NZRaG
New Zealand Roleplaying and Gaming forums
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Spammers and their ilk
Goto page Previous  1, 2, 3, 4  Next
 
Post new topic   Reply to topic    NZRaG Forum Index -> Development
View previous topic :: View next topic  
Author Message
sophmelc



Joined: 10 Jan 2008
Posts: 782

PostPosted: Fri Jan 18, 2008 2:00 pm    Post subject: Reply with quote

They're back...
Back to top
View user's profile Send private message Visit poster's website
Luke
Site Admin


Joined: 24 Jan 2006
Posts: 2697

PostPosted: Fri Jan 18, 2008 2:22 pm    Post subject: Reply with quote

I think I am picking them all up pretty quickly during the week and banning their asses Smile
_________________
Playing: Doomstones (WFRP2e); Shades of Terra (Exalted: Dragonblooded)
Running: Thousand Thrones (WFRP2e)
Planning: Incarnadine Crucible (Exalted: Alchemicals); Tale of Twin Kings, Angels of Death and the Lover Who Stole All Things (Exalted 1e)
Back to top
View user's profile Send private message
Mashugenah
Site Admin


Joined: 23 Jan 2006
Posts: 1239
Location: Gallifrey

PostPosted: Fri Jan 18, 2008 4:15 pm    Post subject: Reply with quote

Yeah, I've also taken to banning them before they post if I see a spammer-like username appear. :/
_________________
The opinions prevalent in one age... are confuted and rejected in another and rise again to reception in remoter times. Thus the human mind is kept in motion without progress.
- Samuel Johnson, Preface to Shakespeare
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger
Luke
Site Admin


Joined: 24 Jan 2006
Posts: 2697

PostPosted: Fri Jan 18, 2008 4:18 pm    Post subject: Reply with quote

They are great source of NPC names though - Elliot Wanger, Emmanuel Howland Smile
_________________
Playing: Doomstones (WFRP2e); Shades of Terra (Exalted: Dragonblooded)
Running: Thousand Thrones (WFRP2e)
Planning: Incarnadine Crucible (Exalted: Alchemicals); Tale of Twin Kings, Angels of Death and the Lover Who Stole All Things (Exalted 1e)
Back to top
View user's profile Send private message
IdiotSavant



Joined: 23 Jan 2006
Posts: 1046
Location: Palmerston North (bugger)

PostPosted: Wed Jan 23, 2008 4:41 pm    Post subject: Reply with quote

Are they using a consistent IP range? And if so, can we kill it?
_________________
Playing: ArM5 - Fons Albae; Pendragon: Defenders of Sarum
Running: ArM5 - Fons Albae (rotating); The Laundry
Planning: KapCon XXI; The Devil's Brood (Chimera); Hydra (April 2012)
Back to top
View user's profile Send private message Visit poster's website
Ryan Paddy



Joined: 25 Jan 2006
Posts: 157

PostPosted: Mon Feb 18, 2008 10:38 am    Post subject: Reply with quote

Damn, they seem to have picked up on the visual code reversal trick. They must be attempting to register with both forwards and backwards codes.

We could try something else. Requiring an extra character at the start or end of the code, for example?
Back to top
View user's profile Send private message
Mashugenah
Site Admin


Joined: 23 Jan 2006
Posts: 1239
Location: Gallifrey

PostPosted: Mon Feb 18, 2008 10:39 am    Post subject: Reply with quote

On the Admin forum we are discussing moving to manual user validation. Since Luke, Glock and I all check this site about hourly during waking hours, the lag time should be pretty small and it will be less effort for us.
_________________
The opinions prevalent in one age... are confuted and rejected in another and rise again to reception in remoter times. Thus the human mind is kept in motion without progress.
- Samuel Johnson, Preface to Shakespeare
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger
Adrexia



Joined: 19 Jan 2006
Posts: 2117
Location: Wellington

PostPosted: Mon Feb 18, 2008 12:43 pm    Post subject: Reply with quote

Email validation seems to work in most cases too. Not many spam bots have valid email addresses...
Back to top
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
Benedict



Joined: 22 Jan 2006
Posts: 256

PostPosted: Mon Feb 18, 2008 3:36 pm    Post subject: Reply with quote

Adrexia wrote:
Email validation seems to work in most cases too. Not many spam bots have valid email addresses...


