Topic by Green Gables Fan 2014-07-27 02:43:40 (edited by Green Gables Fan 2014-08-19 00:07:09)

  • From: Over the Rainbow
  • Registered: 2010-05-07
  • Posts: 1,895
  • User Karma: 36

Hello there,
I just came back from visiting another forum, and the way they have it set up is quite interesting, since it also uses PunBB. However, before you can post any new topic, or post a reply, after you have put your subject, tags and the body, you have to solve three CAPTCHA puzzles. One is where you have to type the letters you either see or hear. the second and third can either be a simple math problem like what is six plus two, or, it can be a word problem, like what is the second word? Tree, Snake, Hawk, Squirrel.
I was thinking that because we often get spams on here that we could implement something along those lines on here. I'm not sure if something like that has already been discussed though.

Ulysses, KJ7ERC
She/they
Reedsy

Green Gables Fan's Website

Quote Post 1

Thumbs up

Reply by Dark 2014-07-27 09:17:24

  • Dark
  • He who writes
  • Offline
  • From: The Ivory Tower
  • Registered: 2005-12-16
  • Posts: 29,212
  • User Karma: 3,502

Hmmm, a capture for every topic plus mathematics questions? good grief that would get on everyone's whick!

We actually did try a similar antispam system where people would be asked a question, however though the question was only supposed to be asked at registration, it kept popping back up to the point where it was totally irritating.

I'll also add that some spammers at least are humans not bots, who have been employed to spread adds around the net and will pretty much just sit there and solve such captures and things all day, one reason why those bloody annoying image only systems with no alternative don't even work and just cause more problems than they stop.

Frankly the best way to deal with spam is for human moderators to be regular about giving it the boot! which is what we in fact do, this causes no inconvenience to members at all.

With our dreaming and singing, Ceaseless and sorrowless we! The glory about us clinging Of the glorious futures we see,
Our souls with high music ringing; O men! It must ever be
That we dwell in our dreaming and singing, A little apart from ye. (Arthur O'Shaughnessy 1873.)

Dark's Website

Quote Post 2

Thumbs up

Reply by jack 2014-08-18 17:16:31

  • jack
  • Administrator
  • Offline
  • From: United States
  • Registered: 2010-10-16
  • Posts: 6,801
  • User Karma: 936

Hmm, now that you bring up captchas that reminds me of how google removed the captchas entirely and changed to the sms verification method. Basically, when creating a google account, you give them your phone number, and an automated system sends you a text message with a unique verification code and then a link to carry on with registration that will expire after a time that I don't remember. When that link is clicked you enter the verification code, and carry on with registration. Actually, I don't think they give you a code, they probably just give you a unique registration link to carry on with registration and confirm that it is you continuing registration. Only problem with that, although most people have a phone or other mobile device, it would be kind of overkill to just assume everyone! has a phone. Second, I'd imagine that spambot programmers has long since worked around this method and have injected fake phone numbers that receive messages into spambots. Additionally, Dark is right about the whole human spammer thing, those guys ought to have phones if they know what's good for them and bad for us, or they fake it themselves. But on the other hand, it does work around the whole captcha thing.

Quote Post 3

Thumbs up

Reply by Riad 2014-08-18 21:19:56

  • Riad
  • Hunter grunt
  • Offline
  • From: Tripoli, Lebanon
  • Registered: 2014-04-10
  • Posts: 1,366
  • User Karma: 79

May be asking the user a random question when he registers, or may be doing an e-mail verification before activating the account. That's what I did on my website to prevent spammers, which are increasing these days.

Quote Post 4

Thumbs up

Reply by Green Gables Fan 2014-08-19 00:05:57

  • From: Over the Rainbow
  • Registered: 2010-05-07
  • Posts: 1,895
  • User Karma: 36

Roro, we're not talking about robotic spammers. We're talking about human spammers now. And my originals suggestion was that it asks you a random question before you post anything, albeit a topic or a reply, etc.

