Author Topic: Administrator Access (Read 8474 times)

Wedge · « **on:** June 14, 2007, 10:55:29 AM »

Attention all my Philly friends...

Could those of you with frequent contact with Thom please tactfully remind him of his promise he made to Coil and I at Talamania?

He said that he would check into getting us more autonomy with the website so that Coil and I can better police the spam by actually deleting accounts and installing a screen that would keep future spammers off of our forums.

In discussing the issue while in Philly, the best idea I heard came from McGee (I think it was him so I want to give proper credit). He suggested that we install one of those "jumbled letter" verifications to new accounts. You know that I am talking about right? When you register at a site you have to look at the quirky letters in the color field and type them in. That should stop bots.

Another one I heard was the moderators have to verify a persons first X number of posts before they can be posted on the forum.

Please let Thom know that we desperately need to have more access to better police this forum and hedge out the evil-doer's!

If any of you have other ideas or want to discuss this topic feel free to reply here. Thanks.

joshuaslater · « **Reply #1 on:** June 14, 2007, 12:16:15 PM »

I'll continue nagging him. It's difficult enough to get him to get a hold of Lance in the first place. Lance is the one with the keys to this ride. I'll see what I can do.

Wedge · « **Reply #2 on:** June 14, 2007, 12:17:50 PM »

Quote from: joshuaslater on June 14, 2007, 12:16:15 PM

I'll continue nagging him. It's difficult enough to get him to get a hold of Lance in the first place. Lance is the one with the keys to this ride. I'll see what I can do.

Thank you and good luck!

Topkick · « **Reply #3 on:** June 14, 2007, 02:11:43 PM »

Quote from: Wedge on June 14, 2007, 10:55:29 AM

If any of you have other ideas or want to discuss this topic feel free to reply here. Thanks.

I've got an idea but it involves tracking their RL addresses and a cattle prod

Sylvas · « **Reply #4 on:** June 14, 2007, 02:14:06 PM »

Quote from: Topkick on June 14, 2007, 02:11:43 PM

I've got an idea but it involves tracking their RL addresses and a cattle prod

ouch...I was thinking "Caligula's Slide", but that's a little impractical...the Cattle Prod is a little better option...

B...

wmeredith · « **Reply #5 on:** June 14, 2007, 03:09:36 PM »

Quote from: Topkick on June 14, 2007, 02:11:43 PM

Quote from: Wedge on June 14, 2007, 10:55:29 AM
If any of you have other ideas or want to discuss this topic feel free to reply here. Thanks.

I've got an idea but it involves tracking their RL addresses and a cattle prod

I was thinking rabid wolves and a shallow pit myself.

wmeredith

Topkick · « **Reply #6 on:** June 14, 2007, 04:06:38 PM »

Uhm.....Bill it is a felony to be cruel to wolves -- they are an endangered species.

Coil · « **Reply #7 on:** June 14, 2007, 09:18:55 PM »

Please remind Thom (or Lance). We really need to do something.

The jumbled letter thing is good. I would also like to be able to ban IPs. We could do that on the old forums. It's possible that quite a few of the spammers come from the same computer. Blocking people from posting pictures until they've reached a certain number of posts would be good too.

The best idea of all is the cattle prod of course.

Dr. Nick · « **Reply #8 on:** June 14, 2007, 11:26:16 PM »

what i would really appreciate (really!) if someone could set a robot.txt ( Disallow:/ )

not only will it permit google & co to archive the forum (which takes YOUR writing out of your hands!)
(google does not ignore it, or does it?)

but it will also ward of all other bots wich will reduce spam visibility (hopefully)

cu´s

Coil · « **Reply #9 on:** June 21, 2007, 11:41:55 AM »

*Bump*
Could the Philly people please nag at Thom if you see him. We're getting more and more spammers who link to pics.

Archer · « **Reply #10 on:** June 21, 2007, 12:37:25 PM »

Quote from: Coil on June 21, 2007, 11:41:55 AM

*Bump*
Could the Philly people please nag at Thom if you see him. We're getting more and more spammers who link to pics.

I'll call him on way home.

Wedge · « **Reply #11 on:** June 21, 2007, 01:27:56 PM »

Quote from: Archer on June 21, 2007, 12:37:25 PM

Quote from: Coil on June 21, 2007, 11:41:55 AM
*Bump*
Could the Philly people please nag at Thom if you see him. We're getting more and more spammers who link to pics.

I'll call him on way home.

Thanks John. We appreciate it and so does everyone else!

