[Scummvm-devel] We need to upgrade our forums
D G Turner
d.g.turner at ntlworld.com
Fri Dec 27 11:42:20 CET 2013
Arnaud,
True, but if we only get human spammers, the rate is very low.
The major PITA are the bots... who _still_ appear to be able to
get past the Textual Confirmation on the forum registration, even
with the improved questions. :/
I suspect that their human C&C masters or a handy web service provides
them with Mechanical Turk to break the textual confirmation with a
unwitting or uncaring human... *grumble*
The other option is that they are exploiting a phpBB2 bug to bypass
this, but I don't think that likely atm (as they would use the bug to
bypass the registration checks altogether probably and the Textual
Confirmation check is non standard so doubtful..)
ANYWAY, a new interim plan to prevent spammers, specifically the bots.
I am going to change the Textual Confirmation question into a request
for new users to join the IRC channel and ask for "The Password of the
Day" which we can change as regularly as we want, but say daily.
If a forum admin changes this, they should say something along the
lines of "Oh, today's forum password is Stilton234" in the IRC channel
so that this is logged for reference.
This shouldn't be a problem for real humans wanting to register for
the forums, but should be unsolvable via Google for a bot or a bot
controlling spammer and even if the human spammer or the Mechanical
Turk employee logins to IRC to ask, this should slow them down.
Please note that requests in IRC channel for the password should be
satisifed, but NOT when they come by Private Message ie. so that
the requests are logged in the channel logging and the dev giving
the password should make a quick attempt to ensure the person is a
real fan and not a spammer i.e. Ask them, "So what is your favorite
game of ours?" Again, this raises the bar on the spammers...
I should point out that a quick Google search will show that though
phpBB3 has better AntiSPAM features, is maintained etc., these kind of
issues of good CAPTCHA and textual confirmation questions are still
relevant and so this is not a wasted exercise.
Thanks,
David Turner
On 27/12/13 08:36, Arnaud Boutonné wrote:
> Hi guys
>
> Just a little word concerning the time it takes those days: don't
> underestimate it. A new account is create 2-3 times per hour, and it's
> manually checked on spam databases then manually confirmed or deleted. So,
> obviously, it takes time.
More information about the Scummvm-devel
mailing list