Ulysses, KJ7ERC
She/they
Reedsy

Green Gables Fan's Website

Quote Post 5

Thumbs up

Reply by Sebby 2014-08-19 01:01:58

  • Sebby
  • Audio Quaker
  • Offline
  • From: London, UK
  • Registered: 2013-04-20
  • Posts: 2,500
  • User Karma: 149

Since there is no foolproof way to prevent spammers, the best you can realistically do is perform as much non-intrusive verification as possible. SMS would work (there are APIs for it) but so would using another service for authentication, like Google. And of course there's the time-honoured, but very successful, technique of simply sending an email to the specified email account. Yes, spammers *can* work around it, sometimes using free services created for disposable accounts, but doing so increases the level of effort required. And increasing the level of effort required is the only thing that can work to stem the flood. Just don't do anything that would penalise legitimate users.

Just myself, as usual.

Sebby's Website

Quote Post 6

Thumbs up

Reply by Socheat 2014-08-20 09:52:26

  • From: Cambodia
  • Registered: 2013-05-10
  • Posts: 4,983
  • User Karma: 135

Yeah, I think an SMS activation is good at this way.

Follow me on Mastodon.

Socheat's Website

Quote Post 7

Thumbs up

Reply by burak 2014-08-24 00:28:37

  • burak
  • Light Cardinal
  • Offline
  • From: İstanbul, Türkiye
  • Registered: 2010-05-17
  • Posts: 5,019
  • User Karma: 156

While sms activation might be good, not everyone has a phone so that would be a problem.

I post sounds I record to freesound. Click here to visit my freesound page
I usually post game recordings to anyaudio. Click here to visit my anyaudio page

burak's Website

Quote Post 8

Thumbs up

Reply by Sebby 2014-08-24 07:37:38

  • Sebby
  • Audio Quaker
  • Offline
  • From: London, UK
  • Registered: 2013-04-20
  • Posts: 2,500
  • User Karma: 149

Well, why doesn't email activation work here yet? Is it a limitation of the board?

Just myself, as usual.

Sebby's Website

Quote Post 9

Thumbs up

Reply by Dark 2014-08-24 23:26:07

  • Dark
  • He who writes
  • Offline
  • From: The Ivory Tower
  • Registered: 2005-12-16
  • Posts: 29,212
  • User Karma: 3,502

Last I checked the board already had e-mail activation, you need an address to register and have your pass word sent to you like any other board, unless your talking about something else.

With our dreaming and singing, Ceaseless and sorrowless we! The glory about us clinging Of the glorious futures we see,
Our souls with high music ringing; O men! It must ever be
That we dwell in our dreaming and singing, A little apart from ye. (Arthur O'Shaughnessy 1873.)

Dark's Website

Quote Post 10

Thumbs up

Reply by Socheat 2014-08-27 15:16:53

  • From: Cambodia
  • Registered: 2013-05-10
  • Posts: 4,983
  • User Karma: 135

@burak
But nowadays, most people have the phone on their hands. smile

Follow me on Mastodon.

Socheat's Website

Quote Post 11

Thumbs up

Reply by jack 2014-09-13 16:15:25

  • jack
  • Administrator
  • Offline
  • From: United States
  • Registered: 2010-10-16
  • Posts: 6,801
  • User Karma: 936

Email activations are not ideal as spambots or human spammers create fake disposable emails. It would be way too easy. Sms would be easy for human spammers with a phone, but bot programmers would have to put a fake phone number into their bot to make it work, so it would be a bit harder for them to register

Quote Post 12

Thumbs up

Reply by jennymariam 2014-10-12 11:33:44 (edited by jennymariam 2014-10-16 03:01:08)

  • Registered: 2014-10-09
  • Posts: 3
  • User Karma: 1

Captchas Don’t Work: How To Trick Spam Bots With a Smarter Honey Pot

captcha-featured-image  August 6, 2013|  Ryan Johnston|  Industry Thoughts
Is anyone else tired of being caught in the endless loop of captchas? It can be very hard to read the strange text, especially when it’s full of random letters that look like numbers and vice versa. I really hate it when the letters are so squashed together that you can’t read them. There has to be a better solution!


What is a captcha?
feather hair extensions kit

You’ve seen captchas in your internet travels. They are those tests to see if you are a human. Captchas can take the form of a simple math problem or swirly text.

