Suspecting RC1 very soon!

Discussion of general topics related to the new version and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Locked
Drew***
Registered User
Posts: 74
Joined: Sun Jan 02, 2005 9:48 pm

Re: Suspecting RC1 very soon!

Post by Drew*** »

Shadow Reaper wrote: I do really like the thing of a simple question & answer way, though I would like to add, maybe a variable with a number set by the forum of multiple questions. It's a futher way to confuse bots.

On a sidenote, I guess it isn't strong enough when like this one got though.



Just a suggestion, but if you create a template that allows each forum to create a unique response to a challenge question, you would by the sheer variety of answers create a major obstacle for bots. In other words instead of making things more and more complex just make them random.

The Question is generic
The image could be uploaded same as an avatar
The response form would be a template that would allow the admin to set up the correct response

Some examples http://www.image-max.org/challenge-reponse_example.htm
Last edited by Drew*** on Sat May 05, 2007 5:22 pm, edited 2 times in total.
Where would you like to go today? http://antwrp.gsfc.nasa.gov/apod/

We have information about your home http://earthobservatory.nasa.gov/subscribe.php3
sectionw
Registered User
Posts: 24
Joined: Mon Feb 07, 2005 7:49 pm

Re: Suspecting RC1 very soon!

Post by sectionw »

I implemented the text confirmation, a simple question is asked, and solved so far my spambot problem.
Captcha did nto work in the long run, a random question and answer solved it, in fact i removed the visual confirmation.
I hope they go in that direction, the only flaw in the current mod i sued is no multilingual support for the question.
User avatar
jumborex
Registered User
Posts: 84
Joined: Wed Nov 08, 2006 12:33 pm
Location: Milano
Contact:

Re: Suspecting RC1 very soon!

Post by jumborex »

sectionw wrote: I implemented the text confirmation, a simple question is asked, and solved so far my spambot problem. [...]

This discussion as already been made on this board: viewtopic.php?f=3&t=26358&start=0
See expecially what I said starting from viewtopic.php?f=3&t=26358&st=0&sk=t&sd= ... 40#p171412

I summarise here: using a complicated system, I made a trial board where you could enter only finding out the solution for a complex game called Rebus. The game was in Italian, and no solution was provided in any other part of the forums, or in the site.
The site that my friends and me operates, is about enigmatography, the art more Italian than other, to create enigmas, double senses, crosswords and other amenities... Rebus is one known system to create a phrase out from images. See viewtopic.php?f=3&t=26358&st=0&sk=t&sd= ... 50#p171447

Well, after one month, or so, I closed the trial board: it was infested by spammers! :? In the occasion some of the friends here commented:
Highway of Life wrote: [...] You can be sure you'll have Italian Einstein's and Bots for users. :P

I know that in some other occasion Acyd Burne commented that in his opinion the only valid system to discourage Bots, is to ask to register filling non standard fields, that is (if I understand well) something similar to the VIP Mod!
I have not failed. I've just found 10,000 ways that won't work.
(Thomas Alva Edison)
cutaia
Registered User
Posts: 45
Joined: Wed Mar 30, 2005 4:08 am
Location: Aurora, CO
Contact:

Re: Suspecting RC1 very soon!

Post by cutaia »

So, um...anyone suspecting RC1 very soon?
ndL
Registered User
Posts: 54
Joined: Fri Mar 03, 2006 7:10 pm
Location: Vilnius, Lithuania
Contact:

Re: Suspecting RC1 very soon!

Post by ndL »

ok, not today, tomorrow :)
User avatar
Nomad of Norad
Registered User
Posts: 8
Joined: Thu Nov 16, 2006 1:37 am
Location: Jacksonville, Florida, USA, Earth, Sol System, Milky Way galaxy...
Contact:

Re: Suspecting RC1 very soon!

Post by Nomad of Norad »

tffnguy wrote: As long as there is a way for links to be spidered through forums there will be spambots using them. I think setting up phpBB3 to where the latest user isn't displayed until their account is activated was a giant step in helping stop the spambots. Problem is though as long as there is a Member's list that can be spidered and or curious users can check out then the spambots will keep trying to register. Who in their right mind is going to look through the members list of thousands anyway? The way I see it all that is good for is to invite spammers and spambots. It would be real nice if there were a way to configure the software not to show a link to the member's list. I'm not likely to go from 2 to 3 until I can figure out a way to remove it.

