Tuesday, 22 January 2013

  • Fighting splogs, and some proposed tweaks to the registration process

    Hey guys -

    We've been getting hit pretty hard by spam blogs lately, aka splogs. A lot of the times the sploggers will just create a site and then... do nothing. Most of the account don't try to spam anyone; instead, they just sit there with a link in their profile. We have shut down a lot of these so-called "splogs", but they just keep coming.  The worst part of splogs is that they are created in such a way that they are slowing down our themes database. As a result, some of our REAL users are having trouble creating accounts or editing their theme  

    To help address this, we're looking into ways that we can prove that our new users are actually real people. We already have a CAPTCHA in place, but apparently there are now companies in China and India that do nothing but hire humans to defeat CAPTCHA tests.  We've tried a number of technical fixes, but a lot of times the technical fixes prevent real users from being able to register accounts. :(

    So we've had to switch gears a bit.  After some brainstorming, we've come up with a few new ways we can try and prevent these humans-for-hire from creating fake accounts: 

    1) AUTHENTICATE USERS FOR FREE: When someone is signing up for an account, we could ask them to authenticate to an outside account (say from Facebook or another login system with strong anti-spam controls - open to suggestions).
    2) ACTIVATE USERS FOR PREMIUM: When someone is signing up for an account, we could also allow them to activate their new Xanga site if they paid for a Premium account.

    Either way, commenting would still work as usual: as always, commenters could comment through the usual means of:

    * Signing into an existing Xanga account
    * Signing in to comment through Facebook/Twitter
    * Commenting anonymously on your posts (if you've enabled that)

    We are hopeful that this combination of approaches should help cut down massively on the amount of splogs created, and allow us to restore peace and harmony to our Themes database.

    But before we went ahead with this, we wanted to check with you guys.

    What do you guys think of our adding additional checks and controls to the registration process for new bloggers? Please let us know!

Related Posts

Comments (167)

  • Keep at the good work, Xanga Team. You're all awesome :)

  • A difficult problem. Thank you for soliciting comments before making changes. Maybe you could follow the Craigslist approach where they send an email to the address on file with a link authenticating a requested to Post. It seems to work for them.

  • I have several IRL friends who like to view my site (which is on sign-in lock), but do not want to post blogs themselves. Some of them do not have FB or other sites from which to log in to Xanga. How would they be accommodated?

  • Send out Liam Neeson to take care of these people.

  • Keep up the good work.   I like the approach by gayinUS of email authenticating before activating an account.  
  • I also like the email authentication, or the website one. No wonder I had such trouble creating this account! Keep up the good work, xanga! I've seen a couple of these fake accounts and have been spammed by them, myself!

  • Excellent and Ty for doing all of the work you do to keep this one of the best blogging communities on the web.

  • The deleting is a good thing.  But, requiring another site is not fair.  I trust xanga w/my personal data, but not places like FB, and I like being able to keep my online identities relatively separate. 

    That said, could you hire people to defeat the people who are hired to defeat captcha?  It could be a real growth industry in china/india.  :)

  • You guys are doing a great job!

  • What's wrong with good old fashioned email authentication?

    User clicks to register, inputs desired username and email, email is sent for authentication,link is clicked, user is sent to setup process with captcha.

  • As for 1.)PLEASE DO NOT DO THAT. The one great thing about Xanga is that you can be here secretly.
    as for 2.) DO YOU MEAN IF YOU EVER WANT TO BE A MEMBER YOU MUST

    PAY

    ? That sounds even more awful. Who would want to sign up then?? ..and I desperately long for a few new faces.

    You don't need to crack the nut with a sledgehammer. E-mail authentification would help I think. Start with that. It's extremely easy to sign up for Xanga right now. A few clicks more, and maybe one of these annoying number/letter combination passwords (skype sends them when you first sign up I think) would keep people from acting so quickly.

    However I should possibly add that I also just lurked around for a year or so before I created my first (very active) account. Only with an account you can make friends and see sign-in sites, and get a REAL taste of Xanga.

    Assuming you want to 'attract' real users while shutting splogs out: if I were you and it's somehow possible, I'd let them sign in for a "trial account" that automatically gets shut down after a week, UNLESS they verify it with what I suggested above. Otherwise just the first suggestion. Just my ideas.

  • Great work Xanga.


    Why do people want to  spam Xanga and other websites.   
  • The splogs just sit there, right?
    No activity, no sign in, no commenting, etc?

