VeeshanVault

So you know, it's not like we're not trying to control this.

We've altered the registration form slightly to confuse/fuck most bots. They've adapted.

We tried doing manual approval, but the fucked up way phpbb does it, requires you to click on the link, which makes it active, before you can then deactivate it. In addition to the fact that most 'real' account sign ups get lost in the flood of shit.

And the captcha (image verification system) is beyond ass see PWNtcha ( http://sam.zoy.org/pwntcha/ )

If someone hears of how another board handles this type of shit, we're all ears.

It seems like the same "people" sign up for a forum that I run at the same time they sign up here. The only difference is that I require e-mail confirmation. Until the new user clicks on the confirmation link in an e-mail, they stay in the "users awaiting email confirmation" group, which does not have permission to post. Once they click the link, they automatically go into the "registered users" group and can post. While it's not foolproof, it has cut down on a great deal of spam on my message board. I assume that something similar would be available in phpBB.

I'm pretty sure we are already requiring email validation before a post can be made.

Is it just the "click this link and you're authorized" type of email? I thought that manual activation was being used now.

Don't allow people to sign up with hotmail accounts and the like. Or, have a public forum where people must post who they are before you allow access to the rest of the board manually?

Kluden wrote:Don't allow people to sign up with hotmail accounts and the like. Or, have a public forum where people must post who they are before you allow access to the rest of the board manually?

/sign

Kluden wrote:Don't allow people to sign up with hotmail accounts and the like. Or, have a public forum where people must post who they are before you allow access to the rest of the board manually?

that would eliminate people like me who use gmail as a primary email address.

I quit using isp email addresses as I've moved 10 times in 6 years.

Would be nice to get it fixed so we could avoid posts like this.

tee hee

Drolgin Steingrinder wrote:Would be nice to get it fixed so we could avoid posts like this.

If he ever meets me on the street, he won't think that's funny anymore.

>

How about hacking phpBB so it bins any posts with links in unless you have 10 posts?

Quarkk wrote:

Kluden wrote:Don't allow people to sign up with hotmail accounts and the like. Or, have a public forum where people must post who they are before you allow access to the rest of the board manually?

/sign

yep. like the old guild forums.. initially you gain access to a "public" forum, but in order to post anywhere else you have to request access.. though these days I imagine all you'd get are lurkers that finally want to post or gamers that just want more geeks to talk to
but it would force the "spammers" to one or two threads right? -- I vote "retards" only ;p (or create a "request access" thread) more work for the admins for sure but it would probably work <shrug>

How about forcing the same password for everyone signing up that's posted in a sticky in the general forums. Autobots aren't going to know to enter a specific password to create an account.

Then force a required PW change after one post!

I'd say just disable new registrations for a few weeks or do manual authorizations on all new accounts.

We already went that route, and it's beyond a pita. We're looking at a few options that are hopefully more simple and straight forward. =P

I vote for sekrit access forums! The password can be HOOKERWHORESLUT!

screw phpBB, why don't you guys just code your own bulletin board? Call it vvBB and make sure you build in a backdoor so once a year, after the world has adopted vvBB, you can send out a jackass post to every vvBB.

It'd take you a day to code tops...half a day if you use a Dremel!

I actually enjoy Winnow's posts. I don't know what all the hubbub is about...

Moonwynd wrote:I actually enjoy Winnow's posts. I don't know what all the hubbub is about...

Winnow wrote:How about forcing the same password for everyone signing up that's posted in a sticky in the general forums. Autobots aren't going to know to enter a specific password to create an account.

Then force a required PW change after one post!

That would be the easiest solution most likely.

Hoarmurath wrote:It seems like the same "people" sign up for a forum that I run at the same time they sign up here. The only difference is that I require e-mail confirmation. Until the new user clicks on the confirmation link in an e-mail, they stay in the "users awaiting email confirmation" group, which does not have permission to post. Once they click the link, they automatically go into the "registered users" group and can post. While it's not foolproof, it has cut down on a great deal of spam on my message board. I assume that something similar would be available in phpBB.

I recently signed up and just had to click the link to be validated, even though it said it was going to be manually approved.

Winnow wrote:How about forcing the same password for everyone signing up that's posted in a sticky in the general forums. Autobots aren't going to know to enter a specific password to create an account.

Then force a required PW change after one post!

wjat about deceptacons!!!!! !:!?!?!?!

Just force new users to exchange a minimum of 3 emails with Midnyte before being given access. That'll cut new enrollment drastically.

The hack we put in place for Ixtlan is somewhat intrusive and requires the rewriting of themes as well as the includes phpbb uses to render pages. The major concern with this is moving from relative URLs to absolute, which makes site migration a bitch. Not to mention people also have to look before they register and get the username and password for the basic auth. While this can be a good "are you a retard" check, it's not what I'd call ideal.

If you look at your access logs (I don't have access to either yours or Ixtlan's), do you see the bot going directly to the profile.php?mode=register page or do you see them first going to any page with the normal header information to get the register URL? If it's the first, you might be able to just change the mode requested to "monkeysex" (or whatever) instead of register and avoid the issue. Then update your robots.txt and make sure google doesn't cache your new profile.php .. or your forum for that matter.

Just a thought.

Most of the retards here have been registered for purt-nahr 4 years....