Well, a simple way around that problem is do what I've done with my board: set it so people cannot get to the memberlist without first logging in. Couple that with not listing a not-yet-validated user as "newest user" and setting it so that imbedded pictures in messages aren't shown until you've logged in, and that will likely fix their little red wagons...

Personally, I'm hoping there will be a describe-to-the-board-why-you-deserve-to-be-here field provided as a standard option, coupled with a separate flag for it. That is, you validate your account by clicking the URL sent to you in email when you create the account, but there's a another flag that must be set by the moderator(s), based on his evaluation of the deserve-to-be-here question, before that user can post or otherwise participate in the board.

I'm guessing that that sort of thing would be added via a mod, though...
I don't think the people writing the spambots give a flip whether the accounts are activated or not they just want the links to be seen and spidered. Cut off any chance of that and then what can they do. I'm to the point now where I'm thinking of going to a system where new members have to be sponsored by old members (referral) . I'd hate to do that, but better that than constantly having to try to figure out who should be allowed access and who shouldn't.

Well, if new users' about-this-user pages cannot be spidered/browsed (except by logged-in moderators) until they're validated, then that will solve this problem.
User avatar
Kevin Clark
Support Team
Support Team
Posts: 751
Joined: Thu Feb 10, 2005 5:34 pm
Location: UK
Contact:

Re: Suspecting RC1 very soon!

Post by Kevin Clark »

Nomad of Norad wrote: Well, a simple way around that problem is do what I've done with my board: set it so people cannot get to the memberlist without first logging in.

Sensibly, phpBB3 does that already.
Image
Drew***
Registered User
Posts: 74
Joined: Sun Jan 02, 2005 9:48 pm

Re: Suspecting RC1 very soon!

Post by Drew*** »

jumborex wrote:
sectionw wrote: I implemented the text confirmation, a simple question is asked, and solved so far my spambot problem. [...]

This discussion as already been made on this board: viewtopic.php?f=3&t=26358&start=0
See expecially what I said starting from viewtopic.php?f=3&t=26358&st=0&sk=t&sd= ... 40#p171412

I summarise here: using a complicated system, I made a trial board where you could enter only finding out the solution for a complex game called Rebus. The game was in Italian, and no solution was provided in any other part of the forums, or in the site.
The site that my friends and me operates, is about enigmatography, the art more Italian than other, to create enigmas, double senses, crosswords and other amenities... Rebus is one known system to create a phrase out from images. See viewtopic.php?f=3&t=26358&st=0&sk=t&sd= ... 50#p171447

Well, after one month, or so, I closed the trial board: it was infested by spammers! :? In the occasion some of the friends here commented:
Highway of Life wrote: [...] You can be sure you'll have Italian Einstein's and Bots for users. :P

I know that in some other occasion Acyd Burne commented that in his opinion the only valid system to discourage Bots, is to ask to register filling non standard fields, that is (if I understand well) something similar to the VIP Mod!


Interesting reading: :) Maybe that’s where I should have gone first. Still, a generic challenge question that has an unlimited number of responses and is adaptable to each forum would give as many possible responses as there are forums. You can make your image and response as simple or as complex as you like. As long as the Admin is able to set the correct response then any image can be used. An Equestrian forum can use horse related images, an entomology forum can use insect related images, an astronomy forum can use images their members would recognize, Star trek related forums could use a image of Picard; the possibilities are limitless.
Where would you like to go today? http://antwrp.gsfc.nasa.gov/apod/

We have information about your home http://earthobservatory.nasa.gov/subscribe.php3
tffnguy
Registered User
Posts: 75
Joined: Thu Mar 02, 2006 5:13 am

Re: Suspecting RC1 very soon!

Post by tffnguy »

Nomad of Norad wrote: Well, a simple way around that problem is do what I've done with my board: set it so people cannot get to the memberlist without first logging in. Couple that with not listing a not-yet-validated user as "newest user" and setting it so that imbedded pictures in messages aren't shown until you've logged in, and that will likely fix their little red wagons...

Personally, I'm hoping there will be a describe-to-the-board-why-you-deserve-to-be-here field provided as a standard option, coupled with a separate flag for it. That is, you validate your account by clicking the URL sent to you in email when you create the account, but there's a another flag that must be set by the moderator(s), based on his evaluation of the deserve-to-be-here question, before that user can post or otherwise participate in the board.