Anomander_Rake · « **Reply #12 on:** June 30, 2007, 09:00:20 AM »

Quote from: Coil on June 14, 2007, 09:18:55 PM

The jumbled letter thing is good. I would also like to be able to ban IPs. We could do that on the old forums. It's possible that quite a few of the spammers come from the same computer. Blocking people from posting pictures until they've reached a certain number of posts would be good too.

I don'T think it would work...we have the same problem on MegaMekNet forums....and for now the admin is personally granting access to each and every new player...

The problem is

Quote from: Vertigo at Mekwars.org

So I can take the occasion to describe what's going on with these adbots. I don't know if the surge in adbots is an effect of my subscription to the Google AdSense program.

What I learned, by following the forums of the phpBB forum software (the one this board runs on), is that a lot of spammers are using very tricky ways nowadays to bypass the registration hurdles I put in place in the board configuration. These hurdles worked so far. But not anymore. Let me explain why.

Do you remember that when you registered here, you had to type in a string of text read from an image that had some random characters in it? This is what's commonly known as "captcha". For an indepth description, wikipedia can enlighten you: http://en.wikipedia.org/wiki/Captcha

Well, this method is usually very, very good at keeping bots (automated scripts that "recognize" the board software, and try to register user names to post with) at bay, but to let humans breeze thru the registration process. The human registrant is very good at recognizing those characters, while an automated script usually cannot skip/pass this simple test.

Until now.

The (rather clever, I must admit) way for spammers to bypass the captcha is to trick other HUMAN users into providing the correct string for them, so they can register in any captcha-protected forum and bypass the registration hurdle for their script.

More or less the sequence is this:

o) Spammer S affiliates itself with site P (usually porn/warez site).

o) S roams the net for phpBB forums to target - an incredibly easy task with Google, that can be performed automatically.

o) Once S finds a suitable forum (let's call it F), it accesses the registration form with an automated script, reading all the requisite fields, and again automatically filling them with random generated stuff.

o) If it hits a captcha, the bot then copies the image for P to use.

o) Now, let's introduce the Clueless Porn Surfer (C), an user of site P, who wants to register/subscribe/see the second half of the hot video on the site P.

o) P sends a registration form to C, and in the registration form, it adds many captchas. C recognizes them and happily types the correct string.

o) Here's the trick! P doesn't use the captcha for itself! It relays back the correct strings to S! So S can finish the registration of forum F, with correct input provided by a real human, who is THINKING he's registering only on P, while actually unvoluntarily cooperating with S to target F.

o) S can use its adbot to post all he wants on F, since he's been recognized as a legitimate, human user.

Nasty, eh?

Solutions? There are not many. One is to require admins to hand-approve all accounts. This would help a bit, but increase the workload on us (bad), delay forum registration (bad) give lots of false negatives (worse) or false positives (worst).

Another is to tweak phpBB so to accept a right answer for captchas in a very short time window (so if C delays to provide a correct answer to P, or P delays to provide the said answer to S, the registration on F would time out). This could lead to other problems.

Another is to provide other ways to pick users apart from bots. But again, these other ways can just be relayed to other unsuspecting humans registering elsewhere and they are circumvented as before.

As you can see, it's a pretty uphill battle.

DogOWar · « **Reply #13 on:** June 30, 2007, 10:59:53 AM »

That just............sucks. I am not normaly a mean person, but in this case I hope these people come to grief.

Dr. Nick · « **Reply #14 on:** June 30, 2007, 12:13:30 PM »

edit, i read the wiki article and i am smarter now..

edit2: very interesting thing..

this could be useful for us: http://recaptcha.net/

also, i do in fact have a possible solution for the capture-problems supposed in the wiki article..
use recogintion. "what do you see? a car, a house, an elephant?" (supposed in the article)

BUT

use a picture of something, and then a radom picture filter/distortion/etc.
ppl will still know it´s a car or something, but it´s a "new" picture.

-> re-use of a limited set of pictures to generate unlimited (problem supposed in the article).
object recognition to own computers.

the human solutions will, of course, still work..

Excelsior Entertainment Forums

News:

Author Topic: Administrator Access (Read 8474 times)

Wedge

Administrator Access

joshuaslater

Re: Administrator Access

Wedge

Re: Administrator Access

Topkick

Re: Administrator Access

Sylvas

Re: Administrator Access

wmeredith

Re: Administrator Access

Topkick

Re: Administrator Access

Coil

Re: Administrator Access

Dr. Nick

Re: Administrator Access

Coil

Re: Administrator Access

Archer

Re: Administrator Access

Wedge

Re: Administrator Access

Anomander_Rake

Re: Administrator Access

DogOWar

Re: Administrator Access

Dr. Nick

Re: Administrator Access