How do you feel about those captcha tests? They make me feel like a site doesn’t trust me. They get between me and my goal, slow me down, and annoy me. I get a feeling that I’m not alone in this.

What is a spam bot?

A spam bot is a piece of software written with the specific purpose of filling out forms with information that benefits the spam bot author. This usually takes the form of comments that contain links which might help their website’s SEO (Search Engine Optimization). A clever author can extract the math problem from your form and calculate an answer. A very clever spam author can also get around image captchas.

So, how do you stop spam bots?

The ultimate way to stop spam bots is to use the akismet plugin. Unfortunately, this service now costs money. I didn’t see any mention on their site of price cuts for non-profits. For a small personal blog or a small non-profit, this is cost prohibitive.

It’s time for a creative programming solution! To stop a spam bot you have to think like a programmer writing a spam bot. The simplest of spam bots see a form and fill in every field on the form. So, what’s the solution?

Quote Post 13

Thumbs up +1

Reply by Dark 2014-10-12 17:59:29

  • Dark
  • He who writes
  • Offline
  • From: The Ivory Tower
  • Registered: 2005-12-16
  • Posts: 29,212
  • User Karma: 3,502

@JAck, I don't really see why a spambot creator couldn't just train a spambot to put in a fake phone number. E-mail activation isn't a perfect solution sinse there are ways round it as you said, i was just ppointing out that the board had it already.

@Jenny, interesting article and a thumbs up from me. I have seen some forms with a "don't type in this box" field, which prevent spammers, it's certainly a million times more accessible than those stupid captchas, though whether it works or not I don't know. I'll suggest that one to Sander to see if he knows a Punbb way of adding it.

With our dreaming and singing, Ceaseless and sorrowless we! The glory about us clinging Of the glorious futures we see,
Our souls with high music ringing; O men! It must ever be
That we dwell in our dreaming and singing, A little apart from ye. (Arthur O'Shaughnessy 1873.)

Dark's Website

Quote Post 14

Thumbs up

Reply by Sebby 2014-10-12 20:57:06

  • Sebby
  • Audio Quaker
  • Offline
  • From: London, UK
  • Registered: 2013-04-20
  • Posts: 2,500
  • User Karma: 149

Well, I was asking more on the theory that it wasn't working, rather than the expectation. I can't remember the sign-up process, but if email activation really is present and isn't working, then we've already got big issues, because human beings can solve any challenge; the actual submission part is completely automated, and all the spammer has to do is click the link in an email. Having used a CR system where only replying is required to approve a message, I can definitely say that it puts up the barrier against robots, but it can't help with intentionally malicious people.

Just myself, as usual.

Sebby's Website

Quote Post 15

Thumbs up

Reply by aaron 2014-11-14 12:43:44

  • aaron
  • Administrator
  • Offline
  • Registered: 2005-03-07
  • Posts: 9,250
  • User Karma: 585

Hi,
@dark: I think you just got fooled by a Spambot. Look at the post more closely. Notice the feather hair extention kit link embedded in there? Yep, this one's very very sneaky indeed. I've not seen a spambot that can fool our members like that very often, but it's happened, inall three of it's topics.

Quote Post 16

Thumbs up +1

Reply by Socheat 2014-11-14 14:48:08

  • From: Cambodia
  • Registered: 2013-05-10
  • Posts: 4,983
  • User Karma: 135

Agreed with Aaron here, I was saw this spam a while ago, but I'm not sure, because this spam makes me confusing with it post's. just this morning, when I look closely, I think it is  not good to me, so I thaught I would report it to the moderators.

Follow me on Mastodon.

Socheat's Website

Quote Post 17

Thumbs up

Reply by jack 2015-06-04 04:40:25

  • jack
  • Administrator
  • Offline
  • From: United States
  • Registered: 2010-10-16
  • Posts: 6,801
  • User Karma: 936

Yeah, that post was fishy right when I saw the link. Wasn't fooled by it, although this one had quite a lot to say and seemed to want to promote spambots being destroyed, lol. And yes, you may need a phone service plan to make calls, but you most certainly don't need one to fake sms and unfortunately spammers know that all too well. All they need is an sms api and they're set,. I was thinking both email verification and phone verification at the same time, but that wouldn't help matters much. Yeah, it's not really all that possible to automate the booting of spambots.

