Chaosforge Forum
General => Forum => Topic started by: Kornel Kisielewicz on January 26, 2011, 06:47
-
Due to the amount of spam that was recently happening on the forums, we increased the registration security a little. Also, because of the huge amounts of fake spam-users, we did a serious cleaning in the user tables.
Basically, if you had 0 posts, and wasn't part of any group (to shield non-posting Supporters), your account has probably been deleted -- feel free to re-register though!
On the up side, I don't know if it's just me, but the forum seems to be working much more smoothly now :).
-
It's not just you. I can attest to the fact that the forums are much faster now than before.
Maybe we can make this a yearly exercise? =D
-
The Jolly New Years ChaosForge Forum Massacre? :P
-
Kornel; YAAM. :P
-
YAFW, outsmarted trolls and spammers themselves!
-
The Jolly New Years ChaosForge Forum Massacre? :P
Sounds like a good name!
I hope you saved the scripts used to get the job done. =P
-
Looks like we still have old user IDs. For example, thelaptop is 1003rd, when we have only 873 users. :)
-
Looks like we still have old user IDs. For example, thelaptop is 1003rd, when we have only 873 users. :)
Stop spying on my user ID! =D
But that's a primary key in the table, so I don't think that number is going to change any time soon, nor is it that important too either.
-
Sadly this will not stop new fake accounts, AlanSteff for example...
-
Captchas really don't work anymore for some reason, even on my forum.
But maybe instead of that simple question, you should try my simple technique (http://mpsf.x10.mx/reg.php) (the RetardCheck thing)?
It's a randomized question in a randomized sentence (refresh the page a few times to see the randomness in action). And that works fine for me. :D
-
Its easy to do once but an annoying pain in the ass if you need to register several accounts, I think that would work quite well.
-
If possible, the wiki could probably do with a security update. Awful lot of spam over there. :(
-
Captchas really don't work anymore for some reason, even on my forum.
But maybe instead of that simple question, you should try my simple technique (http://mpsf.x10.mx/reg.php) (the RetardCheck thing)?
It's a randomized question in a randomized sentence (refresh the page a few times to see the randomness in action). And that works fine for me. :D
I have a similar thing setup on one of my sites, and every once in a while some spammer is able to bypass this, so it's not 100% proof, but it does help a lot anyway (1 spam account/2 months vs 50/hour).
-
How hard would it be to track the amount of time spent at the "Post Reply/Create New Topic" page? The way I imagine things involves humans actually having to take time typing their message, where as a bot can pretty much just instantaneously create a message. Assuming bots don't already correct for this you could just create a threshold (say 0.5 seconds per word not in mortem tags) and if the post took less time, it probably came from a bot.
In theory the board doesn't have to be immune to bots, just enough of a pain or custom enough that the bot would have to be rewritten slightly. I would assume most spammers go after low hanging fruit and don't fight each forum specifically. It's not foolproof, piracy teaches us that with enough work just about any security can be fooled, but for spammers the question becomes 'is it worth the effort?'.
-
Without jinxing myself, I think that we are starting to have it under control. It has been a few days since we last saw any spam, so at least the measures are effective against the automated stuff. And yes, it does cause some pain, but only to those who are not human.
-
But we are still seeing the fake accounts being created with ad links in the signature to up their linked by stat. Can we disable links in signatures? Maybe then they will leave...
-
They never leave.
BTW, thelaptop -- I think an important part of reducing the spam was banning the whole *@ymail.com domain :P
-
They never leave.
BTW, thelaptop -- I think an important part of reducing the spam was banning the whole *@ymail.com domain :P
Ah, I see I see.
Let's just see how many more domains we need to kill off to keep the peace. >.<
-
All of them ;]
-
Captchas really don't work anymore for some reason, even on my forum.
But maybe instead of that simple question, you should try my simple technique (http://mpsf.x10.mx/reg.php) (the RetardCheck thing)?
It's a randomized question in a randomized sentence (refresh the page a few times to see the randomness in action). And that works fine for me. :D
Just type the twentieth character of this very sentence in the field below. (includes spaces)
0-based or 1-based? :D
-
Forum Mass Murder has been repeated -- to all valid 0-post users my utmost apologies!
-
Yesss... blood...
/me liked it.
-
Yesss... blood...
/me liked it.
Spam bots have no blood.
/me puts on some shades
-
Yesss... blood...
/me liked it.
BLOOD FOR THE-
Spam bots have no blood.
/me puts on some shades
/me slinks back to his corner.
-
How much of a hassle is it to do this? Perhaps it should be a monthly occurrence.
-
Q: What's the difference between Doomguy and Kornel?
A: Doomguy kills everything that moves. Kornel kills everything that doesn't move.
-
How much of a hassle is it to do this? Perhaps it should be a monthly occurrence.
The fastest way to do this of course is on the back end. We're making this boticide ad hoc to avoid creating opportunities for the spammers to capitalise on our regular schedule to respawn what they have lost.
-
Time to add some kind of human identification system?
-
Next Wave - 629 Kills.