Well, actually 3 weeks.
1 Like
Hello Pat91,
Indeed, three weeks is 21 days⌠and 21 days is still âseveral daysâ! 
But beyond playing with words, we are just as concerned as you are about this situation, which has been going on for far too long.
We are certainly not sitting idly by: since the beginning of this attack, we have taken multiple actions to contain the spam and strengthen the forumâs security. Unfortunately, spammers have an incredible ability to bypass protections, which forces us to remain constantly vigilant and requires a huge amount of effort. Deleting nearly 1,000 messages manually and blocking their authors in just a few hours this morning is no easy task, and we would much rather spend that time improving the community.
We completely understand the frustration this causes and assure you that we are doing everything we can to resolve the situation as quickly as possible. Thank you for your patience and understanding!
Best regards,
3 Likes
Hi,
Are you really sure that they really are spammers ? These messages donât really make sense. Spam is aimed at convincing the targeted people to use a service or purchase a product. This is obviously not the case here. As such, these posts are absolutely meaningless and useless for the âspammersâ. I think they are trying to collect some information like our email addresses or maybe an entry point into the DxO network. I would say âattackâ or âintrusion attemptâ instead of âspamming campaignâ.
1 Like
Hi,
Youâre right that traditional spam often promotes a product or service, but spam also includes unsolicited, irrelevant, or disruptive messages, even without a sales pitch. These posts might serve as a distraction or a way to test vulnerabilities. Spam and intrusion attempts can overlap, so if thereâs suspicion of malicious intent, itâs worth investigating further.
Regards,
1 Like
Very good to get some feedback, thanks
But how can a new member start so much posts:
1 Like
Hi, Thanks for letting me know. We missed this one.
Regards,
2 Likes
Oh, still working? It must be a hard time for you.
This attack cost me a lot of time today to restore the forum to a better state and I have my support tickets to catch up on now.
5 Likes
@Fabrice-B Thanks for the update and the hard work to keep the forum up and running. 
3 Likes
and itâs going on:
Please, please, please do not add to the problem by quoting one of these spam messages in a post like this.
Please edit you post to remove it, otherwise the spam will remain even after @Fabrice-B has removed the actual post.
Thank you.
2 Likes
How about we leave this to the mods. Clearly they know about the problem. Someone posting that âtheyâre backâ isnât helpful.
If you want to be helpful flag the posts. Thatâs itâŚ
If you donât have anything more productive to add, perhaps leave it at that.
1 Like
Fabrice, it is difficult.
What will work (I engineer comment systems professionally) is manual approval. No one posts until their account is approved. Manually approving the new registrants wonât be that hard. Fake registrations stick out like a sore thumb.*
One can always make it easier for forum admins to distinguish fake and real accounts by adding a photography question which requires some thought but any photographer can answer. Something like âWhat is your favourite image and why?â Spam bots can create an answer to this subjective question but will tend to create a single answer and submit it again and again. A competent bot builder would be able to use AI to fake answers to this question but you probably wonât see this level of competence. If the attacks continue, you can add a second question which only appears after the first one is answered: âWho took your favourite photo and when?â Stringing answers to these two together would require real dedication.
Do you require forum registrants to click a link in an email to be able to log in and post? If not, you should. Most of spammer email accounts are nonexistant. Granted, spammers may have and use working email addresses.
The next step is simpler, more automated and more radical and will be 100% effective. Require forum participants to register from a DxO.com store account page to which only paid (not free trial) users have access. The spammers will not spend money to spam the Discourse forum.
I know this sounds unfriendly to potential new buyers, but to be perfectly honest, a potential buyer might accidentally browse these forums but is unlikely to post before purchase. Any real poster here already owns some DxO software (even a much older version).
Once you shut down the easy access, the spammers will disappear quickly, even the attempts. Success begets success: since the spammers have access to forum.dxo.com, they keep coming back.
A solution must be found, please do not consider shutting down the forums. The DxO forum and community make using PhotoLab and Nik much easier. Those tips and astuces from colleagues keep us buying the software.
(*) One can make it even easier to distinguish spammers by requiring first and last name, which usually match peopleâs email address. Over at Blackmagic, to maintain the quality of the forum (professional), about ten years ago, all participants were required to post with their real identity. You will resist this requirement, which is why I didnât include it in the body, but itâs worth serious consideration. The DxO forum should be a place for grown-up discussion. Most of us, with some notable exceptions, do post under our professional identities.
If DxO choose to require a purchase to post here (the simplest and most bulletproof solution), you would be able to continue to allow cute screennames as, again, very few spammers will buy expensive software to spam.
7 Likes
Agree to give âwrite accessâ only to the users who paid for the software.
I think DxO manuals, support FAQs, forum readonly access, tutodxo.com, and availability of fully capable trials, are enough to make the buying decision. At least that was my experience with PL7.1+FP+VP.
Disagree to use âtrue namesâ (e-mails) in a public forum.
Agree to use âtrue namesâ in a closed forum.
But then it would be a very small forum and DxO will not want to finance it, I guess. This type of forum could be useful to DxO only in the case of beta-testers, or a group of photographers given some internals insight, who could provide âtrusted feedbackâ to DxO and help choosing priorities. Maybe such a forum already existsâŚ
Just my few cents about why this forum is useful to the users, an incomplete list. Probably vast majority of users do not post anything.
- verify if your problem is common or is specific to your setup
- know the current alerts, âstandardâ problems, and stale requests
- learn some details on specific editing features and quirks
- learn how others do it and âstealâ good ideas
- choose what type of hardware to buy
- learn some basics on photography, gear, and image processing
- socializing
- get a trusted, direct answer from DxO (no longer true it seems, perhaps due to spam, trolls, some uneducated users, the user group being nonârepresentative from the business perspective)
- get information on updates related to possible rendering changes and bug fixes (never true with very few exceptions, should be in the release notes anyway)
- provide feedback to DxO â even if direct response is not to be expected, your feedback may be taken into consideration
True names and true name emails are difficult and add another complexity due to personal integrity and security etc.
Manual account activation, appointed community moderators, forced MFA upon registration, rate limits and other forum protection measurements will by themselves or in combination reduce bots to a bare minimum.
Restricting participants and/or prospective users to only allow paying customers is in my opinion negative as new users during trial periods do have questions and wish to participate as well. Also those planning to migrate into the DxO ecosystem.
They should all feel invited and included and never be seen as not worthy being here and take part in the discourse.
1 Like
Post approval for a userâs first 5 posts will likely solve all the problems.
The hackerâs probably not likely to be able to put together 5 relevant posts before spamming.
1 Like
You donât have to lose that much time. Just implement some of the obvious counter measures suggested above and in the Discourse document we have recently specified. Then the attack will stop. Unless you prefer uselessly spending time deleting these messagesâŚ
I have just seen one of these messages arrive in a forum section and could observe how the spammer bot was automatically answering itself. This will never stop until dissuasive measures have been taken, Iâm afraid.
1 Like
Thatâs worrying. It seems that you are simultaneously product manager (for all products?), forum administrator and at least a member of the support team (or perhaps the support team all by yourself?). I sympathize.
1 Like
Works for Blackmagic Design, who sell and support DaVinci Resolve, which was originally a niche product like DxO PhotoLab but now has worldwide reach in both professional and personal circles.
I have no issue with true names and Iâll bet most of the funny names will be back sooner rather than later with true names (or carefully forged identities).
There is a lot less stupidity and rudeness with true names. This forum is not particularly bad in terms of etiquette so the difference would not be dramatic.
1 Like