IPB

Welcome Guest ( Log In | Register )

Registration information
djellison
post Oct 2 2008, 12:53 PM
Post #1


Founder
****

Group: Chairman
Posts: 14431
Joined: 8-February 04
Member No.: 1



Currently we, along with many other Invision boards, are getting dozens and dozens of spam registrations per day.

To protect the server and the forum, registration now includes a custom field to filter out automated spammers, as a very simple question.

If you have registered in the past week, but are still waiting for an approval email - please re-register, as your details were almost certainly lost in clearing out the vast number of spam registrations.

Doug
Go to the top of the page
 
+Quote Post
 
Start new topic
Replies
djellison
post Oct 3 2008, 09:46 AM
Post #2


Founder
****

Group: Chairman
Posts: 14431
Joined: 8-February 04
Member No.: 1



And when the person doesn't know?

I've added a custom field which should halt the automated spamming. It's a very VERY simple question.

Invision Board 3 will include an updated version of CAPTCHA, which is a bit more bot resistant - but a simple think like the custom field will actually defeat everything but the very persistent manually registering spammers.
Go to the top of the page
 
+Quote Post
Greg Hullender
post Oct 3 2008, 04:41 PM
Post #3


Senior Member
****

Group: Members
Posts: 1018
Joined: 29-November 05
From: Seattle, WA, USA
Member No.: 590



QUOTE (djellison @ Oct 3 2008, 01:46 AM) *
And when the person doesn't know?

I've added a custom field which should halt the automated spamming. It's a very VERY simple question.

Invision Board 3 will include an updated version of CAPTCHA, which is a bit more bot resistant - but a simple think like the custom field will actually defeat everything but the very persistent manually registering spammers.


I managed Microsoft's anti-spam effort for Live Search for two years before my retirement, so I might be able to suggest something here. The reason spammers are targeting you is that forums that allow posts with registration can still contribute "page rank" (or the equivalent) while forums that allow just anyone to post have long ago been zeroed out by all the major search engines. Getting past the registration is therefore a big win for a spammer. Success for the spammer is like getting a free ad from Google, Yahoo, or Microsoft -- not because people read their post on UMSF but because the link from UMSF to the spammer's porn site confuses the search engines into thinking that UMSF "endorses" the porn site. (And simply by noting how often a UMSF page is the result of a query to Google, Yahoo, or Microsoft demonstrates that UMSF has a very high reputation with all three engines.)

The key points for defense are that, first, UMSF probably isn't someone's specific target; the spammers are trying to get into ANY serious forums, so they won't be doing anything specific for UMSF. That means things that make UMSF different will likely cause it to be passed over -- even by cheap human labor. Second, the defense doesn't have to be perfect. I assume you can handle a small number of leaks manually. A perfect defense is probably impossible, but an excellent one is doable.

So I think you have the right idea for defeating the automated systems, but you might need to update the thing monthly or so. For the human ones, here's a proposal that might work. Have the system ask a question that's answered somewhere on the forum. If they get it wrong, point them to the thread that answers it and let them try again. No human spammer will be allowed to spend enough time on a single CAPTCHA to read much of a thread. Nor to read a Wikipedia article, for that matter. Some few will get through simply because they happened to know the answer already, but that number should be small.

You'd need a bunch of different questions, though; if it's the same one every time, all it takes is for one human to find the answer and share it with his friends. And the spammers have very active online communities (in China and Russia, at least) that are every bit as creative and inventive as UMSF itself is. Again, though, I seriously doubt that UMSF itself would be a specific target for them.

Finally, if the spammers are hiring so much third-world labor that they can actually have individuals specialize in specific sites, then this can still work, but you'd need lots and lots of different questions. In that scenario, the goal is to make it unprofitable for them, since the UMSF expert would only register a few percent as many times as one on a softer target. (But legitimate applicants would also take many times longer to register for UMSF than for other forums.)

Best of luck here, Doug. Beyond CAPTCHA's, I'm afraid the next line of defense is going to have to be requiring people to give a credit card number or some equivalent "hard id."