    Shutting them down after a week of no activity doesn't fix the themes problem as the ppl are constantly making new sites, but an email authentication and only one account per email being allowed doubles the work of the sploggers, as they have to create a new email for every new site. The added hassle may de-incentivize them

  • CAPTCHA is necessary as it at least does force spammers to spend more money bypassing security measures.

    Email verification could help. Several common email services already have safeguards to prevent automated account creation, so limiting one xanga blog per email could force spammers onto less common mail services which may be easier to detect and block. It would at least require them to do more work, and the impact it would have on most users should be minimal.

    What if.. new users were unable to include hyperlinks until they've been around a week or so and racked up enough "credits" to verify they're here for legitimate purposes (I say credits, but it could be an internal counter like credits invisible to the user)? The threshold wouldn't have to be high because I doubt spammers are going to stick around long enough to make actual contributions, and if they try to automate content generation.. heuristics to detect/rate limit abnormal commenting might be able to help, as would an easy method for users to flag obvious spam. Spammers (and even legitimate new users) could always get around clickable links in human readable ways,
    but it would at least limit any advantage spammers have with using xanga
    in SEO-based attacks.

  • Sounds like a good idea to me.

  • how is facebook or twitter a

    strong authentication system

    ?


    facebook and twitter did the same log in process xanga does, right? so in effect it would just be outsourcing the account creation. just stick with the same email verification.
    @under_the_carpet - i like this guy's gimped account idea, slightly altered. i suggest longer than a week. more like 2 or 3 months, and you alter 'basic residency status' (which is merely post, comment, pulse and a profile pic) to 'adept' which unlocks themes and other major site alteration and similar for people who are active during the time.

  • I wonder if the xanga program where xanga members are asked to report spam and examine blogs is still in progress? I remember the days I was asked to view videos and was asked to rate them for R rating.

    There was a plumber like spam that I saw the other day but didn't check it out.

  • @lenybobsyouruncle - thanks :). You're right a longer time-span would be better. 

  • I don't like the idea of having to pay for an account to have the account . . . nor do I want my Xanga connected to my facebook, or any other site. I come here to post how I feel in secrecy. Please find something else to do . . . how about require email acitivations? I never get emails to activate my account, and if they aren't activated within a week or so delete them. 

  • I agree with the people that have said they would not want fb/twitter/other site to be part of the sign up process. I hate it when companies do that, and I know it would deter me from making an account if I was a new user. I also do not think it would be fair to expect someone to pay. I think what makes the most sense is what people have already mentioned with the email verification. Also, I would suggest making it so that if you don't post a comment/blog post/otherwise interact with xanga within the first week of joining your account automatically shuts down. Maybe that is too harsh of a system, but those are my thoughts. Thanks for asking for our opinions/thoughts.

  • It's up to you guys of course. My two concerns: 

    I have neither FB nor Twitter accounts so I would not have opened a Xanga account had that been in effect. I'm sure there are others like me. 

    Having to pay would likely deter people who have no compelling reason to join Xanga from opening an account. I first came here to answer a question I came across while doing a Google search. I would not have paid to answer someone's question ha ha. 

    But I have no better solutions to offer. 

  • I wouldn't want my Xanga site linked to my Facebook in any way, shape or form! Email authentication seems like a sensible option? Personally, I wouldn't be able to pay for Xanga premium!

  • Here are some ideas:

    - Charge 1 cent or 1 dollar or other nominal fee by credit card, or put a 1 cent or 1 dollar hold on a credit card and release it in a month.
    - Require an endorsement or invite from an existing Xanga member (like Google does).
    - Require accomplishment of a short list of Xanga community involvement tasks before a blog can be started, e.g. three comments on a featured post or something.
    - Require a phone number.
    - Require a waiting period, varying between 6 and 24 hours between initial account setup and first login.

  • here's hoping things improve - Xanga has been getting slower and slower of late. 

  • Is this why Xanga sometimes just won't load at all? I so that needs to be fixed. I'm not really in favor of linking it to other sites, and think paying is not fair either. 

    What I do like is perhaps making the first days or a week where the themes are unavailable. You just get use of the very basic account till you show you're an actual human who is going to use it properly. That also cures the issues of making those nasty 'mirror sites' that some folks love to do, plus it might even make those sites easier to spot, if new blogs suddenly request graphics that they are not authorized to use, from another user's site.

  • Sign in to Comment

  • Give eProps (?)

About this Entry

Who recommended?

Minis

Who gave the eProps?

2 eProps from: