how to help fight forum spam

Found an issue with the phpBB system here at NESdev? Use this forum to report problems.

Moderator: Moderators

User avatar
Bregalad
Posts: 8055
Joined: Fri Nov 12, 2004 2:49 pm
Location: Divonne-les-bains, France

Re: how to help fight forum spam

Post by Bregalad »

gauauu wrote:Out of curiosity, can we also incorporate other things like google's "i am not a robot" captchas?
For God's sake, NO, NO, NO !! I absolutely LOHATE those things and refuses to take part of this game whenever I can (sometimes I don't have the choice but it's rare). I don't want to be forced to spend 5 minutes working for Google's custommers sorting their datas without being paid just because they arbitrairly tought I could be a robot. I think the law should forbid those.

For example I had to do 10 minutes of those when (recently) deleting my google and facebook accounts (*) - because obviously they don't want people to delete their accounts. Google especially. They tell you you're logging in from an unusual place, or whathever. Fuck them, this is none of their buisness.

(*) Actually it wasn't a captcha but another time-confusing idioty of the same style.
Last edited by Bregalad on Sat Jan 11, 2020 3:02 pm, edited 1 time in total.
User avatar
gauauu
Posts: 779
Joined: Sat Jan 09, 2016 9:21 pm
Location: Central Illinois, USA
Contact:

Re: how to help fight forum spam

Post by gauauu »

pubby wrote:create a captcha system that hides an answer in a NES rom

(spammers won't have NES emulators installed)
Hahah, I love this idea.
User avatar
Banshaku
Posts: 2417
Joined: Tue Jun 24, 2008 8:38 pm
Location: Japan
Contact:

Re: how to help fight forum spam

Post by Banshaku »

I'm "so good" at those captcha things that the site thinks I'm a robot and needs to often do it 3~4 times. Hours of fun ^^;;; Often you look at the question and you are like "but this part could be what they asked" and just add it and it just fail since it would be how an automated way would find it (like that small street sign that is very, very far away but nobody would select it but if you check properly, it's there!). So I have to think more like "what would people usually select?". I hate site that uses it and waste so much time because of that.
User avatar
Memblers
Site Admin
Posts: 4044
Joined: Mon Sep 20, 2004 6:04 am
Location: Indianapolis
Contact:

Re: how to help fight forum spam

Post by Memblers »

Thankfully, there are further lines of defense once they get past the Q/A. It's not perfect, but is holding up pretty well. There aren't any stats on how many fail the Q/A, but I have been able to see what happens when the spammers pass the Q/A but fail the subsequent check. It can get pretty insane, I've seen it range between one account every couple weeks when the questions are fresh, and more like 100 per day when they must have broken the Q/A, I had to stop tracking it because tepples and I were getting blasted with user activation request emails.

It looks like there is a (disabled) interface to Akismet, anyone have any experience with that service, if it's any good? I guess it monitors posts (until user reaches a certain number of posts), but it costs money. For all I know it could just lead to more work by false positives. I might just give a 1-month test run at some point, at an unannounced time.

Summary of the current spam status is that it's annoying to see any get through, but we're kinda lucky so far. It's no exaggeration to say it could potentially be 1000 times worse than it is.

But yeah with captcha and stuff I hate those, it's annoying and a major barrier for people who have color blindness or worse impairments. I miss the old days of having anonymous posting allowed. Gotta agree that idea of having an NES ROM as a registration test is pretty funny and interesting. But it sorta has the same problem as the Q/A test, we'd either have to generate/validate the ROM per session, or they'll just get the right answer once and bypass it forever.
calima
Posts: 1745
Joined: Tue Oct 06, 2015 10:16 am

Re: how to help fight forum spam

Post by calima »

Pre-generate 1k roms, select one at random. Re-generate monthly.
nocash
Posts: 1405
Joined: Fri Feb 24, 2012 12:09 pm
Contact:

Re: how to help fight forum spam

Post by nocash »

pubby wrote:create a captcha system that hides an answer in a NES rom
Hah, I had the same idea today.