--Greg
Go to the top of the page
 
+Quote Post

Posts in this topic
- djellison   Registration information   Oct 2 2008, 12:53 PM
- - Ant103   I'm wondering if it's not possible to put ...   Oct 2 2008, 04:51 PM
- - djellison   It's called CAPTCHA, and we already have it in...   Oct 2 2008, 04:55 PM
- - Stu   The price we're paying for the hi-profile plug...   Oct 2 2008, 05:07 PM
- - djellison   Nope - loads of Invision boards have all had the s...   Oct 2 2008, 05:57 PM
- - tty   Apparently spammers are now using "CAPTCHA sl...   Oct 2 2008, 06:51 PM
- - Greg Hullender   Grin. We need a UMSF-specific CAPTCHA that won...   Oct 3 2008, 01:31 AM
- - djellison   A custom field for registration (something as simp...   Oct 3 2008, 07:21 AM
- - Ant103   What about a random raw picture of a spacecraft an...   Oct 3 2008, 09:21 AM
- - djellison   And when the person doesn't know? I've ad...   Oct 3 2008, 09:46 AM
|- - Greg Hullender   QUOTE (djellison @ Oct 3 2008, 01:46 AM) ...   Oct 3 2008, 04:41 PM
- - charborob   This may be a stupid question, but why would spamm...   Oct 3 2008, 12:58 PM
|- - ugordan   QUOTE (charborob @ Oct 3 2008, 02:58 PM) ...   Oct 3 2008, 01:01 PM
- - djellison   To post links to porn, scams, and in this particul...   Oct 3 2008, 01:18 PM
- - stevesliva   Post a link to some porn, get it spidered by googl...   Oct 3 2008, 02:11 PM
- - djellison   All we really needed was a subtle tweak to sort ou...   Oct 3 2008, 07:12 PM
|- - Greg Hullender   QUOTE (djellison @ Oct 3 2008, 11:12 AM) ...   Oct 3 2008, 11:51 PM
- - elakdawalla   For a regular supply of easy-to-Google questions, ...   Oct 3 2008, 09:11 PM
- - imipak   QUOTE (Greg Hullender @ Oct 3 2008, 05:41...   Oct 4 2008, 01:39 PM
- - djellison   It doesn't even need to be random to avoid thi...   Oct 4 2008, 02:17 PM
- - ElkGroveDan   Just something to make them go back and look at th...   Oct 4 2008, 04:07 PM
- - dmuller   I just want to throw in a word of caution ... what...   Oct 4 2008, 05:26 PM
- - djellison   The new system is working beautifully. Normal reg...   Oct 7 2008, 07:39 AM
|- - Tom Tamlyn   Is there an admin address that will go to everyone...   Oct 9 2008, 01:15 AM
- - elakdawalla   Yep. At the lower left of each post is a button t...   Oct 9 2008, 01:52 AM
|- - Shaka   QUOTE (elakdawalla @ Oct 8 2008, 03:52 PM...   Oct 9 2008, 02:09 AM
- - stevesliva   Just assume that he's still reading.   Oct 9 2008, 05:04 AM


Closed TopicStart new topic

 



RSS Lo-Fi Version Time is now: 28th March 2024 - 06:20 PM
RULES AND GUIDELINES
Please read the Forum Rules and Guidelines before posting.

IMAGE COPYRIGHT
Images posted on UnmannedSpaceflight.com may be copyrighted. Do not reproduce without permission. Read here for further information on space images and copyright.

OPINIONS AND MODERATION
Opinions expressed on UnmannedSpaceflight.com are those of the individual posters and do not necessarily reflect the opinions of UnmannedSpaceflight.com or The Planetary Society. The all-volunteer UnmannedSpaceflight.com moderation team is wholly independent of The Planetary Society. The Planetary Society has no influence over decisions made by the UnmannedSpaceflight.com moderators.
SUPPORT THE FORUM
Unmannedspaceflight.com is funded by the Planetary Society. Please consider supporting our work and many other projects by donating to the Society or becoming a member.