It is currently Wed Dec 13, 2017 10:05 am

All times are UTC - 7 hours





Post new topic Reply to topic  [ 24 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: New users or not?
PostPosted: Mon Jan 30, 2012 2:10 pm 
Offline
Formerly Fx3
User avatar

Joined: Fri Nov 12, 2004 4:59 pm
Posts: 3076
Location: Brazil
I'm seeing around 4 ‎new user accounts each day, probably dummy users or bots. The thing is increasing... but could something be done... or it's just me?

_________________
Zepper
RockNES developer


Top
 Profile  
 
 Post subject:
PostPosted: Mon Jan 30, 2012 2:23 pm 
Offline

Joined: Sun Apr 13, 2008 11:12 am
Posts: 6513
Location: Seattle
They already can't do anything despite having made the account, so I'm not clear on why we should care.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Jan 30, 2012 2:28 pm 
Online

Joined: Sun Sep 19, 2004 11:12 pm
Posts: 19341
Location: NE Indiana, USA (NTSC)
The wiki gets a trickle of new user accounts, but none of them manage to post anything. All they can do is fill Special:RecentChanges unless they manage to establish themselves as good-faith users on the BBS.

My private wiki gets the same trickle of automated registrations, even with a reCAPTCHA installed, but I use a different method to keep them from spamming: the ABUSE filter.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Jan 30, 2012 7:12 pm 
Offline
Formerly Fx3
User avatar

Joined: Fri Nov 12, 2004 4:59 pm
Posts: 3076
Location: Brazil
Well, yes, they cannot post anything... but the amount of such registered members is increasing more and more every day.

_________________
Zepper
RockNES developer


Top
 Profile  
 
 Post subject:
PostPosted: Tue Jan 31, 2012 1:23 am 
Offline

Joined: Sun Apr 13, 2008 11:12 am
Posts: 6513
Location: Seattle
Ok. Why do we care?


Top
 Profile  
 
 Post subject:
PostPosted: Tue Jan 31, 2012 6:06 am 
Online

Joined: Sun Sep 19, 2004 11:12 pm
Posts: 19341
Location: NE Indiana, USA (NTSC)
Perhaps someone has Image the Atom feed of the wiki's recent changes in his feed reader and is tired of clutter from new user accounts created by automated processes.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Jan 31, 2012 1:30 pm 
Offline
User avatar

Joined: Sat Jul 25, 2009 8:45 am
Posts: 48
I have seen a lot more message board spam lately. It's kind of sad.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Jan 31, 2012 2:23 pm 
Offline
Formerly Fx3
User avatar

Joined: Fri Nov 12, 2004 4:59 pm
Posts: 3076
Location: Brazil
lidnariq wrote:
Ok. Why do we care?


You're nice, but please...

Image

_________________
Zepper
RockNES developer


Top
 Profile  
 
 Post subject:
PostPosted: Wed Feb 01, 2012 12:32 pm 
Offline

Joined: Sun Apr 13, 2008 11:12 am
Posts: 6513
Location: Seattle
I really don't understand. They can't do anything, so what does it matter? It's not like they're clogging up parodius's disk with user accounts.


Top
 Profile  
 
 Post subject:
PostPosted: Wed Feb 01, 2012 5:17 pm 
Offline
Formerly Fx3
User avatar

Joined: Fri Nov 12, 2004 4:59 pm
Posts: 3076
Location: Brazil
A. They could block new registrations for a limited time.
B. They could erase such users by putting an expiring time of inactivity.
C. They could do nothing, as you suggested.
D. It could be created a registration approval for new users, like introducing themselves here.

_________________
Zepper
RockNES developer


Top
 Profile  
 
 Post subject:
PostPosted: Wed Feb 01, 2012 6:52 pm 
Offline

Joined: Sun Apr 13, 2008 11:12 am
Posts: 6513
Location: Seattle
If one agrees that the original problem exists, those are reasonable solutions to the problem. However, seeing as the would-be spammers cannot do any harm, I still don't understand what the objective in fixing this is. Would you please explain?


Top
 Profile  
 
 Post subject:
PostPosted: Thu Feb 02, 2012 7:49 am 
Offline
Formerly Fx3
User avatar

Joined: Fri Nov 12, 2004 4:59 pm
Posts: 3076
Location: Brazil
I have nothing more to say. Sorry.

