Not sure...
Please repost it and we can see the new place.
Please repost it and we can see the new place.
The vb forum spammers have found us
- Thread starter User1
- Start date
huh?
I never deleted that... ?
Oh -- was it posted in NFC? NFC section is like FSW, it has a "rolling expire" on all posts in the section. We do not archive FSW or NFC. Posts in FSW and NFC expire after a certain number of days (yours, mine and everyone else's, nothing personal). Only the X-specific DF and WF are archived indefinitely...
I never deleted that... ?
Oh -- was it posted in NFC? NFC section is like FSW, it has a "rolling expire" on all posts in the section. We do not archive FSW or NFC. Posts in FSW and NFC expire after a certain number of days (yours, mine and everyone else's, nothing personal). Only the X-specific DF and WF are archived indefinitely...
already do
We already do IP range blocking, right now the biggest block ranges we have on server are for areas of Russia, China and some segments of Eastern Europe (these are the main regions where mass spam attacks originate, historically) but some still get through because smarter spammers are spoofing IPs or proxying in from other regions in order to get around such blocks. We have pretty much done most of what we could do already as preventive measures, for the rest, all we can really do is be reactive and block them specifically once they've made themselves known via new reg/post... thank you all for your inputs, I appreciate them!
We already do IP range blocking, right now the biggest block ranges we have on server are for areas of Russia, China and some segments of Eastern Europe (these are the main regions where mass spam attacks originate, historically) but some still get through because smarter spammers are spoofing IPs or proxying in from other regions in order to get around such blocks. We have pretty much done most of what we could do already as preventive measures, for the rest, all we can really do is be reactive and block them specifically once they've made themselves known via new reg/post... thank you all for your inputs, I appreciate them!
challenge questions
We would have to avoid anything that might unintentionally shut out a significant number of legit site users. A lot of enthusiasts (as Dierk mentions) might not have a vin to enter, or prefer not to for whatever reason. It is a good idea though in principle, meaning, something a legit Xhead could answer but spammers would just move on to easier targets, but, not so much a pita that would-be-users take a pass on it, or are shut out by our process. Even my hypothetical upstream (while it made for a good example here to demonstrate what I meant) is in fact too restrictive, new users might have no idea who N54 is. If I implement any challenge question it will have to be a more simple one...
Maybe something like "Enter first 4 letters of our website's address? Ex: http://www.____forums.org" (xweb) This is something I would have to assume most legit users could get and do, and would kill bots, and any human spammers who might come to do a vericode entry would hopefully not waste their time trying to even mess with any custom qs because they have a volume list of other sites to move on to... stay tuned...
We would have to avoid anything that might unintentionally shut out a significant number of legit site users. A lot of enthusiasts (as Dierk mentions) might not have a vin to enter, or prefer not to for whatever reason. It is a good idea though in principle, meaning, something a legit Xhead could answer but spammers would just move on to easier targets, but, not so much a pita that would-be-users take a pass on it, or are shut out by our process. Even my hypothetical upstream (while it made for a good example here to demonstrate what I meant) is in fact too restrictive, new users might have no idea who N54 is. If I implement any challenge question it will have to be a more simple one...
Maybe something like "Enter first 4 letters of our website's address? Ex: http://www.____forums.org" (xweb
) This is something I would have to assume most legit users could get and do, and would kill bots, and any human spammers who might come to do a vericode entry would hopefully not waste their time trying to even mess with any custom qs because they have a volume list of other sites to move on to... stay tuned...... website regsitration
Mac,
Is the registered email address with fastmail.fm for xwebforums.org 'protected'?
That email doesn't appear in any of the web pages?
'Return receipt to' or 'confirm reading to' is sometimes a means of divulging email addresses ...
"poison" CGI scripts ...
Mac,
Is the registered email address with fastmail.fm for xwebforums.org 'protected'?
That email doesn't appear in any of the web pages?
'Return receipt to' or 'confirm reading to' is sometimes a means of divulging email addresses ...
"poison" CGI scripts ...
emails
No email addresses anywhere on this site are accessible directly (besides 2 places, the 1.0 mirror, and if someone deliberately posts their email openly in their post text here, theres javascript in place to prevent bot rips on the former, and we can do nothing about the latter)... if a bot got into the members list they could theoretically use the forums "send email" buttons and forms to spam out but the Xweb server handles the actual emailing between users using forms so users email addresses are not ever revealed directly to anyone... and afaik there is no means by which to send an email receipt request via the forms or our server... but I will double check backend config re: that in case of bots sending requests around the pages, thanks for the idea
No email addresses anywhere on this site are accessible directly (besides 2 places, the 1.0 mirror, and if someone deliberately posts their email openly in their post text here, theres javascript in place to prevent bot rips on the former, and we can do nothing about the latter)... if a bot got into the members list they could theoretically use the forums "send email" buttons and forms to spam out but the Xweb server handles the actual emailing between users using forms so users email addresses are not ever revealed directly to anyone... and afaik there is no means by which to send an email receipt request via the forms or our server... but I will double check backend config re: that in case of bots sending requests around the pages, thanks for the idea
Added ad-hoc human verif q
From now on Xweb will also add this to all registration attempts:
For those of us here who are already registered, the implementation of this will not force you to go answer it now, but, next time you go into "UserCP>EditOptions" you will find this challenge at the bottom of the page there next to the save button and will have to fill it out then in order to save. Either case is one-time-only. Once you put 'xweb' in there and reg or save in usercp it will log it and not ask you again
From now on Xweb will also add this to all registration attempts:
For those of us here who are already registered, the implementation of this will not force you to go answer it now, but, next time you go into "UserCP>EditOptions" you will find this challenge at the bottom of the page there next to the save button and will have to fill it out then in order to save. Either case is one-time-only. Once you put 'xweb' in there and reg or save in usercp it will log it and not ask you again
mellor_21
True Classic
haha yeah i saw that! i still had to look up at the url to get it, but i thought for sure it was too easy and i was way off
for sure don't make the questions complicated, i only came here to learn a bit about them and probably wouldnt have taken the time to figure out how many headbolts the 1500 had
on the other hand, it WOULD make me think this was a highly dedicated and intelligent following, so i'd actually probably take the time to join.
for sure don't make the questions complicated, i only came here to learn a bit about them and probably wouldnt have taken the time to figure out how many headbolts the 1500 had
on the other hand, it WOULD make me think this was a highly dedicated and intelligent following, so i'd actually probably take the time to join.
Glad to have you with us
Yeah, I don't want to make it brain surgery, or otherwise overcomplicate the process for "real" people trying to come join, just toss something extra in that would be just enough to hose up the bots and hopefully add a step that a human spammer would, for having too many easier targets, not want to even burn time messing with... Thanks for joining, you helped me test it out! :clap:PS thank you also to Dierk for your email suggestion as to another hack we can implement for human verification - if the spammers keep getting through after this I will add your code to the reg page as well