As tepples said, it could be frustating if somebody can't solve it (for example, dsibrew and 3dbrew want (or wanted) people to enter a linux commandline, which is not so funny if you don't use linux). But in this case, I guess almost anybody remotely interested in NES-development (or just in NES-gaming) would know how to use a rom-image in an emulator (or on real hardware). Unless there are people frequently asking "how to download my first emulator plz help"?

One extra idea would be modifying the rom-image on the fly (if that is possible without too much effort), like storing the user name or email address in the rom-image, and then using the NES code to compute a checksum on that string to produce a 4-digit "PIN" number that works only for that specific user.
That would avoid people re-using a known captcha answer, but won't help if they are hiring somebody with a NES emulator to create some dozen/hundred accounts for them (or rather unlikely: disassemble the NES code).

And, of course, the NES rom could additionally do something like this (repeat dozens of times with different challenges):

The Internet wants You to do this: Click on Street Signs!!!
* Signature
* Street Art
* Shop Front
* Street Signs
* Google!


Or some more complex and subversive variation, like a game that allows to vandalize/decorate all shop fronts with graffiti (perhaps writing your user name), or steal street signs and sell them at a flea market (or to google)... which might ultimately end up with a school bus steering off a cliff in lack of proper warnings about dangerous road stretches, so you might better avoid doing that in real life.
User avatar
Sumez
Posts: 919
Joined: Thu Sep 15, 2016 6:29 am
Location: Denmark (PAL)

Re: how to help fight forum spam

Post by Sumez »

Bregalad wrote: For example I had to do 10 minutes of those when (recently) deleting my google and facebook accounts (*) - because obviously they don't want people to delete their accounts. Google especially. They tell you you're logging in from an unusual place, or whathever. Fuck them, this is none of their buisness.
To be fair, actually deleting your account is an irreversible process, and it makes sense to increase security tenfold on that action. If someone hacked access to your account, deleting it is second probably only to getting access to money stuff.
User avatar
Dwedit
Posts: 4922
Joined: Fri Nov 19, 2004 7:35 pm
Contact:

Re: how to help fight forum spam

Post by Dwedit »

Just got some PM spam...
Here come the fortune cookies! Here come the fortune cookies! They're wearing paper hats!
User avatar
Dwedit
Posts: 4922
Joined: Fri Nov 19, 2004 7:35 pm
Contact:

Re: how to help fight forum spam

Post by Dwedit »

Does the database save which question the user answered to create the account? You can rotate out questions that the spammers can easily answer.
Here come the fortune cookies! Here come the fortune cookies! They're wearing paper hats!
User avatar
Quietust
Posts: 1918
Joined: Sun Sep 19, 2004 10:59 pm
Contact:

Re: how to help fight forum spam

Post by Quietust »

Ever since the forum upgrade, it seems like spambots have been much more prevalent - did we lose (some of) our anti-spam measures in the process?
Quietust, QMT Productions
P.S. If you don't get this note, let me know and I'll write you another.
User avatar
Memblers
Site Admin
Posts: 4044
Joined: Mon Sep 20, 2004 6:04 am
Location: Indianapolis
Contact:

Re: how to help fight forum spam

Post by Memblers »

Quietust wrote: Sat Jan 11, 2020 7:14 am Ever since the forum upgrade, it seems like spambots have been much more prevalent - did we lose (some of) our anti-spam measures in the process?
Yes, much of the spam control was done by an extension, which doesn't work now. It was connected to a community-run database of known spammers, and was fairly effective. We'll need WhoaMan to update that extension. For now we're just relying on the built-in phpBB stuff, which has the questions when you register, and that's it.. I'm surprised it's not worse, though.
bunder
Posts: 21
Joined: Fri Nov 23, 2012 2:20 am

Re: how to help fight forum spam

Post by bunder »

Banshaku wrote: Fri Jan 11, 2019 4:36 pm I'm "so good" at those captcha things that the site thinks I'm a robot and needs to often do it 3~4 times. Hours of fun ^^;;; Often you look at the question and you are like "but this part could be what they asked" and just add it and it just fail since it would be how an automated way would find it (like that small street sign that is very, very far away but nobody would select it but if you check properly, it's there!). So I have to think more like "what would people usually select?". I hate site that uses it and waste so much time because of that.
reminds me of https://www.youtube.com/watch?v=zGW7TRtcDeQ
Post Reply