Dealing with possible bots in the forums
-
I appreciate the product, the support team and those kindly sharing high quality information here in the forums. Thank you all!
I have some comments/questions regarding how an average reader like me might be able to help dealing with suspected bots.Background
Recently I noticed two mentions of bots:
Suspected bot #1
@girish said in Database Access & Backups?:
@sarah-white are you a bot?
This one seemed obviously off. Maybe not a bot per say, but someone playing ChatGPT.
@micmc pointed this out in Database Access & Backups?:Sounds much like replies produced by asking ChatGPT to me!
The user and posts have been removed. Good. But the time spent by staff and readers will never come back. And anyone hitting that thread will see 3 posts about the bot.
Suspected bot #2
@girish said in can't login via ssh after fresh 7.5 install:
valid point but I think [this user] is a bot
This didn't appear to me to be a bot, but I can see the concern with new users replying to an old thread.
Again we see the staff lost some valuable time and future readers will see the remnants of this. There is definitely a cost to all of us.Question
Is there anything that we can do to help out here?
(Joining the conversation about whether a reply is from a bot will leave clutter in that thread for future users.)Would flagging a suspected user or post help? I have never done that.
Anything else we can do to keep this great?
-
I appreciate the product, the support team and those kindly sharing high quality information here in the forums. Thank you all!
I have some comments/questions regarding how an average reader like me might be able to help dealing with suspected bots.Background
Recently I noticed two mentions of bots:
Suspected bot #1
@girish said in Database Access & Backups?:
@sarah-white are you a bot?
This one seemed obviously off. Maybe not a bot per say, but someone playing ChatGPT.
@micmc pointed this out in Database Access & Backups?:Sounds much like replies produced by asking ChatGPT to me!
The user and posts have been removed. Good. But the time spent by staff and readers will never come back. And anyone hitting that thread will see 3 posts about the bot.
Suspected bot #2
@girish said in can't login via ssh after fresh 7.5 install:
valid point but I think [this user] is a bot
This didn't appear to me to be a bot, but I can see the concern with new users replying to an old thread.
Again we see the staff lost some valuable time and future readers will see the remnants of this. There is definitely a cost to all of us.Question
Is there anything that we can do to help out here?
(Joining the conversation about whether a reply is from a bot will leave clutter in that thread for future users.)Would flagging a suspected user or post help? I have never done that.
Anything else we can do to keep this great?
@kymj8 said in Dealing with possible bots in the forums:
Would flagging a suspected user or post help? I have never done that.
yes.
We already have a post queue for new posts. But sometimes the posts are ambiguous and it's not clear whether someone is a bot or not.
-
If you’re old enough and lucky enough to have been around when everyone you chatted with online was 18F, then you know you need to take things with a grain of salt. This thread ended up doing exactly what you were trying to prevent, waste staff time. Let the staff handle things as they see fit. They’ve been doing an awesome job so far. No need to overthink things or butt in. Been there, done that. I learned to let things be. Not trying to attack you. Just my 2c.
-
If you’re old enough and lucky enough to have been around when everyone you chatted with online was 18F, then you know you need to take things with a grain of salt. This thread ended up doing exactly what you were trying to prevent, waste staff time. Let the staff handle things as they see fit. They’ve been doing an awesome job so far. No need to overthink things or butt in. Been there, done that. I learned to let things be. Not trying to attack you. Just my 2c.
@humptydumpty said in Dealing with possible bots in the forums:
Sorry. I am not sure what 18F is or the point you are trying to make here:
If you’re old enough and lucky enough to have been around when everyone you chatted with online was 18F, then you know you need to take things with a grain of salt.
Chat? I check the Support category to be aware of any issues that others are reporting that I might also experience. Like the two I referenced:
I try to understand the isssue and scroll down quickly to see the solution or status.
This thread ended up doing exactly what you were trying to prevent, waste staff time. Let the staff handle things as they see fit. They’ve been doing an awesome job so far.
I posted my question here in the Off-topic category. I got an affimative answer.
And I got this:
No need to overthink things or butt in. Been there, done that. I learned to let things be. Not trying to attack you. Just my 2c.
You lost me again here. Sorry.
Anyway, I value everyone's time: staff, mine and anyone coming along in the future. Do you read through most support topics?
Question for anyone: Is there a reason not to just delete the chat with and about bots to reduce the noise and help people understand issues or find solutions quicker? In the forums I manage I delete anything totally off-topic. It seems to be appreciated. -
Most people I know with office jobs sound like bots
-
kymj8 sound a lot like a bot - way too many grammatically correct sentences
Everyone’s a suspect!
BTW: called it in January
-
Forum staff could consider setting up a honeypot on the forum to catch bots:
Here are some tips for creating effective honeypot posts to catch bots on a forum:
- list itemMake the post title and content generic - Use common keywords bots may search for like "free," "deals," "offers," etc. But keep the content vague.
- Hide the post from normal users - Use CSS to hide the post or place it in an unlinked, obscure category. Legit users should not see it.
- Disable comments on the post - Bots may try to automatically comment on posts with links. Disable comments to further hide it.
- Include links to dummy sites - Bots may crawl links, so link to a fake domain you own or a page that logs access attempts.
- Monitor traffic sources - When the honeypot post gets activity, check referer headers to identify the traffic source and block those IPs/bots.
- Use obscure keywords - Pepper the post with uncommon keyword combinations that seem real but unlikely to be searched by humans.
- Publish at odd hours - Bots may crawl at night when human activity is low. Posting at 3am may smoke them out.
- Update dynamically - Change the post title and content periodically to keep attracting new bots. The activity will help identify patterns.
- Ban users who interact - Any user accounts that view, comment on, or otherwise interact with your honeypot post are very likely bots.
- The goal is to make the post attractive to bots but invisible to real humans. Any engagement with it signals suspicious automated activity you can then block.
-
Quick search. This may or may not be of interest or already being used:
https://www.npmjs.com/package/nodebb-plugin-spam-be-gone -
Quick search. This may or may not be of interest or already being used:
https://www.npmjs.com/package/nodebb-plugin-spam-be-gone@marcusquinn said in Dealing with possible bots in the forums:
Quick search. This may or may not be of interest or already being used:
https://www.npmjs.com/package/nodebb-plugin-spam-be-goneThat plugin uses Google, so I hope it isn't used on this forum.
