STAFFORD FORUM IS CLOSING DOWN!

flossietoo

flossietoo

Well-Known Forumite
Is there any way that the sign-up process could include some kind of filter designed to remove a few of the spammers? Something, maybe, which required actual thought: "What is your interest in Stafford?", for instance. I'm not thinking of making it more difficult to get involved in the forum, just to remove some of the tiresome spammers and perhaps reduce work for admin. I'm starting to spot likely spammers by the names that appear in the registered users.
 
Withnail

Withnail

Well-Known Forumite
flossietoo said:
I'm starting to spot likely spammers by the names that appear in the registered users.
Click to expand...
I like that game too. :)

Also, Admin old bean, are we to be given a warning before the close-down finally comes about? I'd like to make sure i am logged out before it disappears - though whether this should concern me or not i confess i don't know.
 
Admin

Admin

You there; behave!
Staff member
flossietoo said:
Is there any way that the sign-up process could include some kind of filter designed to remove a few of the spammers? Something, maybe, which required actual thought: "What is your interest in Stafford?", for instance. I'm not thinking of making it more difficult to get involved in the forum, just to remove some of the tiresome spammers and perhaps reduce work for admin. I'm starting to spot likely spammers by the names that appear in the registered users.
Click to expand...
It already does! I have changed the registration process a few times to try and minimise spammers. As it stands, when you register you have to fill out the following:

FEDX6.jpg
Click to expand...
So the only ones that get through now are real people, not bots, and there's not a lot I can do about them!

The new Forum will have additional safeguards, such as preventing a user from having a signature or posting links until they have made 10 posts, etc.

Withnail said:
Also, Admin old bean, are we to be given a warning before the close-down finally comes about? I'd like to make sure i am logged out before it disappears - though whether this should concern me or not i confess i don't know.
Click to expand...
Yes, I will let people know before the big switchover, via here, Facebook and Twitter. Hopefully only be a few weeks now. :)
 
wmrcomputers

wmrcomputers

Stafford PC & laptop repair specialist
I wouldn't worry about remaining logged in to something that no longer exists anyway. It's all done by a cookie on your computer, so officially you aren't "logged in" as such when you close your browser anyway.
 
MyCult

MyCult

SEO to the FACE
Just a thought, this wont stop them but it will slow them down, don't use such an easily understood 'human test'.

"what is two plus five?" is really easy to program around and very common. "what colour is grass?" is another very easy very common one.

Come out of left field to feck with the bots. For instance "who was the lead singer of queen?" "what opens a lock?"

Perhaps not the best examples but you see where I am coming from. Something unique, that everyone knows and no other forum is using.

The bots will crack it but these kind of questions but will give you more time/protection than the common, more easily recognised & computed ones.

2p
 
citricsquid

citricsquid

Well-Known Forumite
The most widely workable and accepted spam method is to use a hidden input field. The way spam bots work is one of 2 ways (not including mechanical turk based spam, which is "impossible" to prevent): POST data to common forum registration URLs and hope it works, or load up the registration page and attempt to parse the fields then work out what they expect, this is done based on common words. For example, they look for fields with "email" and enter email, "password" and enter password etc etc. but there's one problem with this: bots do not parse page styling so what you can do is create fake input fields and hide them with CSS.

Here's a very basic example that will beat most general spam bots, of course you have issues with ones that are targeting this forum specifically but as with mechanical turk it's unsolvable without a lot of leg work.

Code: 
<form method="POST" action="">
    <label for="username">username</label><input type="text" name="username" value="" id="username" />
    <label for="real_username">username</label><input type="text" name="real_username" value="" id="real_username" />
    <label for="password">password</label><input type="password" name="password" value="" id="password" />
</form>
So as you can see if you were to load that up in your browser now you would see:

username: [input]
username: [input]
password: [input]

and if a bot were to load the page it would "see" the following fields:

username
real_username
password

and because username matches what it thinks the username would be likely to go into it fills that field, it might or might not fill in real_username and it fills in password.

Now what if we were to hide the first username from the user using css?

Code: 
<style>
#real_username{
    display:none;
}
</style>
Now when a user loads the page containing the HTML from above they see:

username: [input]
password: [input]

but the bot doesn't parse CSS so it again sees:

username
real_username
password

So now we know when a request is made the registration process and "username" is filled in that it's a bot, because users can only fill in the input box "real_username". Then what you do in the logic part of the registration is:

Code: 
<?php
    if($_POST['username'])
    {
          $member_group = 2;
    }
?>
where member group 2 is a group "spammers" that requires moderator approval on posts.

