New users or not?

Discussion about the site's wikis, including bugs/issues encountered.

Moderator: Moderators

User avatar
Zepper
Formerly Fx3
Posts: 3262
Joined: Fri Nov 12, 2004 4:59 pm
Location: Brazil
Contact:

New users or not?

Post by Zepper »

I'm seeing around 4 ‎new user accounts each day, probably dummy users or bots. The thing is increasing... but could something be done... or it's just me?
lidnariq
Posts: 11429
Joined: Sun Apr 13, 2008 11:12 am

Post by lidnariq »

They already can't do anything despite having made the account, so I'm not clear on why we should care.
tepples
Posts: 22705
Joined: Sun Sep 19, 2004 11:12 pm
Location: NE Indiana, USA (NTSC)
Contact:

Post by tepples »

The wiki gets a trickle of new user accounts, but none of them manage to post anything. All they can do is fill Special:RecentChanges unless they manage to establish themselves as good-faith users on the BBS.

My private wiki gets the same trickle of automated registrations, even with a reCAPTCHA installed, but I use a different method to keep them from spamming: the ABUSE filter.
User avatar
Zepper
Formerly Fx3
Posts: 3262
Joined: Fri Nov 12, 2004 4:59 pm
Location: Brazil
Contact:

Post by Zepper »

Well, yes, they cannot post anything... but the amount of such registered members is increasing more and more every day.
lidnariq
Posts: 11429
Joined: Sun Apr 13, 2008 11:12 am

Post by lidnariq »

Ok. Why do we care?
tepples
Posts: 22705
Joined: Sun Sep 19, 2004 11:12 pm
Location: NE Indiana, USA (NTSC)
Contact:

Post by tepples »

Perhaps someone has Image the Atom feed of the wiki's recent changes in his feed reader and is tired of clutter from new user accounts created by automated processes.
User avatar
RLError
Posts: 48
Joined: Sat Jul 25, 2009 8:45 am

Post by RLError »

I have seen a lot more message board spam lately. It's kind of sad.
User avatar
Zepper
Formerly Fx3
Posts: 3262
Joined: Fri Nov 12, 2004 4:59 pm
Location: Brazil
Contact:

Post by Zepper »

lidnariq wrote:Ok. Why do we care?
You're nice, but please...

Image
lidnariq
Posts: 11429
Joined: Sun Apr 13, 2008 11:12 am

Post by lidnariq »

I really don't understand. They can't do anything, so what does it matter? It's not like they're clogging up parodius's disk with user accounts.
User avatar
Zepper
Formerly Fx3
Posts: 3262
Joined: Fri Nov 12, 2004 4:59 pm
Location: Brazil
Contact:

Post by Zepper »

A. They could block new registrations for a limited time.
B. They could erase such users by putting an expiring time of inactivity.
C. They could do nothing, as you suggested.
D. It could be created a registration approval for new users, like introducing themselves here.
lidnariq
Posts: 11429
Joined: Sun Apr 13, 2008 11:12 am

Post by lidnariq »

If one agrees that the original problem exists, those are reasonable solutions to the problem. However, seeing as the would-be spammers cannot do any harm, I still don't understand what the objective in fixing this is. Would you please explain?
User avatar
Zepper
Formerly Fx3
Posts: 3262
Joined: Fri Nov 12, 2004 4:59 pm
Location: Brazil
Contact:

Post by Zepper »

I have nothing more to say. Sorry.
User avatar
tokumaru
Posts: 12427
Joined: Sat Feb 12, 2005 9:43 pm
Location: Rio de Janeiro - Brazil

Post by tokumaru »

My OCD self is kinda bothered by the increasing number of dummy registrations, but when thinking about it logically I realize that it doesn't make any difference.
tepples
Posts: 22705
Joined: Sun Sep 19, 2004 11:12 pm
Location: NE Indiana, USA (NTSC)
Contact:

Post by tepples »

Might it be the same sort of OCD discussed in this thread?
User avatar
koitsu
Posts: 4201
Joined: Sun Sep 19, 2004 9:28 pm
Location: A world gone mad

Post by koitsu »

Let me make this crystal clear to everyone:

With regards to the forum:

Every single time there is a spam post -- ABSOLUTELY EVERY SINGLE TIME, NO EXCEPTIONS -- administrative action is taken to ensure it doesn't happen again. This does not mean we just delete the account + posts and continue on our merry way. There are other things being done (manual actions I personally take every single time, again, no exception) to stop this from happening which I cannot/will not disclose. The reason I won't disclose them is because the spammers read English -- human beings are creating these accounts, NOT software/robots. The less they know about our methods, the better.

If anyone feels the forum now has more spam than it used to, I will be more than happy to remove all of the methodologies we have in place and let you experience the result. I can assure you that within a week you will have hundreds of posts, possibly thousands of accounts, with every thread on this forum with spam in it.

Because human beings are involved, things like captchas, "technical questions", mathematical questions, etc. absolutely do not work because the humans are capable of reading English. I can talk more about this in detail if people want to know, but all you need to know is that there are companies -- dedicated, fully-staffed companies -- in foreign countries which do nothing but create accounts on forums/wikis/etc. all day long and then sell those account credentials to bidders, or are hired by bidders to do exactly that. This is what commercialism and capitalism has brought the world.

With regards to the Wiki:

The aforementioned methodology for blocking the spammers on the forum is not applied to the Wiki. All we do use is the built-in mathematical question during account creation (as a form of a captcha). Let me explain why this is in place:

When we recently upgraded the Wiki, I disabled all forms of captchas because I was told it more or less didn't matter since only manually-approved accounts had edit/write access. Seemed logical to me. However, within about a week of the upgrade, I started receiving boatloads of "bounced mail" messages from the webserver specific to the Wiki. A quick investigation showed that the spammers were signing up using automated software, and were shoving randomly-generated Emails into the Email field during account creation. For verification purposes, the Wiki sends Email to this address and asks the person to verify.

So what was happening was that our mail servers were spewing mail to these invalid addresses, resulting in bounces, which I get copies of. In effect, the spammers were using the account creation form to hit Email addresses "for the hell of it". Really. It's completely 100% impossible for them to sign up for an account and somehow "insert content into the body of the verification mail" -- instead, these are just robotic scripts that are going batshit crazy creating accounts and resulting in Email storms. Nor would THEY ever get a copy of the bounceback, so they'd never know if the Email address they generated was legit or not. I do not understand the reason for this, but I really don't care why -- obviously it's unacceptable. Furthermore, disabling mail bounces is not an option -- we have actual people who use our mail servers and rely heavily on bounces for legitimate reasons ("oh crap I typo'd my mum's Email address").

As a result, I turned on the mathematical verification requirement, which appears to have completely stopped the Email bounceback situation. However, either humans or software are obviously able to do simple math, thus accounts keep getting created. Meaning: the spammer is creating an account with an Email address they have access to, so they get a copy of the verification mail, click the link to verify, then proceed to try and edit the Wiki to spam (and find they cannot because we only allow edit/write access to accounts which are pre-approved). At least I'm not getting bounced mail.

The problem I have with enabling something like an image-based captcha (instead of the mathematical verification) is that it's more intense on CPU time, and if a human is doing the account creation it solves nothing. And many image-based captchas are fucking annoying anyway -- I cannot tell you how many times I have signed up for an account somewhere and have been completely unable to read the captcha text because it's so horribly skewed/noised/buggered.

It might be worthwhile for me to apply the same methods to the Wiki as we use on the forum (and this is not difficult to do, nor does it make my life more complex), but the Wiki isn't something I keep too close of an eye on.
Post Reply