IPB

Welcome Guest ( Log In | Register )

2 Pages V   1 2 >  
Closed TopicStart new topic
Registration information
djellison
post Oct 2 2008, 12:53 PM
Post #1


Founder
****

Group: Chairman
Posts: 14448
Joined: 8-February 04
Member No.: 1



Currently we, along with many other Invision boards, are getting dozens and dozens of spam registrations per day.

To protect the server and the forum, registration now includes a custom field to filter out automated spammers, as a very simple question.

If you have registered in the past week, but are still waiting for an approval email - please re-register, as your details were almost certainly lost in clearing out the vast number of spam registrations.

Doug
Go to the top of the page
 
+Quote Post
Ant103
post Oct 2 2008, 04:51 PM
Post #2


Senior Member
****

Group: Members
Posts: 1621
Joined: 12-February 06
From: Bergerac - FR
Member No.: 678



I'm wondering if it's not possible to put a visual code to type manually to clearly make the difference between a spam robot and a human…


--------------------
Go to the top of the page
 
+Quote Post
djellison
post Oct 2 2008, 04:55 PM
Post #3


Founder
****

Group: Chairman
Posts: 14448
Joined: 8-February 04
Member No.: 1



It's called CAPTCHA, and we already have it in place. This recent bout is actually using people.
Go to the top of the page
 
+Quote Post
Stu
post Oct 2 2008, 05:07 PM
Post #4


The Poet Dude
****

Group: Moderator
Posts: 5551
Joined: 15-March 04
From: Kendal, Cumbria, UK
Member No.: 60



The price we're paying for the hi-profile plug by the BBC..?


--------------------
Go to the top of the page
 
+Quote Post
djellison
post Oct 2 2008, 05:57 PM
Post #5


Founder
****

Group: Chairman
Posts: 14448
Joined: 8-February 04
Member No.: 1



Nope - loads of Invision boards have all had the same problem, starting at the same time.
Go to the top of the page
 
+Quote Post
tty
post Oct 2 2008, 06:51 PM
Post #6


Member
***

Group: Members
Posts: 688
Joined: 20-April 05
From: Sweden
Member No.: 273



Apparently spammers are now using "CAPTCHA slaves" from poor countries to get around the code.
Go to the top of the page
 
+Quote Post
Greg Hullender
post Oct 3 2008, 01:31 AM
Post #7


Senior Member
****

Group: Members
Posts: 1018
Joined: 29-November 05
From: Seattle, WA, USA
Member No.: 590



Grin. We need a UMSF-specific CAPTCHA that won't be so easy for uneducated folks. "What planet is this?" "What shape is this orbit?"

Of course, they probably don't let you replace the CAPTCHA.

--Greg
Go to the top of the page
 
+Quote Post
djellison
post Oct 3 2008, 07:21 AM
Post #8


Founder
****

Group: Chairman
Posts: 14448
Joined: 8-February 04
Member No.: 1



A custom field for registration (something as simple as "Which red planet is fourth from the sun" ) is on the cards, but I'd rather see if the invision team come up with something a little less dumb than that.
Go to the top of the page
 
+Quote Post
Ant103
post Oct 3 2008, 09:21 AM
Post #9


Senior Member
****

Group: Members
Posts: 1621
Joined: 12-February 06
From: Bergerac - FR
Member No.: 678



What about a random raw picture of a spacecraft and a question : "what spacecraft took this?".


--------------------
Go to the top of the page
 
+Quote Post
djellison
post Oct 3 2008, 09:46 AM
Post #10


Founder
****

Group: Chairman
Posts: 14448
Joined: 8-February 04
Member No.: 1



And when the person doesn't know?

I've added a custom field which should halt the automated spamming. It's a very VERY simple question.

Invision Board 3 will include an updated version of CAPTCHA, which is a bit more bot resistant - but a simple think like the custom field will actually defeat everything but the very persistent manually registering spammers.
Go to the top of the page
 
+Quote Post
charborob
post Oct 3 2008, 12:58 PM
Post #11


Senior Member
****

Group: Members
Posts: 1075
Joined: 21-September 07
From: Québec, Canada
Member No.: 3908



This may be a stupid question, but why would spammers want to register on this forum?
Go to the top of the page
 
+Quote Post
ugordan
post Oct 3 2008, 01:01 PM
Post #12


Senior Member
****

Group: Members
Posts: 3652
Joined: 1-October 05
From: Croatia
Member No.: 523



QUOTE (charborob @ Oct 3 2008, 02:58 PM) *
This may be a stupid question, but why would spammers want to register on this forum?

To umm.... spam?