BAM instant spam protection!

There is one flaw with this method, if a user is using some sort of screen reading program they will have problems, but with notices on the page about it and the accounts not being discarded only flagged as spammers it's fine.
 
Withnail

Withnail

Well-Known Forumite
mechanical turk based spam
Click to expand...
Mechanical turk based spam.

The fact that this phrase actually means something to someone somewhere gives me a (non-mechanical nor turk based) warm glow.
 
wmrcomputers

wmrcomputers

Stafford PC & laptop repair specialist
clever thinking citricsquid!

What about captcha's admin? You know, where a random image is generated and a user has to type the letters that appear in the image?
 
Admin

Admin

You there; behave!
Staff member
MyCult said:
Just a thought, this wont stop them but it will slow them down, don't use such an easily understood 'human test'.

"what is two plus five?" is really easy to program around and very common. "what colour is grass?" is another very easy very common one.

Come out of left field to feck with the bots. For instance "who was the lead singer of queen?" "what opens a lock?"

Perhaps not the best examples but you see where I am coming from. Something unique, that everyone knows and no other forum is using.

The bots will crack it but these kind of questions but will give you more time/protection than the common, more easily recognised & computed ones.

2p
Click to expand...
The questions do change, it's not the same one every time, but they can't be too obscure. You would be amazed at how many people I have contact me who have trouble with the registration process as it is at the moment - if I make it any more difficult then it would ostracise even more people. :(

citricsquid said:
There is one flaw with this method, if a user is using some sort of screen reading program they will have problems
Click to expand...
And therein lies the problem; dealing with spam is a problem, but I would rather deal with spam than put off real people who are trying to sign-up and find the registration process too inaccessible.

wmrcomputers said:
What about captcha's admin? You know, where a random image is generated and a user has to type the letters that appear in the image?
Click to expand...
Yep, the new Forum will use ReCaptcha. Which is hated by most Internet users, myself included, but, as this discussion demonstrates, has become a necessary evil. :(
 
Withnail

Withnail

Well-Known Forumite
Admin said:
Yep, the new Forum will use ReCaptcha. Which is hated by most Internet users, myself included...
Click to expand...
It took me a while to realise that you can change the 'challenge', if the one you get is indecipherable - it may be an idea to inform people that this is the case if possible.

In fact i have just had to click through about seven of the things to find one i could actually read with any confidence.
 
Gramaisc

Gramaisc

Forum O. G.
I was going to suggest that a prospective member might have to demonstrate the ability to point (reasonably close) to Stafford's location on a map of Great Britain - but males already outnumber females on the Forum as it is..
 
flossietoo

flossietoo

Well-Known Forumite
Gramaisc said:
I was going to suggest that a prospective member might have to demonstrate the ability to point (reasonably close) to Stafford's location on a map of Great Britain - but males already outnumber females on the Forum as it is..
Click to expand...
Perhaps the clever men could teach us?
 
Gramaisc

Gramaisc

Forum O. G.
flossietoo said:
Gramaisc said:
I was going to suggest that a prospective member might have to demonstrate the ability to point (reasonably close) to Stafford's location on a map of Great Britain - but males already outnumber females on the Forum as it is..
Click to expand...
Perhaps the clever men could teach us?
Click to expand...
Probably not - according to the Daily Mail, anyway - and I notice that the (presumably male) researchers only managed to end up with a 'map of the brain'....
 
flossietoo

flossietoo

Well-Known Forumite
Gramaisc said:
flossietoo said:
Gramaisc said:
I was going to suggest that a prospective member might have to demonstrate the ability to point (reasonably close) to Stafford's location on a map of Great Britain - but males already outnumber females on the Forum as it is..
Click to expand...
Perhaps the clever men could teach us?
Click to expand...
Probably not - according to the Daily Mail, anyway - and I notice that the (presumably male) researchers only managed to end up with a 'map of the brain'....
Click to expand...
Well, the Daily Mail would suggest that there is no hope for me. My brain's just the wrong colour. At least that explains why I can never find a way to buy the Mail.
 
Admin

Admin

You there; behave!
Staff member
I'm going to try and upgrade The Forum at the weekend, so please:

Make sure you do not have any important information stored on The Forum. Private Messages will be lost, so make sure you back-up any details you need to keep!

This includes your avatar. If you wish to keep the same avatar, please save it to your own computer so that you can upload it again once the upgrade is complete.

Thanks. :)
 
You must log in or register to reply here.
Top