View unanswered posts | View active topics It is currently Thu Mar 28, 2024 9:48 pm



Reply to topic  [ 14 posts ]  Go to page 1, 2  Next
 Bots? 
Author Message
Rank 9
Rank 9
User avatar

Joined: Tue Oct 08, 2013 6:54 pm
Posts: 45
Mabey time to upgrade the old anit-bot registering system?
At my old 'forum' were I worked as an admin, we found it best to make a custom question in the registering stage, Is that maybe doable?


Fri Nov 22, 2013 5:38 am
Profile
Site Admin
Site Admin

Joined: Thu Feb 07, 2013 11:16 am
Posts: 1865
I have tried that before, but the spammers hire real people to fill in the questions.
So the questions have to be game related. But this will prevent people not so familiar with XStoryPlayer to access the forum.

I have to admit the last two days spamming was really annoying. I think I change the captcha to something more difficult.


Fri Nov 22, 2013 10:23 am
Profile
Rank 2
Rank 2

Joined: Wed Nov 06, 2013 4:12 pm
Posts: 3
As I think pseudos are random, maybe asking them what pseudo they have chosen is a solution.


Fri Nov 22, 2013 11:14 am
Profile
Site Admin
Site Admin

Joined: Thu Feb 07, 2013 11:16 am
Posts: 1865
I understand what you mean. I look into it. But outsmarting the spammers is a job in itself.


Fri Nov 22, 2013 12:52 pm
Profile
Rank 10
Rank 10

Joined: Fri Jun 14, 2013 4:48 pm
Posts: 60
Another solution is to validate account one by one. It's more job on your side, but i think there not so much new real "users" each day... :?

I also saw different anti-bot system :
- IP banning. there are some websites which are specialized to keep records of spammer IP address. You can ban such IP and provide a contact form for false positive.
- Mail banning. Most of spammers always used the same kind of mail address (ie ***@mail.ru) or disposable mail address (like yopmail), which "real" users never use.
- pseudo verification. I saw this one only once. It forbid user name such as e1g5g7z52f5. Only word existing in a dictionary can be used with number prefix or suffix.
- post verification. This is the most efficient and time consuming one. Only an admin can allow a post to be displayed on the forum. This also keep trolls out. You can enhance the system by allowing non-check for "granted" user: after x validated posts, users can publish theirs messages without admin intervention.


Fri Nov 22, 2013 5:12 pm
Profile
Rank 9
Rank 9
User avatar

Joined: Tue Oct 08, 2013 6:54 pm
Posts: 45
xpadmin wrote:
I have tried that before, but the spammers hire real people to fill in the questions.
So the questions have to be game related. But this will prevent people not so familiar with XStoryPlayer to access the forum.

I have to admit the last two days spamming was really annoying. I think I change the captcha to something more difficult.


oh, so its that bad. Its more difficult to come up with a trick question when using an international language. Did you see any similarities between the spammers?
Like IP/ country or mail adress.

ttant wrote:
Another solution is to validate account one by one. It's more job on your side, but i think there not so much new real "users" each day... :?

I also saw different anti-bot system :
- IP banning. there are some websites which are specialized to keep records of spammer IP address. You can ban such IP and provide a contact form for false positive.
- Mail banning. Most of spammers always used the same kind of mail address (ie ***@mail.ru) or disposable mail address (like yopmail), which "real" users never use.
- pseudo verification. I saw this one only once. It forbid user name such as e1g5g7z52f5. Only word existing in a dictionary can be used with number prefix or suffix.
- post verification. This is the most efficient and time consuming one. Only an admin can allow a post to be displayed on the forum. This also keep trolls out. You can enhance the system by allowing non-check for "granted" user: after x validated posts, users can publish theirs messages without admin intervention.


1. Account validation is not a valid method. This is an adult themed forum, many wont use their regular name/email for this kind of stuff for reasons.

2. The spammers often sit on dynamic addresses or proxies so its useless to ban them all.

3. Real good option, especially if similar mails was used during the attack. This often limits the amount they can spam. Make it Gmail,Hotmail and Yahoo only + paid adresses?

4.
Same as nr 1, people will have wierd names when they want a 'anonymous' account.

5. If this game/community gets bigger this is going to be a pain, but at its current size this is a perfect option.


Fri Nov 22, 2013 5:33 pm
Profile
Rank 17
Rank 17
User avatar

Joined: Wed Apr 17, 2013 10:59 am
Posts: 509
Location: Cursed Pickle Jar
I remember a long time ago, during my fledgling days of the internet, that someone coded fake answer fields into the code of the registration page. These answer fields were invisible and inaccessible to anyone using a browser, but not to a bot that is phrasing HTML directly. If these inaccessible questions where answered, the registration would be denied.

Of course, this was a long time ago, and a countermeasure could have been made by now.

_________________
Please follow me on Tumblr and Twitter.
XStoryPlayer discussion over at DigitalEro forums.
How to make easy MOD installers.
HOW TO START MODDING


Fri Nov 22, 2013 6:37 pm
Profile
Rank 9
Rank 9
User avatar

Joined: Tue Oct 08, 2013 6:54 pm
Posts: 45
Pickled Cow wrote:
I remember a long time ago, during my fledgling days of the internet, that someone coded fake answer fields into the code of the registration page. These answer fields were invisible and inaccessible to anyone using a browser, but not to a bot that is phrasing HTML directly. If these inaccessible questions where answered, the registration would be denied.

Of course, this was a long time ago, and a countermeasure could have been made by now.


That was in the first days when bots look through the code instead of the rendered page itself, in those days the bots couldn't do trick questions or Flash/Java tricks. But then the more advance bot came and scanned the rendered page with recognition software being able to scan pictures and what not.


Fri Nov 22, 2013 6:55 pm
Profile
Site Admin
Site Admin

Joined: Thu Feb 07, 2013 11:16 am
Posts: 1865
Most bots come from china. They have a lot of ip's there so ip banning is hard.

Same with email banning, *@main.ru instantly cuts of a lot of people.

I general its always a trade-off between easy of use for users and spam countermeasures.

Some of the proposed ideas are certainly worth investigating.


Fri Nov 22, 2013 9:51 pm
Profile
Rank 17
Rank 17
User avatar

Joined: Wed Apr 17, 2013 10:59 am
Posts: 509
Location: Cursed Pickle Jar
Why is warez the default option on the reporting page? It's never warez.
Attachment:
its never warez.png
its never warez.png [ 5.84 KiB | Viewed 23707 times ]

These bots are annoying enough as it is, and I have to have to click a drop down for each one of their posts?

I want to be able to report a spam post without fear of accidentally labeling it a warez post and subsequently giving an XMP staff member in the process...

_________________
Please follow me on Tumblr and Twitter.
XStoryPlayer discussion over at DigitalEro forums.
How to make easy MOD installers.
HOW TO START MODDING


Sun Jan 26, 2014 9:38 am
Profile
Display posts from previous:  Sort by  
Reply to topic   [ 14 posts ]  Go to page 1, 2  Next

Who is online

Users browsing this forum: No registered users and 9 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group.
Designed by X-Moon Productions.