Castle Paradox Forum Index Castle Paradox

 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 Gamelist   Review List   Song List   All Journals   Site Stats   Search Gamelist   IRC Chat Room

spam control!
Goto page 1, 2  Next
 
Post new topic   Reply to topic    Castle Paradox Forum Index -> Site Suggestions
View previous topic :: View next topic  
Author Message
Bob the Hamster
OHRRPGCE Developer




Joined: 22 Feb 2003
Posts: 2526
Location: Hamster Republic (Southern California Enclave)

PostPosted: Thu Dec 14, 2006 8:59 am    Post subject: spam control! Reply with quote

CastleParadox needs some spam protection.

I don't think captcha will help. It is easy to defeat, and I suspect most of the recent spammings are coming from copy-and-paste-sweatshop workers, not bots.

I think blocking posts that contain URLs from newly registered users would help. Suppose that you have to be a member for at least 48 hours before your posts can contain external urls

Limiting URL-containing posts based on post count could work too... but I hate to see a spammar post 50 "zarg the three day alive floating best the wize other three trout" linkless posts so he can get his count up high enough to post that one spam link (although isn't there already some form of posting rate-limiter in place?)

Another option is a whitelist like the "Not evil" list on the wiki... that takes a little more administration, but is more reliable. Obviously if IM had to edit a text file every time a new non-spammer user joined, that would suck, but if the list came from a source that could be edited by multiple admins, it might be practical.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Valigarmander
Bye-Bye




Joined: 04 Mar 2006
Posts: 750
Location: Nowhere

PostPosted: Thu Dec 14, 2006 9:09 am    Post subject: Reply with quote

Spammers piss me off. I used to go to a website to help depressed teens (no, I'm not making that up) and some assrammer thought it would be a nice idea to turn the website which was originally intended for helping lonely, suicidal kids into page after page of pornography spam. I swear, if I ever catch the man/bot who did all of that I will kick his ass up one end of the Internet and down the other.

Fucking spam.
Back to top
View user's profile Send private message Send e-mail
Inferior Minion
Metric Ruler



Joined: 03 Jan 2003
Posts: 741
Location: Santa Barbara, CA

PostPosted: Thu Dec 14, 2006 12:47 pm    Post subject: Reply with quote

I've implemented a few spam mods, so if anyone has trouble posting please let me know via IRC, AIM, MSN, or e-mail.

As for the captcha, I've had phpBB's captcha turned on for quite some time now. The problem with phpBB is it's very well known and their built-in captcha has been compromised for quite some time now. When it comes to spam prevention, it's an uphill battle.

~IM

_________________
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address MSN Messenger
Camdog




Joined: 08 Aug 2003
Posts: 606

PostPosted: Thu Dec 14, 2006 1:20 pm    Post subject: Reply with quote

No doubt. Thanks for the work you're doing!
Back to top
View user's profile Send private message
Rinku




Joined: 02 Feb 2003
Posts: 689

PostPosted: Thu Dec 14, 2006 1:33 pm    Post subject: Reply with quote

They actually pay people to spam?

Does spam even work? I don't know anyone who's actually bought something they found via spam.
_________________
Tower Defense Game
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address MSN Messenger
Moogle1
Scourge of the Seas
Halloween 2006 Creativity Winner
Halloween 2006 Creativity Winner



Joined: 15 Jul 2004
Posts: 3378
Location: Seattle, WA

PostPosted: Thu Dec 14, 2006 1:37 pm    Post subject: Reply with quote

Problem with filtering URLs in posts, James, is that some spammers don't put the URLs in their posts.

A simple captcha might be insufficient, but it couldn't hurt, either.
_________________
Back to top
View user's profile Send private message Visit poster's website AIM Address
Valigarmander
Bye-Bye




Joined: 04 Mar 2006
Posts: 750
Location: Nowhere

PostPosted: Thu Dec 14, 2006 2:38 pm    Post subject: Reply with quote

Moogle1 wrote:
Problem with filtering URLs in posts, James, is that some spammers don't put the URLs in their posts.


The vast majority of them do. I think filtering URLs would help a chunk of the problem. Certainly not all, but a good part of it.
Back to top
View user's profile Send private message Send e-mail
Setu_Firestorm
Music Composer




Joined: 26 Mar 2003
Posts: 2566
Location: Holiday. FL

PostPosted: Thu Dec 14, 2006 3:51 pm    Post subject: Reply with quote

Rinku wrote:
They actually pay people to spam?

Does spam even work? I don't know anyone who's actually bought something they found via spam.


I often wondered the same thing. As far as I could see: internet advertising is a no-win situation since the only ways to do it tend to piss people off.
_________________


Facebook: http://www.facebook.com/georgerpowell
Newgrounds: http://setu-firestorm.newgrounds.com
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address MSN Messenger
Joe Man




Joined: 21 Jan 2004
Posts: 743
Location: S. Latitude 47°9', W. Longitude 123°43'

PostPosted: Thu Dec 14, 2006 4:20 pm    Post subject: Reply with quote

phpBB is prett much the worst board availible though. Seriously, bots seem to follow me from one phpBB to the other even.