--------------------
Go to the top of the page
 
+Quote Post
djellison
post Oct 3 2008, 01:18 PM
Post #13


Founder
****

Group: Chairman
Posts: 14448
Joined: 8-February 04
Member No.: 1



To post links to porn, scams, and in this particular high intensity glut of spamming, links to the very software they use to do the spamming.
Go to the top of the page
 
+Quote Post
stevesliva
post Oct 3 2008, 02:11 PM
Post #14


Senior Member
****

Group: Members
Posts: 1598
Joined: 14-October 05
From: Vermont
Member No.: 530



Post a link to some porn, get it spidered by google, increase the target page's pagerank...

Google's inevitable response is to give forum comments very low weighting, which is annoying. If we link to websites and say, "This is a great page about _____," it should affect pagerank! Darn spammers. I'm sure blog comments are already given basically zero weighting.
Go to the top of the page
 
+Quote Post
Greg Hullender
post Oct 3 2008, 04:41 PM
Post #15


Senior Member
****

Group: Members
Posts: 1018
Joined: 29-November 05
From: Seattle, WA, USA
Member No.: 590



QUOTE (djellison @ Oct 3 2008, 01:46 AM) *
And when the person doesn't know?

I've added a custom field which should halt the automated spamming. It's a very VERY simple question.

Invision Board 3 will include an updated version of CAPTCHA, which is a bit more bot resistant - but a simple think like the custom field will actually defeat everything but the very persistent manually registering spammers.


I managed Microsoft's anti-spam effort for Live Search for two years before my retirement, so I might be able to suggest something here. The reason spammers are targeting you is that forums that allow posts with registration can still contribute "page rank" (or the equivalent) while forums that allow just anyone to post have long ago been zeroed out by all the major search engines. Getting past the registration is therefore a big win for a spammer. Success for the spammer is like getting a free ad from Google, Yahoo, or Microsoft -- not because people read their post on UMSF but because the link from UMSF to the spammer's porn site confuses the search engines into thinking that UMSF "endorses" the porn site. (And simply by noting how often a UMSF page is the result of a query to Google, Yahoo, or Microsoft demonstrates that UMSF has a very high reputation with all three engines.)

The key points for defense are that, first, UMSF probably isn't someone's specific target; the spammers are trying to get into ANY serious forums, so they won't be doing anything specific for UMSF. That means things that make UMSF different will likely cause it to be passed over -- even by cheap human labor. Second, the defense doesn't have to be perfect. I assume you can handle a small number of leaks manually. A perfect defense is probably impossible, but an excellent one is doable.

So I think you have the right idea for defeating the automated systems, but you might need to update the thing monthly or so. For the human ones, here's a proposal that might work. Have the system ask a question that's answered somewhere on the forum. If they get it wrong, point them to the thread that answers it and let them try again. No human spammer will be allowed to spend enough time on a single CAPTCHA to read much of a thread. Nor to read a Wikipedia article, for that matter. Some few will get through simply because they happened to know the answer already, but that number should be small.

You'd need a bunch of different questions, though; if it's the same one every time, all it takes is for one human to find the answer and share it with his friends. And the spammers have very active online communities (in China and Russia, at least) that are every bit as creative and inventive as UMSF itself is. Again, though, I seriously doubt that UMSF itself would be a specific target for them.

Finally, if the spammers are hiring so much third-world labor that they can actually have individuals specialize in specific sites, then this can still work, but you'd need lots and lots of different questions. In that scenario, the goal is to make it unprofitable for them, since the UMSF expert would only register a few percent as many times as one on a softer target. (But legitimate applicants would also take many times longer to register for UMSF than for other forums.)

Best of luck here, Doug. Beyond CAPTCHA's, I'm afraid the next line of defense is going to have to be requiring people to give a credit card number or some equivalent "hard id."

--Greg
Go to the top of the page
 
+Quote Post

2 Pages V   1 2 >
Closed TopicStart new topic

 



RSS Lo-Fi Version Time is now: 31st October 2024 - 11:15 PM
RULES AND GUIDELINES
Please read the Forum Rules and Guidelines before posting.

IMAGE COPYRIGHT
Images posted on UnmannedSpaceflight.com may be copyrighted. Do not reproduce without permission. Read here for further information on space images and copyright.

OPINIONS AND MODERATION
Opinions expressed on UnmannedSpaceflight.com are those of the individual posters and do not necessarily reflect the opinions of UnmannedSpaceflight.com or The Planetary Society. The all-volunteer UnmannedSpaceflight.com moderation team is wholly independent of The Planetary Society. The Planetary Society has no influence over decisions made by the UnmannedSpaceflight.com moderators.
SUPPORT THE FORUM
Unmannedspaceflight.com is funded by the Planetary Society. Please consider supporting our work and many other projects by donating to the Society or becoming a member.