Agree!m^(2) wrote:Well, I've been using some forums for years w/out posting...so I'm not into such methods.
Suspicious users
Re: Suspicious users
Re: Suspicious users
There's another problem. Certain users never post, but are very active in the comments section.
Re: Suspicious users
On some forums if a user doesn't log in for 30 days then an email is sent to him to login within some days or his account will be deleted.
- Andrew Lee
- Posts: 3064
- Joined: Sat Feb 04, 2006 9:19 am
- Contact:
Re: Suspicious users
I think we can add some info after sign up asking new users to post a hello message at the Chit-Chat section. That way, as long as they have at least a single message in the forum, they will not be purged. Spammers presumably will not bother with such etiquette.Maybe add a disclaimer at sign-up that if you don't post within the first 3 months your account will be closed.
Re: Suspicious users
Good idea Andrew.
Re: Suspicious users
Well, I'm not convinced that many of these who come to forums with an intention to just listen will bother to say hello...Andrew Lee wrote:I think we can add some info after sign up asking new users to post a hello message at the Chit-Chat section. That way, as long as they have at least a single message in the forum, they will not be purged. Spammers presumably will not bother with such etiquette.Maybe add a disclaimer at sign-up that if you don't post within the first 3 months your account will be closed.
Re: Suspicious users
Why would they then register in the first place... reading TPFC content is hassle freem^(2) wrote:I'm not convinced that many of these who come to forums with an intention to just listen will bother to say hello...
Re: Suspicious users
319 new users since then.Andrew Lee wrote:Just did a prune on users who have not logged in for the past 3 months with 0 posts.
Now I will just sit back and wait for complaints from users asking why they cannot log in.
Can you check how many of them attempted at posting (spam) to the forums?
Re: Suspicious users
To have the forum software track what I've read and what I haven't.I am Baas wrote:Why would they then register in the first place... reading TPFC content is hassle freem^(2) wrote:I'm not convinced that many of these who come to forums with an intention to just listen will bother to say hello...
- Andrew Lee
- Posts: 3064
- Joined: Sat Feb 04, 2006 9:19 am
- Contact:
Re: Suspicious users
Only 1 legit post in the past 2 days.Can you check how many of them attempted at posting (spam) to the forums?
- Andrew Lee
- Posts: 3064
- Joined: Sat Feb 04, 2006 9:19 am
- Contact:
Re: Suspicious users
I performed some experiments today. Thought you guys might find it interesting.
First I was wondering if there is a loop hole in reCaptcha, which is allowing the spammers to sign up easily.
So I switch over to Q&A format and entered some easy questions (eg. what is the color of snow?)
The spammers were still coming in.
Then I began to wonder if there is a loophole in the registration process of phpBB that is allowing the spammers to bypass the botcheck.
So I make the answer gibberish (eg. instead of "white", it became "aksdhka").
Not a single spammer came through this time.
So the answer is clear. Like the article I read in Wired, the spammers are definitely using low cost workers in India or elsewhere to solve the reCaptcha or Q&A. I guessed as much because the reCaptchas are OCR segments with no easy answer in the first place, and I'd be surprised if they didn't patch up any security holes.
Then I got curious and wonder what kind of trouble they'd go through to answer a question. How about one Google search? So I updated the questions with harder ones like "How many states are there in the US?", or "How many symphonies did Beethoven compose?"
The spammers were still coming in, but at a reduced rate this time. Unscientifically, it's about 30% reduction. So some of your low cost third world workers are still quite eager to earn their pay.
So now the questions have been replaced with more "personal" ones eg. "Who is the founder of TPFC?"
Since then, not a single spammer yet. Maybe it really is too much trouble this time.
First I was wondering if there is a loop hole in reCaptcha, which is allowing the spammers to sign up easily.
So I switch over to Q&A format and entered some easy questions (eg. what is the color of snow?)
The spammers were still coming in.
Then I began to wonder if there is a loophole in the registration process of phpBB that is allowing the spammers to bypass the botcheck.
So I make the answer gibberish (eg. instead of "white", it became "aksdhka").
Not a single spammer came through this time.
So the answer is clear. Like the article I read in Wired, the spammers are definitely using low cost workers in India or elsewhere to solve the reCaptcha or Q&A. I guessed as much because the reCaptchas are OCR segments with no easy answer in the first place, and I'd be surprised if they didn't patch up any security holes.
Then I got curious and wonder what kind of trouble they'd go through to answer a question. How about one Google search? So I updated the questions with harder ones like "How many states are there in the US?", or "How many symphonies did Beethoven compose?"
The spammers were still coming in, but at a reduced rate this time. Unscientifically, it's about 30% reduction. So some of your low cost third world workers are still quite eager to earn their pay.
So now the questions have been replaced with more "personal" ones eg. "Who is the founder of TPFC?"
Since then, not a single spammer yet. Maybe it really is too much trouble this time.
Re: Suspicious users
I'm still curious to know if the remarkable increase in the number of spammers since the debut of the new design has been a mere coincidence or whether, by contrast, it has been caused because, somewhere, a greater traffic to the site has been detected...
Re: Suspicious users
Well, there is a "Register" link on top which is new, only the "Login" link was there before.
Re: Suspicious users
Since most captcha breaking services just show the worker the captcha /or question then possibly something as simple as what is this sites address would suffice.
-
- Posts: 1
- Joined: Wed Nov 14, 2012 10:29 am
Re: Suspicious users
I'm one of those forum members who never post, though I do contribute a comment now and then, usually about an incorrect link. I joined the forum, as much as anything else, because I wanted to be able to easily see member points any given piece of software had earned, and also because I like to read some of the discussions even if I don't have anything in particular to add.I am Baas wrote:Why would they then register in the first place... reading TPFC content is hassle freem^(2) wrote:I'm not convinced that many of these who come to forums with an intention to just listen will bother to say hello...