Enough do. I allowed e-mail validation for one night on forums that I look after and ended up with an embarrassing mess to clean up the next morning.
Back to top
View user's profile Send private message
Ryan Paddy



Joined: 25 Jan 2006
Posts: 157

PostPosted: Mon Feb 18, 2008 4:06 pm    Post subject: Reply with quote

Mashugenah wrote:
On the Admin forum we are discussing moving to manual user validation. Since Luke, Glock and I all check this site about hourly during waking hours, the lag time should be pretty small and it will be less effort for us.


Less effort to validate every user than make a one-off change to the code? I'm happy to help with the coding again.
Back to top
View user's profile Send private message
Adrexia



Joined: 19 Jan 2006
Posts: 2117
Location: Wellington

PostPosted: Mon Feb 18, 2008 4:10 pm    Post subject: Reply with quote

Benedict wrote:
Adrexia wrote:
Email validation seems to work in most cases too. Not many spam bots have valid email addresses...


Enough do. I allowed e-mail validation for one night on forums that I look after and ended up with an embarrassing mess to clean up the next morning.


It's more reliable at defeating bots than captcha, but nothing actually beats human interference. What it can do is weed out a bunch of bots for you so you are left to approve/deny a select few. So I guess it depends on how many spammers are signing up a day and how much work you want to manually do.
Back to top
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
Benedict



Joined: 22 Jan 2006
Posts: 256

PostPosted: Mon Feb 18, 2008 4:15 pm    Post subject: Reply with quote

Adrexia wrote:
Benedict wrote:
Adrexia wrote:
Email validation seems to work in most cases too. Not many spam bots have valid email addresses...


Enough do. I allowed e-mail validation for one night on forums that I look after and ended up with an embarrassing mess to clean up the next morning.


It's more reliable at defeating bots than captcha, but nothing actually beats human interference. What it can do is weed out a bunch of bots for you so you are left to approve/deny a select few. So I guess it depends on how many spammers are signing up a day and how much work you want to manually do.


Is it possible to have e-mail verification and then an admin verification step?
Back to top
View user's profile Send private message
Adrexia



Joined: 19 Jan 2006
Posts: 2117
Location: Wellington

PostPosted: Mon Feb 18, 2008 4:20 pm    Post subject: Reply with quote

Benedict wrote:


Is it possible to have e-mail verification and then an admin verification step?


Theoretically yes. I guess a secondary problem though would be driving off potential users who find the sign-up system too complicated or time consuming. Confused

This site has a few good ideas: http://nedbatchelder.com/text/stopbots.html
Back to top
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
Mashugenah
Site Admin


Joined: 23 Jan 2006
Posts: 1239
Location: Gallifrey

PostPosted: Mon Feb 18, 2008 4:44 pm    Post subject: Reply with quote

Ryan Paddy wrote:
Mashugenah wrote:
On the Admin forum we are discussing moving to manual user validation. Since Luke, Glock and I all check this site about hourly during waking hours, the lag time should be pretty small and it will be less effort for us.


Less effort to validate every user than make a one-off change to the code? I'm happy to help with the coding again.


Hey, thanks Ryan; that would be the best way to go I think.

At the moment we seem to be unable to get ahold of Squee, who would need to implement any actual hard code, whereas Admin verification for users seems to be a built-in function. :/

We'll see how it goes.
_________________
The opinions prevalent in one age... are confuted and rejected in another and rise again to reception in remoter times. Thus the human mind is kept in motion without progress.
- Samuel Johnson, Preface to Shakespeare
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger
mundens



Joined: 25 Jan 2006
Posts: 293

PostPosted: Wed Feb 20, 2008 3:57 pm    Post subject: Just a general comment Reply with quote

I'd point out that this board seems to be running an extremely old version of phpbb (from 2005 according to copyright date at the bottom of this page) which means there are numerous known exploits on it.

Even the legacy phpbb 2 (current major version is 3) has a February 2008 release. See www.phpbb.com Security is one of the major problems of using anything developed in PHP, due to the lack of a coherent security model in php itself.

However, regularly updating the software is one good way of keeping spammers and others out.
_________________
Where do ideas come from?
Well, when a boy idea and a girl idea love each other very much...

David Formosa on alt.sex.stories.discussion
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    NZRaG Forum Index -> Development All times are GMT + 13 Hours
Goto page Previous  1, 2, 3, 4  Next
Page 3 of 4

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group