"This is a smart thing to say."

"It's good to have a forum like this."

Exactly! I think that it would be more entertaining than anything on the TV.

While having dinner tonight the perfect solution popped into my head addressing everybody's concerns in this thread, something that is completely non-invasive: we need to fight fire with fire!

Why wait for the web spiders to find crap on our site? We need our own spider bots constantly examining all of the links that are posted here. They would operate in a "sandbox" so if they did land at a malicious site it would cause no damage to the computer running the bot. I think that whenever that technology is developed it should be available to all forums at a reasonable price (if not altogether free.) I think that any member could run the bot program since it would be following the same links that we all see so its not like it would add to the burden of our fearless leader, tboy.

FWIW I have posted an image of my favorite logon screen with a very user-friendly human/bot test:



Members are logged out automatically when they leave the site but it is very easy for me to log back on, with Firefox remembering my username and password and a user friendly Turing test. I guess if the 3 languages didn't cover it there could be a drop-down box with more languages listed.

Contrast that with my health plan logon which uses oddball code and will not allow Firefox to remember the username or password which I have to type it in manually every time. Quite often it doesn't work to paste in the uname or pword work so you have to type it in. And you are logged out automatically after 20 minutes of inactivity. (The 20 clock minute would be ticking away while composing a PM to my doctor- a dialog box would pop up warning that you would be disconnected but after clicking on it your PM would disappear in the ether.) I know that our medical records need to be very private but it is harder to log on to my health plan website than it is to logon to my bank!

Steve

Is this another 'bots with no payload? I guess we could call them dudbots...

http://music-electronics-forum.com/t28650/#post252345

The person who reported that to staff suggested that changes may have already been made to the software here which prevents new members from posting links in their signature and/or in the text of the post. That makes more sense than having hackers sending in "sleeper" bots waiting for the command to attack from their master.

Steve Ahola

I was wondering if maybe they were testing smilie usage. I could be completely wrong, but don't recall seeing bots using smilies before recently.

Omigawd- the 'bots found my stash of Quaaludes!

here's another new member who agrees with me (an obvious impossibility!)

Project guess what?