It is currently Tue Jul 16, 2019 4:19 pm

All times are UTC - 7 hours





Post new topic Reply to topic  [ 24 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: Mon Jan 07, 2019 9:26 pm 
Offline
Site Admin
User avatar

Joined: Mon Sep 20, 2004 6:04 am
Posts: 3697
Location: Indianapolis
When registering an account on the forum, there is an NES-related question (chosen randomly from a list). In the past, changing the questions seemed to have slowed down the spam for a while. So I figured it would be a good time to try that again. But this time, why not go further and add a lot of questions? I could use some help with that.

If anyone wants to write a question or two, we could maybe get a decent list going and hopefully make it tougher for them to register. I guess they can just google it, but if we're making dozens or hundreds of them waste their time, then good.

Just send the Q/As to me in a PM, not in the thread itself (for obvious reasons). It's kind of tough because you want it to be obscure, but not too obscure. Also, one question can have multiple answers.


Top
 Profile  
 
PostPosted: Thu Jan 10, 2019 9:52 am 
Online
User avatar

Joined: Fri Nov 19, 2004 7:35 pm
Posts: 4191
I hope the new questions help a bit now.

_________________
Here come the fortune cookies! Here come the fortune cookies! They're wearing paper hats!


Top
 Profile  
 
PostPosted: Thu Jan 10, 2019 10:22 am 
Offline
User avatar

Joined: Sat Jan 09, 2016 9:21 pm
Posts: 618
Location: Central Illinois, USA
Out of curiosity, can we also incorporate other things like google's "i am not a robot" captchas?

_________________
My games: http://www.bitethechili.com


Top
 Profile  
 
PostPosted: Thu Jan 10, 2019 12:03 pm 
Online
User avatar

Joined: Sun Sep 19, 2004 9:28 pm
Posts: 4151
Location: A world gone mad
gauauu wrote:
Out of curiosity, can we also incorporate other things like google's "i am not a robot" captchas?

This solves nothing -- the people doing the sign-ups are not robots/automated scripts, they are human beings who can read/understand English.


Top
 Profile  
 
PostPosted: Thu Jan 10, 2019 12:26 pm 
Offline
User avatar

Joined: Fri Nov 24, 2017 2:40 pm
Posts: 168
Really? My experience in the past is that more questions don't seem to help. An attacker would only need to answer one question before they can automate the process and brute force it.

I even tried doing it using a webpage full of GUIDs in different styles. The questions were then just "Copy paste the green words from the following web page". Within maybe two days at most of changing the GUIDs out I would start to get spam accounts again. It was miserable and I finally just shut the forum down. The admins had collectively given up on trying to fight the spammers by that point so the traffic went from a dozen or so daily posts to basically 0. :-\

As far as I've ever heard, the only good way to keep spammers out of PHPBB is not to use PHPBB or to write your own custom captcha. -_-


Top
 Profile  
 
PostPosted: Thu Jan 10, 2019 1:00 pm 
Offline

Joined: Sun Sep 19, 2004 11:12 pm
Posts: 21504
Location: NE Indiana, USA (NTSC)
gauauu wrote:
Out of curiosity, can we also incorporate other things like google's "i am not a robot" captchas?

For one thing, ISPs in the People's Republic of China block reCAPTCHA, as do web browsers that are set to refuse to run proprietary JavaScript. For another, some people report that reCAPTCHA leads to several minutes of identifying cats, street signs, and the like.

slembcke wrote:
The questions were then just "Copy paste the green words from the following web page".

I guess that might work on a forum with no blind members.

A few other systems exist:

  1. Shadowban all newly registered users. Allow a user to post, but hide these posts from the public and from non-staff users until staff release these posts.
  2. Require a referral from an existing member to join. This is the essence of the Vouch extension to Webmention. Some communities make initial contact with newcomers through an IRC channel.
  3. Require ownership of a personal domain and subscription to web hosting to join. The wiki on IndieWeb.com uses IndieAuth protocol.

_________________
Pin Eight | Twitter | GitHub | Patreon


Top
 Profile  
 
PostPosted: Thu Jan 10, 2019 1:09 pm 
Offline
User avatar

Joined: Fri Nov 24, 2017 2:40 pm
Posts: 168
slembcke wrote:
The questions were then just "Copy paste the green words from the following web page".

I guess that might work on a forum with no blind members.[/quote]

Sadly it didn't really work regardless of people's abilities. :(

Does PHPBB support first post moderation? Years ago that worked pretty well on the idevgames forums. Basically your posts don't show publicly until after you have been blessed by a moderator. Easier to review the first post of a new member than every post that shows up on the site.