I'm guessing that that sort of thing would be added via a mod, though...

The describe-to-the-board-why-you-deserve-to-be-here field would be great because I've considered sending emails to any registrations who's conformation email doesn't bounce and there is absolutely no information in the profile other than the user name and email address. At one time that seemed to be a fairly safe way to know it wasn't a spam account, but not anymore. You can't trust accounts that don't have spam links anymore. Another way to do it would be to make different fields in the registration form be mandatory. Real users would know what the forums are all about where a spambot wouldn't so if a user didn't enter something that would make you believe that they belonged there then they wouldn't get access.

Well, if new users' about-this-user pages cannot be spidered/browsed (except by logged-in moderators) until they're validated, then that will solve this problem.


I can see only a couple of good reasons for having a user list. First would be if it were a very small family type board and second would be if it were only viewable by the mods and owner. That's just the way I see it though.
Plano, Texas
User avatar
Nomad of Norad
Registered User
Posts: 8
Joined: Thu Nov 16, 2006 1:37 am
Location: Jacksonville, Florida, USA, Earth, Sol System, Milky Way galaxy...
Contact:

Re: Suspecting RC1 very soon!

Post by Nomad of Norad »

tffnguy wrote:
Nomad of Norad wrote: Well, a simple way around that problem is do what I've done with my board: set it so people cannot get to the memberlist without first logging in. Couple that with not listing a not-yet-validated user as "newest user" and setting it so that imbedded pictures in messages aren't shown until you've logged in, and that will likely fix their little red wagons...

Personally, I'm hoping there will be a describe-to-the-board-why-you-deserve-to-be-here field provided as a standard option, coupled with a separate flag for it. That is, you validate your account by clicking the URL sent to you in email when you create the account, but there's a another flag that must be set by the moderator(s), based on his evaluation of the deserve-to-be-here question, before that user can post or otherwise participate in the board.

I'm guessing that that sort of thing would be added via a mod, though...

The describe-to-the-board-why-you-deserve-to-be-here field would be great because I've considered sending emails to any registrations who's conformation email doesn't bounce and there is absolutely no information in the profile other than the user name and email address. At one time that seemed to be a fairly safe way to know it wasn't a spam account, but not anymore. You can't trust accounts that don't have spam links anymore. Another way to do it would be to make different fields in the registration form be mandatory. Real users would know what the forums are all about where a spambot wouldn't so if a user didn't enter something that would make you believe that they belonged there then they wouldn't get access.

Yeah, that's why I want the feature on my current forum. Trouble is, the one mod I came across that added this isn't EasyMOD compliant. At least, it wasn't last time I tried to install it. I decided, then, that I'd simply wait until the next major revision of phpBB came out, since it's supposed to fix scads of spam problems... and I'd already run myself ragged adding other anti-spam mods to my system, and was still getting spammers... so I finally stopped fiddling with my system.

But, then, my board isn't very active right now (in fact, all I'm GETTING is a steady trickle of spammers... :-D )so there's no real problem with waiting right now, anyway...

I'll probably start buying banner ads and stuff for my forum on other sci-fi related sites once the new system comes along. (My site is dedicated to ongoing space-adventure stories where the users actually write themselves into the story, and whatnot.... I used to love doing that sort of thing on the old dial-up BBSs, and decided to do something like that again online.)
Well, if new users' about-this-user pages cannot be spidered/browsed (except by logged-in moderators) until they're validated, then that will solve this problem.

I can see only a couple of good reasons for having a user list. First would be if it were a very small family type board and second would be if it were only viewable by the mods and owner. That's just the way I see it though.


I guess it's a matter of taste and opinion, though. Mind you, so long as spiderbots can't get to the user pages (because they don't have an account and aren't logged in), there's no way a spammers' links on his/her/its user page can get picked up by the search engines, which pretty much kills one of the big reasons for the spammers to do this stuff: getting their URLs link scores up. If the not-validated-yet users don't show up on the Memberlist, except to moderators, that fixes their little red waggons, too, because it means the regular users can't get to those links, and potentially click them, either.

I have no problem with signed-in users being able to peruse the Memberlist, provided the above issues are dealt with.
Locked