Quote Post 18

Thumbs up

Reply by Dark 2015-06-04 15:15:44

  • Dark
  • He who writes
  • Offline
  • From: The Ivory Tower
  • Registered: 2005-12-16
  • Posts: 29,212
  • User Karma: 3,502

Phone verrification? well I'm not running up a massive bill phoning everyone who wants to join this forum, likewise I personally wouldn't want to join any forum that required my phone number (there is some information I just want to keep secret).

With our dreaming and singing, Ceaseless and sorrowless we! The glory about us clinging Of the glorious futures we see,
Our souls with high music ringing; O men! It must ever be
That we dwell in our dreaming and singing, A little apart from ye. (Arthur O'Shaughnessy 1873.)

Dark's Website

Quote Post 19

Thumbs up

Reply by Trajectory 2015-06-17 15:02:48

  • From: canada
  • Registered: 2007-01-27
  • Posts: 1,154
  • User Karma: 201

I think Google and others want this SMS verification junk so they can hord phone numbers as a way to send even more unwanted advertising. I agree with Dark though; you can't win against human spammers. It's a career for those people.
You could try delaying posts from members with a post count under say three for moderator approval. I've seen plenty of sites that do that. I've also seen sites that don't allow new members to post URLs until they reach ten posts or so. Of course PunBB might not have the features anyway.

Official server host for vgstorm.com and developer of the Manamon 2 netplay server.
PSA: sending unsolicited PMs or emails to people you don't know asking them to buy you stuff is disrespectful. You'll just be ignored, so don't waste your time.

Quote Post 20

Thumbs up

Reply by Dark 2015-06-17 19:21:42

  • Dark
  • He who writes
  • Offline
  • From: The Ivory Tower
  • Registered: 2005-12-16
  • Posts: 29,212
  • User Karma: 3,502

You already are restricted to only one link per post until I believe 10 posts, and to be honest most spammers are too stupid to notice limits anyhow (I've deleted spambots that don't post a single link just pages of woffle).



I wouldn't personally fancy moderator verrification for new member posts, sinse to be honest we'd need lots more moderators, and I'd hate to be in a position where a developer advertising an important new game was delayed. Indeed,  for the same reason it'd be rather bad if posting of all links was disabled to new members, sinse we have lots of new developers or groups coming and wanting to point people in the direction of their new game or demo or trailer or kickstarter campaign or whatever, and just like moderator approval I'd not want to get in the way of that.

As I said previously, along with the various automated antispam stuff we run such as  honypot that is directed at bots specifically, there is no substitute for moderators on search and destroy.
Plus, myself and the other mods also derive some vindictive pleasure in making up snarky messages for spammers that will be displayed when they try to return to the forum.

here are a couple of more humourus examples copied from the ban list for amusement value:

message: If your not a spambot, please contact us. If you are a
spambot, do not contact us, please go to hell and burn for all
eternity! thank you!


message: forum banned badger yes no are you to be for bad is
not to confusing chopped ham and pork upon internet causes
much problems yes it does so piss off into cooker of hell devil
thing not compliant with sanity.


message: Begone you horrid spammer! spam yee know more!
your spam is not wanted here! so either learn the ways of
unspamminess or smeg off and spam in hell!


message: avaunt! thou foul and filthsome spambot! aget thee
gone! and ne'er darken this forum from hence forth with thy
putrid stench of demonic spam! I cast thee out!


message: Go spam elswhere, we're not interested in free
movies.


message: Take your kidneys elsewhere!


message: Go away and spam no more yee horrid spambot!
return to the nethermost depths of spamicious hell from which
thou spammed!


message: if your not a spambot please contact us. if you are a
spambot, please don't contact us, please go and jump in a lake!

With our dreaming and singing, Ceaseless and sorrowless we! The glory about us clinging Of the glorious futures we see,
Our souls with high music ringing; O men! It must ever be
That we dwell in our dreaming and singing, A little apart from ye. (Arthur O'Shaughnessy 1873.)

Dark's Website

Quote Post 21

Thumbs up