Top
 Profile  
 
PostPosted: Thu Jan 10, 2019 2:48 pm 
Offline
User avatar

Joined: Sat Feb 12, 2005 9:43 pm
Posts: 11375
Location: Rio de Janeiro - Brazil
I guess that catching spammers after they register is more effective than trying to catch them during registration. Can't new members get a limited number of trial posts, in which they can't post links to external sites? When the trial posts are over a mod can then choose whether to make them full members or ban them. Maybe this decision can even be made before the end of the trial posts, if their behavior makes their legitimacy obvious.


Top
 Profile  
 
PostPosted: Thu Jan 10, 2019 3:25 pm 
Offline

Joined: Sun Sep 19, 2004 11:12 pm
Posts: 21504
Location: NE Indiana, USA (NTSC)
That proposal is similar to what we currently do on the wiki for talk page posts by newly registered users. They may edit only talk pages, and adding external links requires solving a CAPTCHA. Promotion happens automatically after two talk edits and a few days in this new user state. But in some cases, spammers have proceeded anyway with "copy and paste and remove spaces".

_________________
Pin Eight | Twitter | GitHub | Patreon


Top
 Profile  
 
PostPosted: Thu Jan 10, 2019 4:26 pm 
Offline
User avatar

Joined: Thu Sep 15, 2016 6:29 am
Posts: 896
Location: Denmark (PAL)
tepples wrote:
  1. Shadowban all newly registered users. Allow a user to post, but hide these posts from the public and from non-staff users until staff release these posts.
  2. Require a referral from an existing member to join. This is the essence of the Vouch extension to Webmention. Some communities make initial contact with newcomers through an IRC channel.
  3. Require ownership of a personal domain and subscription to web hosting to join. The wiki on IndieWeb.com uses IndieAuth protocol.


a: This solution usually works great. Only downside is that it requires very active moderation as you wouldn't want someone writing stuff for two days wondering why people just ignore them
b: This only works for larger and popular sites, who benefit from filtering in only people who are truly dedicated
c: I assume this was a joke


Top
 Profile  
 
PostPosted: Thu Jan 10, 2019 8:38 pm 
Offline
Formerly Espozo
User avatar

Joined: Mon Sep 15, 2014 4:35 pm
Posts: 3501
Location: Richmond, Virginia
I agree that b. would not work. I have yet to meet someone in person who has heard of NESDev.


Top
 Profile  
 
PostPosted: Fri Jan 11, 2019 2:23 am 
Offline
Formerly WheelInventor
User avatar

Joined: Thu Apr 14, 2016 2:55 am
Posts: 2024
Location: Gothenburg, Sweden
A lot of forum seem to have restrictions until you've reached a certain number of posts. Like, not being able to participate in for sale threads and the like.

For all new users starting with a post count of 0,
-suspend rights to edit posts until you've made a handful of them.
-likewise suspend rights to make a signature until you've made enough posts.

I've seen this too, so maybe:
-suspend rights to make a new thread in most subforums until you've posted at least 1 reply or made an introduction thread in an appropriate subforum.

But often people register when they have a question, and then hopefully some of them stay to become active members, so the 3rd point might be a bit of a hindrance to community growth.

_________________
http://www.frankengraphics.com - personal NES blog


Top
 Profile  
 
PostPosted: Fri Jan 11, 2019 8:49 am 
Offline
User avatar

Joined: Sat Jan 09, 2016 9:21 pm
Posts: 618
Location: Central Illinois, USA
tepples wrote:
For one thing, ISPs in the People's Republic of China block reCAPTCHA,

Last time I was there, nesdev was blocked entirely in China.

Quote:

Quote:
[*]Require a referral from an existing member to join. This is the essence of the Vouch extension to Webmention. Some communities make initial contact with newcomers through an IRC channel.
[*]Require ownership of a personal domain and subscription to web hosting to join. The wiki on IndieWeb.com uses IndieAuth protocol.[/list]


A couple minutes of clicking streetsigns isn't acceptable, but requiring a personal domain is?

koitsu wrote:
This solves nothing -- the people doing the sign-ups are not robots/automated scripts, they are human beings who can read/understand English.

Now here's the right answer. Koitsu's point is correct -- it won't help if these are real people.

_________________
My games: http://www.bitethechili.com


Top
 Profile  
 
PostPosted: Fri Jan 11, 2019 11:17 am 
Offline
User avatar

Joined: Thu Mar 31, 2016 11:15 am
Posts: 520
create a captcha system that hides an answer in a NES rom

(spammers won't have NES emulators installed)


Top
 Profile  
 
PostPosted: Fri Jan 11, 2019 11:22 am 
Offline

Joined: Sun Sep 19, 2004 11:12 pm
Posts: 21504
Location: NE Indiana, USA (NTSC)
Good luck with hiding the answer in a ROM if your first question is emulator tech support. Or should that be done directly with the emulator's developer?

_________________
Pin Eight | Twitter | GitHub | Patreon


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 24 posts ]  Go to page 1, 2  Next

All times are UTC - 7 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group