_________________
Zepper
RockNES developer


Top
 Profile  
 
 Post subject:
PostPosted: Thu Feb 02, 2012 9:48 am 
Offline
User avatar

Joined: Sat Feb 12, 2005 9:43 pm
Posts: 10164
Location: Rio de Janeiro - Brazil
My OCD self is kinda bothered by the increasing number of dummy registrations, but when thinking about it logically I realize that it doesn't make any difference.


Top
 Profile  
 
 Post subject:
PostPosted: Thu Feb 02, 2012 10:02 am 
Online

Joined: Sun Sep 19, 2004 11:12 pm
Posts: 19341
Location: NE Indiana, USA (NTSC)
Might it be the same sort of OCD discussed in this thread?


Top
 Profile  
 
 Post subject:
PostPosted: Thu Feb 02, 2012 3:32 pm 
Offline
User avatar

Joined: Sun Sep 19, 2004 9:28 pm
Posts: 3192
Location: Mountain View, CA, USA
Let me make this crystal clear to everyone:

With regards to the forum:

Every single time there is a spam post -- ABSOLUTELY EVERY SINGLE TIME, NO EXCEPTIONS -- administrative action is taken to ensure it doesn't happen again. This does not mean we just delete the account + posts and continue on our merry way. There are other things being done (manual actions I personally take every single time, again, no exception) to stop this from happening which I cannot/will not disclose. The reason I won't disclose them is because the spammers read English -- human beings are creating these accounts, NOT software/robots. The less they know about our methods, the better.

If anyone feels the forum now has more spam than it used to, I will be more than happy to remove all of the methodologies we have in place and let you experience the result. I can assure you that within a week you will have hundreds of posts, possibly thousands of accounts, with every thread on this forum with spam in it.

Because human beings are involved, things like captchas, "technical questions", mathematical questions, etc. absolutely do not work because the humans are capable of reading English. I can talk more about this in detail if people want to know, but all you need to know is that there are companies -- dedicated, fully-staffed companies -- in foreign countries which do nothing but create accounts on forums/wikis/etc. all day long and then sell those account credentials to bidders, or are hired by bidders to do exactly that. This is what commercialism and capitalism has brought the world.

With regards to the Wiki:

The aforementioned methodology for blocking the spammers on the forum is not applied to the Wiki. All we do use is the built-in mathematical question during account creation (as a form of a captcha). Let me explain why this is in place:

When we recently upgraded the Wiki, I disabled all forms of captchas because I was told it more or less didn't matter since only manually-approved accounts had edit/write access. Seemed logical to me. However, within about a week of the upgrade, I started receiving boatloads of "bounced mail" messages from the webserver specific to the Wiki. A quick investigation showed that the spammers were signing up using automated software, and were shoving randomly-generated Emails into the Email field during account creation. For verification purposes, the Wiki sends Email to this address and asks the person to verify.

So what was happening was that our mail servers were spewing mail to these invalid addresses, resulting in bounces, which I get copies of. In effect, the spammers were using the account creation form to hit Email addresses "for the hell of it". Really. It's completely 100% impossible for them to sign up for an account and somehow "insert content into the body of the verification mail" -- instead, these are just robotic scripts that are going batshit crazy creating accounts and resulting in Email storms. Nor would THEY ever get a copy of the bounceback, so they'd never know if the Email address they generated was legit or not. I do not understand the reason for this, but I really don't care why -- obviously it's unacceptable. Furthermore, disabling mail bounces is not an option -- we have actual people who use our mail servers and rely heavily on bounces for legitimate reasons ("oh crap I typo'd my mum's Email address").

As a result, I turned on the mathematical verification requirement, which appears to have completely stopped the Email bounceback situation. However, either humans or software are obviously able to do simple math, thus accounts keep getting created. Meaning: the spammer is creating an account with an Email address they have access to, so they get a copy of the verification mail, click the link to verify, then proceed to try and edit the Wiki to spam (and find they cannot because we only allow edit/write access to accounts which are pre-approved). At least I'm not getting bounced mail.

The problem I have with enabling something like an image-based captcha (instead of the mathematical verification) is that it's more intense on CPU time, and if a human is doing the account creation it solves nothing. And many image-based captchas are fucking annoying anyway -- I cannot tell you how many times I have signed up for an account somewhere and have been completely unable to read the captcha text because it's so horribly skewed/noised/buggered.

It might be worthwhile for me to apply the same methods to the Wiki as we use on the forum (and this is not difficult to do, nor does it make my life more complex), but the Wiki isn't something I keep too close of an eye on.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 24 posts ]  Go to page 1, 2  Next

All times are UTC - 7 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group