Angband.oook.cz
Angband.oook.cz
AboutDownloadVariantsLadderForumCompetitionSpoilersComicScreenshotsFunniesLinks

Go Back   Angband Forums > The real world > Oook!

Reply
 
Thread Tools Display Modes
Old February 13, 2010, 14:20   #1
Pete Mack
Veteran
 
Join Date: Apr 2007
Location: Seattle, WA
Posts: 2,399
Donated: $40
Pete Mack is on a distinguished road
Spammers & bots

After the massive pr0nspam attack yesterday, I took a look at the new members list.

It's pretty clear this site is under moderately heavy attack by bots--there are an insane number of new 'members' with obviously generated names with 0 posts and 0 visits, on order of 10 registrations per day. One of them--apparently a master site--is repeatedly using an R-rated picture as its avatar.

Pav,
This is looking rather grim. Can you put some restriction on the composition of user names or something?

If you like, I'm willing to research the vbulletin boards for possible remedies.
Pete Mack is offline   Reply With Quote
Old February 13, 2010, 14:35   #2
Nick
FAangband maintainer
 
Nick's Avatar
 
Join Date: Apr 2007
Location: Canberra, Australia
Age: 49
Posts: 4,427
Donated: $60
Nick is on a distinguished road
A partial solution might be to
  1. Include a comment in the registration email to the effect that any account which has no posts and no ladder dumps within a week will be deleted and
  2. Delete any account with no posts or ladder dumps within a week.

Don't ask for implementation details - I'm more of an idea rat.
__________________
One Ring to rule them all, One Ring to find them,
One Ring to bring them all and in the darkness bind them.
Nick is offline   Reply With Quote
Old February 13, 2010, 14:59   #3
pav
Administrator
 
pav's Avatar
 
Join Date: Apr 2007
Location: Prague, Czech republic
Age: 34
Posts: 753
pav is on a distinguished road
Send a message via ICQ to pav
Pete, I am aware of those usernames. So far, they havent done any harm, or any activity at all. They were all registered from a single subnet of certain Indonesian ADSL provider, which is rather curious.

The spam outbreaks are always done by a freshly registered username.

Deleting accounts is counter-productive, as that allows the spambot second round of spamming. Banning these accounts is better.
__________________
See the elves and everything! http://angband.oook.cz
pav is offline   Reply With Quote
Old February 13, 2010, 16:35   #4
Derakon
Prophet
 
Derakon's Avatar
 
Join Date: Dec 2009
Posts: 6,040
Derakon is on a distinguished road
I recommend changing the captcha to something more specific to Angband. I don't think that the bots are specifically targeting this site; they're just scanning for forums they know how to register and post on, and then trying repeatedly to get past the captcha. Change it into something like "What is the first artifact light source most characters find?" (and then doing a regex for "galadriel" on the answer) would probably work pretty well. Or even "What famous fantasy author's work is Angband based on?"

Heck, one site I use just says "Are you human?"
Derakon is offline   Reply With Quote
Old February 13, 2010, 16:49   #5
SaThaRiel
Adept
 
SaThaRiel's Avatar
 
Join Date: Nov 2009
Posts: 164
SaThaRiel is on a distinguished road
Yeah, fighting spam(-bots) is not an easy task. I have some success on a forum with a simple math module (well, for phpBB). Its just questioning stuff like "seven plus 3" or "IV minus six" and the like...it seems to work. Maybe this is an idea for this board (if there is a module for vBulletin). The "board topic" related question will work too.
Captcha and email activation do some good but seem to leak a bit. I dont know why...maybe the bots are good enough.
Another change i recently made is to put all users into a "newly registered users" group which doesnt allow them to browse the memberlist, pm other members and post directly (posts have to be approved first). They will be put into the usual member group after 2 posts (apporoved ones). I think that you can compare the workload to this forum (also more users but postcount should be similar or just a bit higher). And it consumes maybe 15-20 minutes additional "work" a day.
Protecting the admin area with an .htaccess file seems to do good too. So many little things can be done. The sum should work well
SaThaRiel is offline   Reply With Quote
Old February 13, 2010, 17:50   #6
pav
Administrator
 
pav's Avatar
 
Join Date: Apr 2007
Location: Prague, Czech republic
Age: 34
Posts: 753
pav is on a distinguished road
Send a message via ICQ to pav
Those are solid advices, but I believe the recent spam outbreaks were carried out by a living fleshy human, not by a botnet.

I would hate to inconvenience newcomers to have to wait a couple of hours before their initial post is approved. I fear that would drive people away from starting to post on here. I already do that thing you mentioned about PMs.
__________________
See the elves and everything! http://angband.oook.cz
pav is offline   Reply With Quote
Old February 13, 2010, 18:16   #7
Atarlost
Swordsman
 
Join Date: Apr 2007
Posts: 441
Atarlost is on a distinguished road
You could, though, hold any post with an external url or image by a new poster for moderation.

So urls that start with andband.ook.cz are allowed through (since the ladder is here) but any other url gets the post in the moderation queue.
__________________
One Ring to rule them all. One Ring to bind them.
One Ring to bring them all and in the darkness interrupt the movie.
Atarlost is offline   Reply With Quote
Old February 13, 2010, 18:19   #8
pav
Administrator
 
pav's Avatar
 
Join Date: Apr 2007
Location: Prague, Czech republic
Age: 34
Posts: 753
pav is on a distinguished road
Send a message via ICQ to pav
Not a bad idea. I will check how hard it will be to implement in vB.
__________________
See the elves and everything! http://angband.oook.cz
pav is offline   Reply With Quote
Old February 13, 2010, 18:28   #9
SaThaRiel
Adept
 
SaThaRiel's Avatar
 
Join Date: Nov 2009
Posts: 164
SaThaRiel is on a distinguished road
Hm, and what about having a post delay of some minutes for the second post (after registration - one post direct, 2nd one has to wait)? Mostly people who are interested will post one topic or answer a question maybe - but they seldom post 2 or more times after they registered. So this may help to keep the mass spamming flesh humans away because it takes them too much time (actually they get paid for it).
Sure there is the chance that someone wants to post twice and maybe has to wait for 5 minutes. But with a good description this shouldn't be a too big problem for most people. And if its a problem for them then theyre maybe in the wrong forum anyway
SaThaRiel is offline   Reply With Quote
Old February 13, 2010, 18:29   #10
pav
Administrator
 
pav's Avatar
 
Join Date: Apr 2007
Location: Prague, Czech republic
Age: 34
Posts: 753
pav is on a distinguished road
Send a message via ICQ to pav
Ineffective - the first spam will still get through.
__________________
See the elves and everything! http://angband.oook.cz
pav is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
steamband & mutations cofresi Variants 3 December 23, 2009 22:16
Ironman Q & A miyazaki Vanilla 1 August 24, 2009 03:23
Fear & AC-bonus miyazaki Vanilla 2 August 19, 2009 16:29
Larvitz's Q&A Thread 1.0 Larvitz Vanilla 6 January 30, 2009 21:15
Feature & game_balancing requests Daven_26d1 Vanilla 6 July 14, 2007 23:52


All times are GMT +1. The time now is 08:18.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.