[Scummvm-devel] We need to upgrade our forums

D G Turner d.g.turner at ntlworld.com
Fri Dec 27 11:42:20 CET 2013


Arnaud,
  True, but if we only get human spammers, the rate is very low.

  The major PITA are the bots... who _still_ appear to be able to
  get past the Textual Confirmation on the forum registration, even
  with the improved questions. :/

  I suspect that their human C&C masters or a handy web service provides
  them with Mechanical Turk to break the textual confirmation with a
  unwitting or uncaring human... *grumble*

  The other option is that they are exploiting a phpBB2 bug to bypass
  this, but I don't think that likely atm (as they would use the bug to
  bypass the registration checks altogether probably and the Textual
  Confirmation check is non standard so doubtful..)

  ANYWAY, a new interim plan to prevent spammers, specifically the bots.

  I am going to change the Textual Confirmation question into a request
  for new users to join the IRC channel and ask for "The Password of the
  Day" which we can change as regularly as we want, but say daily.

  If a forum admin changes this, they should say something along the
  lines of "Oh, today's forum password is Stilton234" in the IRC channel
  so that this is logged for reference.

  This shouldn't be a problem for real humans wanting to register for
  the forums, but should be unsolvable via Google for a bot or a bot
  controlling spammer and even if the human spammer or the Mechanical
  Turk employee logins to IRC to ask, this should slow them down.

  Please note that requests in IRC channel for the password should be
  satisifed, but NOT when they come by Private Message ie. so that
  the requests are logged in the channel logging and the dev giving
  the password should make a quick attempt to ensure the person is a
  real fan and not a spammer i.e. Ask them, "So what is your favorite
  game of ours?" Again, this raises the bar on the spammers...

  I should point out that a quick Google search will show that though
  phpBB3 has better AntiSPAM features, is maintained etc., these kind of
  issues of good CAPTCHA and textual confirmation questions are still
  relevant and so this is not a wasted exercise.
Thanks,
David Turner

On 27/12/13 08:36, Arnaud Boutonné wrote:
> Hi guys
> 
> Just a little word concerning the time it takes those days: don't
> underestimate it. A new account is create 2-3 times per hour, and it's
> manually checked on spam databases then manually confirmed or deleted. So,
> obviously, it takes time.





More information about the Scummvm-devel mailing list