Bullshit Users + spam posts

Post by **pyrella** » November 20, 2006, 8:39 pm

So you know, it's not like we're not trying to control this.

We've altered the registration form slightly to confuse/fuck most bots. They've adapted.

We tried doing manual approval, but the fucked up way phpbb does it, requires you to click on the link, which makes it active, before you can then deactivate it. In addition to the fact that most 'real' account sign ups get lost in the flood of shit.

And the captcha (image verification system) is beyond ass see PWNtcha ( http://sam.zoy.org/pwntcha/ )

If someone hears of how another board handles this type of shit, we're all ears.

Hoarmurath · Post by **Hoarmurath** » November 20, 2006, 8:57 pm

It seems like the same "people" sign up for a forum that I run at the same time they sign up here. The only difference is that I require e-mail confirmation. Until the new user clicks on the confirmation link in an e-mail, they stay in the "users awaiting email confirmation" group, which does not have permission to post. Once they click the link, they automatically go into the "registered users" group and can post. While it's not foolproof, it has cut down on a great deal of spam on my message board. I assume that something similar would be available in phpBB.

Post by **Xouqoa** » November 21, 2006, 1:27 pm

I'm pretty sure we are already requiring email validation before a post can be made.

Boogahz · Post by **Boogahz** » November 21, 2006, 1:29 pm

Is it just the "click this link and you're authorized" type of email? I thought that manual activation was being used now.

Kluden · Post by **Kluden** » November 21, 2006, 4:57 pm

Don't allow people to sign up with hotmail accounts and the like. Or, have a public forum where people must post who they are before you allow access to the rest of the board manually?

Quarkk · Post by **Quarkk** » November 21, 2006, 6:36 pm

Kluden wrote:Don't allow people to sign up with hotmail accounts and the like. Or, have a public forum where people must post who they are before you allow access to the rest of the board manually?

/sign

Truant · Post by **Truant** » November 21, 2006, 6:54 pm

Kluden wrote:Don't allow people to sign up with hotmail accounts and the like. Or, have a public forum where people must post who they are before you allow access to the rest of the board manually?

that would eliminate people like me who use gmail as a primary email address.

I quit using isp email addresses as I've moved 10 times in 6 years.

Drolgin Steingrinder · November 21, 2006, 7:09 pm

Would be nice to get it fixed so we could avoid posts like this.

Lalanae · Post by **Lalanae** » November 21, 2006, 8:01 pm

tee hee

noel · Post by **noel** » November 21, 2006, 8:32 pm

Drolgin Steingrinder wrote:Would be nice to get it fixed so we could avoid posts like this.

If he ever meets me on the street, he won't think that's funny anymore.

Lalanae · Post by **Lalanae** » November 22, 2006, 1:35 am

Boogahz · Post by **Boogahz** » November 22, 2006, 1:37 am

>

Zaelath · Post by **Zaelath** » November 22, 2006, 6:08 am

How about hacking phpBB so it bins any posts with links in unless you have 10 posts?

redeemed · Post by **redeemed** » November 22, 2006, 6:46 am

Quarkk wrote:
Kluden wrote:Don't allow people to sign up with hotmail accounts and the like. Or, have a public forum where people must post who they are before you allow access to the rest of the board manually?
/sign

yep. like the old guild forums.. initially you gain access to a "public" forum, but in order to post anywhere else you have to request access.. though these days I imagine all you'd get are lurkers that finally want to post or gamers that just want more geeks to talk to

but it would force the "spammers" to one or two threads right? -- I vote "retards" only ;p (or create a "request access" thread) more work for the admins for sure but it would probably work <shrug>

Winnow · Post by **Winnow** » November 22, 2006, 12:54 pm

How about forcing the same password for everyone signing up that's posted in a sticky in the general forums. Autobots aren't going to know to enter a specific password to create an account.

Then force a required PW change after one post!

miir · Post by **miir** » November 23, 2006, 1:34 pm

I'd say just disable new registrations for a few weeks or do manual authorizations on all new accounts.

Post by **pyrella** » November 23, 2006, 3:31 pm

We already went that route, and it's beyond a pita. We're looking at a few options that are hopefully more simple and straight forward. =P

Sirensa · Post by **Sirensa** » November 23, 2006, 7:33 pm

I vote for sekrit access forums! The password can be HOOKERWHORESLUT!

Winnow · Post by **Winnow** » November 23, 2006, 8:02 pm

screw phpBB, why don't you guys just code your own bulletin board? Call it vvBB and make sure you build in a backdoor so once a year, after the world has adopted vvBB, you can send out a jackass post to every vvBB.

It'd take you a day to code tops...half a day if you use a Dremel!

Moonwynd · Post by **Moonwynd** » November 23, 2006, 9:45 pm

I actually enjoy Winnow's posts. I don't know what all the hubbub is about...

Boogahz · Post by **Boogahz** » November 23, 2006, 9:48 pm

Moonwynd wrote:I actually enjoy Winnow's posts. I don't know what all the hubbub is about...

Asheran Mojomaster · November 26, 2006, 4:13 am

Winnow wrote:How about forcing the same password for everyone signing up that's posted in a sticky in the general forums. Autobots aren't going to know to enter a specific password to create an account.

Then force a required PW change after one post!

That would be the easiest solution most likely.

lmnt9 · Post by **lmnt9** » November 27, 2006, 2:11 pm

Hoarmurath wrote:It seems like the same "people" sign up for a forum that I run at the same time they sign up here. The only difference is that I require e-mail confirmation. Until the new user clicks on the confirmation link in an e-mail, they stay in the "users awaiting email confirmation" group, which does not have permission to post. Once they click the link, they automatically go into the "registered users" group and can post. While it's not foolproof, it has cut down on a great deal of spam on my message board. I assume that something similar would be available in phpBB.

I recently signed up and just had to click the link to be validated, even though it said it was going to be manually approved.

Voronwë · Post by **Voronwë** » November 28, 2006, 1:07 am

Winnow wrote:How about forcing the same password for everyone signing up that's posted in a sticky in the general forums. Autobots aren't going to know to enter a specific password to create an account.

Then force a required PW change after one post!

wjat about deceptacons!!!!! !:!?!?!?!

Siji · Post by **Siji** » November 28, 2006, 12:09 pm

Just force new users to exchange a minimum of 3 emails with Midnyte before being given access. That'll cut new enrollment drastically.

threnody · Post by **threnody** » November 30, 2006, 11:53 am

The hack we put in place for Ixtlan is somewhat intrusive and requires the rewriting of themes as well as the includes phpbb uses to render pages. The major concern with this is moving from relative URLs to absolute, which makes site migration a bitch. Not to mention people also have to look before they register and get the username and password for the basic auth. While this can be a good "are you a retard" check, it's not what I'd call ideal.

If you look at your access logs (I don't have access to either yours or Ixtlan's), do you see the bot going directly to the profile.php?mode=register page or do you see them first going to any page with the normal header information to get the register URL? If it's the first, you might be able to just change the mode requested to "monkeysex" (or whatever) instead of register and avoid the issue. Then update your robots.txt and make sure google doesn't cache your new profile.php .. or your forum for that matter.

Just a thought.

Canelek · Post by **Canelek** » November 30, 2006, 12:28 pm

Most of the retards here have been registered for purt-nahr 4 years....