User count
Moderators: [nope] cartel, team nopesport
15 posts
• Page 1 of 1
User count
Seeing that at the time of writing, the newest registered user is an obvious spambot, I was prompted to go and look at the recent registered user list. Browsing through the list I couldn't find one genuine user on the last page (and I can't even look at the previous two from here as I'm told they contain pornographic content!)
I guess blocking or removing posts from these "users" must be working OK, as otherwise we would be flooded, but wondering whether it wouldn't be better to prevent them registering in the first place if that is possible (by having words in a picture which you have to type?) It also seems the user count (rapidly approaching 4000) is inflated well beyond what it should be!
I guess blocking or removing posts from these "users" must be working OK, as otherwise we would be flooded, but wondering whether it wouldn't be better to prevent them registering in the first place if that is possible (by having words in a picture which you have to type?) It also seems the user count (rapidly approaching 4000) is inflated well beyond what it should be!
- Adventure Racer
- addict
- Posts: 1111
- Joined: Tue Jun 14, 2005 11:53 pm
- Location: Somewhere near Malvern
Re: User count
Adventure Racer wrote:by having words in a picture which you have to type?
This doesn't work too well. There are companies out there who employ people to break these, software can handle most of them and some porn sites actually show the random images from other sites so their unwitting visitors decode the images for them.
-
PeterG - diehard
- Posts: 872
- Joined: Fri Dec 05, 2003 6:21 pm
- Location: Edinburgh
Perhaps we should ask ourselves whether we want any Tom, Dick or Harriet on our forums. If the answer is 'no' then maybe we could make it compulsory to enter some valid Orienteering info when registering, such as a valid club name.
Or maybe, to clean up the user list, we could delete any users who do not have a club name entered (valid or not). Do we care anyway?
These are just random thoughts of the top of my head and I'm sure someone will shoot me down in flames.
Or maybe, to clean up the user list, we could delete any users who do not have a club name entered (valid or not). Do we care anyway?
These are just random thoughts of the top of my head and I'm sure someone will shoot me down in flames.
ride it like you stole it
http://www.lomography.com
http://www.lomography.com
-
Harley - orange
- Posts: 126
- Joined: Sat Jun 19, 2004 8:16 pm
- Location: 'answort - culture capital
I was thinking of suggesting something like a valid club name, however the problem with that is should we exclude those who for instance put "heart, diamond, spade" or some other such comment, or heaven forbid don't actually belong to a club. Actually I don't know what I'm doing discussing who should and shouldn't be allowed here - I'm sure there are some who would like to get rid of me
- Adventure Racer
- addict
- Posts: 1111
- Joined: Tue Jun 14, 2005 11:53 pm
- Location: Somewhere near Malvern
Harley wrote:Or maybe, to clean up the user list, we could delete any users who do not have a club name entered (valid or not).
so you better add a club then before you are deleted
-
Fratello de Pingu - light green
- Posts: 228
- Joined: Tue Sep 06, 2005 12:46 pm
- Location: how am i suposed to know
there are foreign users of the site, so the 'club name' idea would be a nightmare to implement due to the many many clubs out there, and no 'world-wide' database (as far as i'm aware anyway)
can we not delete and ip-ban these particular 'users'? or do they change their ip so regularly that it would simply be a drop in the ocean?
can we not delete and ip-ban these particular 'users'? or do they change their ip so regularly that it would simply be a drop in the ocean?
- andy
- god
- Posts: 2455
- Joined: Thu Nov 06, 2003 11:42 pm
- Location: Edinburgh
Only yesterday I sent Pyrat details of a method to stop spam registrations. There have been lots of ways of doing this in the past and the spammers usually find a way round them.
The image that you have to type in the letters from is read by optical character recognition software, just like you use to convert a scanned document into editable text.
The latest option that I have been using on the 3 forums that I manage is to ask a question that requires a human to answer and can’t be completed by a robot script. It can be anything you like, from “What is 2+2� to “What is the name of this website�. It has kept my forums spam free for a week now (6 a day before). Nopesport looks to be getting about 20 a day!
The spammers don't usually post messages because they don't activate their account. The email they use to register is usually fake, so they don't get the email with the link in it that they need to click to activate. A few get through because they are humans not spam robots, it is then the moderators who delete the post before too many people see it, like the one earlier today. They rely on the WWW link that they put in their profile to sucker people into visiting their site. You should always look at the web address that shows in your status bar when you hover over the link to see where you are going before you click.