OH SHIT THAT MEANS IT'S MY FAULT
_________________
"Everyone has 200,000 bad drawings in them, the sooner you get them out the better."
~Charles Martin Jones

Last edited by Joe Man on Fri Dec 13, 1957 1:21 am; edited 2,892 time in total
Back to top
View user's profile Send private message Send e-mail
FyreWulff
Still Jaded




Joined: 02 Apr 2005
Posts: 406
Location: The Internet

PostPosted: Thu Dec 14, 2006 5:12 pm    Post subject: Reply with quote

half of it is because the phpBB programmers are fools, the other half is that up until recently, or sometimes I think they still do this, the version number of your board is displayed somewhere publicly.

So all spammers have to do is search for a version of phpBB with a known exploit. then they just pull down all the results and go at it. script kiddies and hackers do this to, this is how Castle Paradox got nailed because somebody was searching for specific versions of phpBB with a certain vulnerability.

I mean hell, I think it's still possible for a user to be forcibly logged out/delete a thread if you construct posts in a certain way.
Back to top
View user's profile Send private message Visit poster's website AIM Address
Bob the Hamster
OHRRPGCE Developer




Joined: 22 Feb 2003
Posts: 2526
Location: Hamster Republic (Southern California Enclave)

PostPosted: Fri Dec 15, 2006 8:01 am    Post subject: Reply with quote

Rinku wrote:
They actually pay people to spam?


The spam sweat-shop is just a theory, but it is a fact that some spamming is done by-hand rather than scripted. I do know there are schemes where spammers do a real-time transfer of a registration captcha from a site they want to spam to a porn site they host. People solve the captcha to gain access to the porn, which the server then forwards on to the registration, leaving the spammer with a valid login.

Rinku wrote:
Does spam even work? I don't know anyone who's actually bought something they found via spam.


I have met a few people IRL who can't tell the difference between spam and legitimate advertisements. Even if only 1 in 1000 falls for it, the spam can still be proffitable.

Also, a lot of these spams are not targeting humans directly, rather they are targeting google's seach-engine algorythm.

Moogle1 wrote:
Problem with filtering URLs in posts, James, is that some spammers don't put the URLs in their posts.


Yes, but they are few in number. Blocking urls eliminates a large percentage of the worst spammers. Remember, if there is no link, the spammer makes no money.

Moogle1 wrote:
A simple captcha might be insufficient, but it couldn't hurt, either.


But we have already had a simple captcha for a long time.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Camdog




Joined: 08 Aug 2003
Posts: 606

PostPosted: Fri Dec 15, 2006 11:03 am    Post subject: Reply with quote

James Paige wrote:
Moogle1 wrote:

A simple captcha might be insufficient, but it couldn't hurt, either.



But we have already had a simple captcha for a long time.


Captchas can hurt, as they're pretty unbeatable for people with disabilities like blindness. Also, they're a usability nightmare, because difficult to read with OCR software is often the same things as difficult to read with human eyes. The easy ones get bypassed and the hard ones cause headaches. That said, it might be helpful if we switched out the default phpBB captcha for something else.

I was reading about an interesting solution for dealing with bot spam not too long ago. Basically, in the registration page, you create a form element with a name that would be attractive to a bot (like "username"), but then use CSS to make it invisible to human users. When a registration is submitted, you can check to see if the "trap" form element was filled out, and if it was, you can discard it. Best of all, its completely transparent to the end user. Of course, this is problematic to users browsing with styles turned off, but who does that anymore?

(Not sure how this would work in the case of the blind user though. Would a screen reader know not to read an element with a style flagging it as not displayed?)
Back to top
View user's profile Send private message
Moogle1
Scourge of the Seas
Halloween 2006 Creativity Winner
Halloween 2006 Creativity Winner



Joined: 15 Jul 2004
Posts: 3378
Location: Seattle, WA

PostPosted: Fri Dec 15, 2006 2:25 pm    Post subject: Reply with quote

Your objection is valid for the internet at large, but it's not like the OHRRPGCE offers much for the vision-impaired user.
_________________
Back to top
View user's profile Send private message Visit poster's website AIM Address
Camdog




Joined: 08 Aug 2003
Posts: 606

PostPosted: Sat Dec 16, 2006 4:50 pm    Post subject: Reply with quote

Heh, that's a good point. I guess I worry too much about web accessability on the job.
Back to top
View user's profile Send private message
FyreWulff
Still Jaded




Joined: 02 Apr 2005
Posts: 406
Location: The Internet

PostPosted: Mon Dec 18, 2006 4:20 am    Post subject: Reply with quote

One of the neatest captchas I've ever seen is the 3D-Magic-Eye captcha for phpBB3.

phpBB3 has some pretty "out-there" captchas.
Back to top
View user's profile Send private message Visit poster's website AIM Address
Display posts from previous:   
Post new topic   Reply to topic    Castle Paradox Forum Index -> Site Suggestions All times are GMT - 8 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group