Spam. Seriously. WTF.

Found an issue with the phpBB system here at NESdev? Use this forum to report problems.

Moderator: Moderators

User avatar
loopy
Posts: 394
Joined: Sun Sep 19, 2004 10:52 pm
Location: UT

Spam. Seriously. WTF.

Post by loopy » Sun Sep 28, 2008 11:46 am

Is anyone EVER going to do something about it?

tepples
Posts: 21709
Joined: Sun Sep 19, 2004 11:12 pm
Location: NE Indiana, USA (NTSC)
Contact:

Post by tepples » Sun Sep 28, 2008 11:50 am

When I see obvious spam, I delete it and block the account. But I don't know of anything I could do to prevent spam from being posted between when I check the board and when I check the board again.

We could try preventing spammers from registering. But CAPTCHA and e-mail activation are already turned on. If I were to turn on administrator activation of all new accounts, how would I distinguish requests on behalf of spammers from requests on behalf of legitimate users?

User avatar
loopy
Posts: 394
Joined: Sun Sep 19, 2004 10:52 pm
Location: UT

Post by loopy » Sun Sep 28, 2008 11:58 am

Then I'll ask this: who CAN fix it? And how do we get their attention?

You don't know what else to do about it, apparently. Someone thinks they do, let him have a shot at it. I know, I know... you don't have access to do it. Who does? Whose balls do we have to bust to get some action? We've been going around in circles about this for MONTHS.

User avatar
Bregalad
Posts: 7750
Joined: Fri Nov 12, 2004 2:49 pm
Location: Chexbres, VD, Switzerland

Post by Bregalad » Sun Sep 28, 2008 12:41 pm

I guess Memblers is the administrator, but he's not very active.

And I guess asking people to compute something like 23 + 17 and inputl the answer (but with randomly selected numbers) when registering should get most spammers away.
I've also commonly seen strings of letters and numbers randomly arranged in an image created on the fly and the user has to decode them, something automated spammers can't do unless they have very complex AI in them. The server has to support this things I guess, but I know nothing about servers and all.
Life is complex: it has both real and imaginary components.

tepples
Posts: 21709
Joined: Sun Sep 19, 2004 11:12 pm
Location: NE Indiana, USA (NTSC)
Contact:

Post by tepples » Sun Sep 28, 2008 1:08 pm

Bregalad wrote:I've also commonly seen strings of letters and numbers randomly arranged in an image created on the fly and the user has to decode them, something automated spammers can't do unless they have very complex AI in them.

NESdev already tries to do this, but the standard phpBB 2 CAPTCHA is weak. There appears to be a reCAPTCHA mod for phpBB 2, but you need FTP privileges (a step up from admin) to install it.

User avatar
tokumaru
Posts: 11438
Joined: Sat Feb 12, 2005 9:43 pm
Location: Rio de Janeiro - Brazil

Post by tokumaru » Sun Sep 28, 2008 1:52 pm

tepples wrote:If I were to turn on administrator activation of all new accounts, how would I distinguish requests on behalf of spammers from requests on behalf of legitimate users?

The problem with CAPTCHAs is that the answer is sent along with the question. Maybe you could generate a code, and the user uses it to find the respective word in a table found somewhere else, and provide textual instructions on how to find that table. The moderator would then compare the code and the word to see if they match. Only a human could pass through that that, because a computer would not be able to follow written instructions of where to find the answer. I don't know if it would work, but is the best I can think of right now.

User avatar
loopy
Posts: 394
Joined: Sun Sep 19, 2004 10:52 pm
Location: UT

Post by loopy » Sun Sep 28, 2008 2:06 pm

tepples wrote:There appears to be a reCAPTCHA mod for phpBB 2, but you need FTP privileges (a step up from admin) to install it.

Ok, so who has FTP privileges?

User avatar
BMF54123
Posts: 407
Joined: Mon Aug 28, 2006 2:52 am
Contact:

Post by BMF54123 » Sun Sep 28, 2008 2:15 pm

tepples wrote:If I were to turn on administrator activation of all new accounts, how would I distinguish requests on behalf of spammers from requests on behalf of legitimate users?

Perhaps a field could be added to the registration page/profile that simply asks: "In 10 words or less, why are you joining this board? (REQUIRED)" OR perhaps just "Are you a spammer? Type YES or NO."

Spambots obviously aren't equipped to handle unique fields like those, and you can visually weed out spam accounts based on their replies (or lack thereof). If a human should happen to ignore the warnings and big red (REQUIRED)s, well, maybe they shouldn't be posting here in the first place.

If you don't have the privileges to do this, tepples, why not find the person who does and ask them nicely? No other phpBBs I frequent have spambot problems like this one because they've actually done something about it at the code level. You can't fix this problem by twiddling with the pre-installed features.
Last edited by BMF54123 on Sun Sep 28, 2008 2:22 pm, edited 1 time in total.

Xkeeper
Posts: 85
Joined: Fri Feb 29, 2008 10:35 am

Post by Xkeeper » Sun Sep 28, 2008 2:20 pm

Or trying to warn them. "Don't do that spamming thing, please! :("

Just turn on email validation or something already ffs.

User avatar
blargg
Posts: 3715
Joined: Mon Sep 27, 2004 8:33 am
Location: Central Texas, USA
Contact:

Post by blargg » Sun Sep 28, 2008 2:37 pm

Between spam and jargon, I'm about ready to find a new NES development forum.

User avatar
BMF54123
Posts: 407
Joined: Mon Aug 28, 2006 2:52 am
Contact:

Post by BMF54123 » Sun Sep 28, 2008 2:40 pm

blargg wrote:Between spam and jargon, I'm about ready to find a new NES development forum.

I knew there was something I was forgetting in my reply.

Xkeeper
Posts: 85
Joined: Fri Feb 29, 2008 10:35 am

Post by Xkeeper » Sun Sep 28, 2008 2:40 pm

I would be more than happy to help accomodate you.

tepples
Posts: 21709
Joined: Sun Sep 19, 2004 11:12 pm
Location: NE Indiana, USA (NTSC)
Contact:

Post by tepples » Sun Sep 28, 2008 3:51 pm

Xkeeper wrote:Just turn on email validation or something already ffs.

tepples wrote:But CAPTCHA and e-mail activation are already turned on.

User avatar
BMF54123
Posts: 407
Joined: Mon Aug 28, 2006 2:52 am
Contact:

Post by BMF54123 » Sun Sep 28, 2008 5:21 pm

Is this the kind of activation that sends new members an e-mail, in which they have to click a link or copy a code to activate their account? If so, how are spambots circumventing this?

User avatar
Zepper
Formerly Fx3
Posts: 3190
Joined: Fri Nov 12, 2004 4:59 pm
Location: Brazil
Contact:

Post by Zepper » Sun Sep 28, 2008 5:44 pm

blargg wrote:Between spam and jargon, I'm about ready to find a new NES development forum.


Same here.

Post Reply