The image that you have to type in the letters from is read by optical character recognition software, just like you use to convert a scanned document into editable text.
The latest option that I have been using on the 3 forums that I manage is to ask a question that requires a human to answer and can’t be completed by a robot script. It can be anything you like, from “What is 2+2� to “What is the name of this website�. It has kept my forums spam free for a week now (6 a day before). Nopesport looks to be getting about 20 a day!
The spammers don't usually post messages because they don't activate their account. The email they use to register is usually fake, so they don't get the email with the link in it that they need to click to activate. A few get through because they are humans not spam robots, it is then the moderators who delete the post before too many people see it, like the one earlier today. They rely on the WWW link that they put in their profile to sucker people into visiting their site. You should always look at the web address that shows in your status bar when you hover over the link to see where you are going before you click.
- Paul Frost
- addict
- Posts: 1176
- Joined: Sat Feb 26, 2005 6:25 pm
- Location: Highlands
Paul Frost wrote:The spammers don't usually post messages because they don't activate their account. The email they use to register is usually fake, so they don't get the email with the link in it that they need to click to activate.
In which case surely the easy answer is not to actually register anybody fully until they have activated their account? Or can the software not cope with holding a list of registered but unactivated (awaiting activation) accounts separately (where nobody apart from admins can see it)?
I guess if these people aren't actually posting, then it's not that big a deal, as who goes through the user list and looks at new users' profiles anyway (unless you're researching for a thread like this)?
- Adventure Racer
- addict
- Posts: 1111
- Joined: Tue Jun 14, 2005 11:53 pm
- Location: Somewhere near Malvern
There are lots of mods available for phpBB, several of which allow you to not show new members that haven't activated. They still clog up your database though, so the best option is to stop them registering in the first place.
The problem is the success of phpBB, it is used on thousands (275,000 registered members) of websites around the world. This means that it is worth spending time working out how to get around the security.
It's the same as Microsoft verses Apple, if you were going to write a virus that you wanted to affect the most people, which platform would you target?
The problem is the success of phpBB, it is used on thousands (275,000 registered members) of websites around the world. This means that it is worth spending time working out how to get around the security.
It's the same as Microsoft verses Apple, if you were going to write a virus that you wanted to affect the most people, which platform would you target?
- Paul Frost
- addict
- Posts: 1176
- Joined: Sat Feb 26, 2005 6:25 pm
- Location: Highlands
Paul Frost wrote:They still clog up your database though, so the best option is to stop them registering in the first place.
Or possibly a lot simpler, just delete them if they haven't activated within 7 days?
- Adventure Racer
- addict
- Posts: 1111
- Joined: Tue Jun 14, 2005 11:53 pm
- Location: Somewhere near Malvern
No, it's simpler to stop them registering. You have to delete them one at a time, with 20 a day, that's time consuming.
- Paul Frost
- addict
- Posts: 1176
- Joined: Sat Feb 26, 2005 6:25 pm
- Location: Highlands
So the software doesn't let you set up something like that to run automatically then? In which case you're right - just thought maybe if it was possible it would be easier than having to generate questions (you presumably need to keep coming up with new ones to prevent attack).
- Adventure Racer
- addict
- Posts: 1111
- Joined: Tue Jun 14, 2005 11:53 pm
- Location: Somewhere near Malvern
You don't need to keep generating questions, as most of the spammers aren't targeting your site in particular. They are just blindly looking for any phpBB installations. They have a script that has all the standard responses for a phpBB registration form. If it fails it just goes on to the next site and tries again.
It may be worth changing the question every now and again though, just in case.
It may be worth changing the question every now and again though, just in case.
- Paul Frost
- addict
- Posts: 1176
- Joined: Sat Feb 26, 2005 6:25 pm
- Location: Highlands
phpBB admins are able to accept/decline a registration before it can be activated by the user, should they choose to. However, like deleting users from the database, this can obviously only be done manually so takes time - especially if there are multiple registrations a day.
- Peter B
- posting addict
- Posts: 1135
- Joined: Wed Dec 17, 2003 1:17 pm
- Location: Edinburgh
15 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 2 guests