Page 1 of 2

Commercial Links in User Profiles and Signatures.

Posted: Tue Nov 30, 2010 09:21 pm
by DustyStyx
Spambots have figured out how to make user accounts and I can't/don't know how to update the forums to combat this. I've been deleting 3 or 4 accounts a day for the past few weeks and it's getting annoying.

As near as I can tell they are doing this just to provide links to various commercial websites, presumably to inflate search results on Google, Bing, etc.

They have primarily embedded URL links into signatures and the user profiles.

I apologize to those who are affected by this that have links to other Blood related websites. Hopefully we will be able to rectify this in short order.

Posted: Thu Dec 02, 2010 02:47 am
by Ransu
You can't add in the stuff like a simple math problem and a Captcha thing to prove the user signing up is not a bot?

Posted: Thu Dec 02, 2010 08:04 am
by Corbin
Ransu wrote:You can't add in the stuff like a simple math problem and a Captcha thing to prove the user signing up is not a bot?
Yeah, there should be some sort of add-in or mod for phpBB that would allow you to do this.

Check this site, you should find something to help you out with this.

Posted: Thu Dec 02, 2010 03:57 pm
by DustyStyx
We already have a CAPTCHA.

I'd like to add in a simple "dagger, eye, moon" type combination lock. I'll look into the extra stuff tho. Thanks, Ransu, Corbin.

addendum: Corbin, it looks like all that stuff is for phpBB 3 or greater, we are still running v2

Re:

Posted: Tue Dec 14, 2010 07:54 am
by Slink
DustyStyx wrote:We already have a CAPTCHA.

I'd like to add in a simple "dagger, eye, moon" type combination lock. I'll look into the extra stuff tho. Thanks, Ransu, Corbin.

addendum: Corbin, it looks like all that stuff is for phpBB 3 or greater, we are still running v2
THAT would be pretty cool. I could code that. What should I code it in? PHP?

Re:

Posted: Sun Dec 26, 2010 08:20 pm
by Corbin
DustyStyx wrote:addendum: Corbin, it looks like all that stuff is for phpBB 3 or greater, we are still running v2
Sorry about that, didn't pay attention to detail. :)

Re: Commercial Links in User Profiles and Signatures.

Posted: Fri Jan 14, 2011 10:12 am
by Slink
Seriously, should we code this?

Re: Commercial Links in User Profiles and Signatures.

Posted: Fri Jan 14, 2011 04:46 pm
by Willis
No, extra programming isn't really required.

In the last few days I've implemented improvements that should help, however, for this forum, the biggest problem isn't automated bots, it's real people signing up spam accounts, so making more advanced measures won't help much.

I have changed away the regular captchya for a Blood-specific question/answer method, and I have added an additional verification step that should keep automated bots out. The real person sign-ups will still have to be dealt with manually, there isn't much any mods will be able to help with. The only step I could take to further this would be to subscribe to an additional dns black list, but even then results are only marginal, so I'll save my time for the moment.

Re: Commercial Links in User Profiles and Signatures.

Posted: Fri Jan 14, 2011 08:57 pm
by Tchernobog
Willis wrote:I have changed away the regular captchya for a Blood-specific question/answer method, and I have added an additional verification step that should keep automated bots out.
How difficult are these questions? I mean, do you have to correctly identify words in cultist or is it just simple trivia questions like "What is the final boss of Blood?" or "What is the first weapon you start with?". How much Blood experience before hand would you need?

Cool idea though. Pestis cruento vilomaxus. :)

Re: Commercial Links in User Profiles and Signatures.

Posted: Fri Jan 14, 2011 11:32 pm
by Willis
They are what should be very simple questions.

For example, the two hardest questions ask what company developed the game, and what year it was released. Both very easy to find. The rest are very simple questions that should be answerable to anybody who has simply entered the first level of either Blood or Blood 2.

Re: Commercial Links in User Profiles and Signatures.

Posted: Sat Jan 15, 2011 02:31 am
by Tchernobog
Willis wrote:For example, the two hardest questions ask what company developed the game, and what year it was released. Both very easy to find. The rest are very simple questions that should be answerable to anybody who has simply entered the first level of either Blood or Blood 2.
Ah, so there are Blood 2 questions as well. :)

It all sounds fairly reasonable then, and if someone has trouble, my Wiki is at there disposal.</>shameless plug<> :wink:

So what does this mean in terms of account signatures? Will they be renableded at some point?

Re: Commercial Links in User Profiles and Signatures.

Posted: Sat Jan 15, 2011 03:45 am
by Willis
I will consider it after seeing how the current spam reduction measures fare.

As for Blood 2 questions, there is only 1 question that is Blood 2 only. It has 4 answers. If the question were asked about Blood 1, it would have 1 answer, which would work for Blood 2 as well. I think you can imagine what that is.

There are a few generic questions that you can actually answer with different answers for Blood 1 or Blood 2 that it will accept either answer. In the future, I will likely expand the questions as needed, and may indeed put a link to the wiki to help those who may be unfamiliar.

Re: Commercial Links in User Profiles and Signatures.

Posted: Sun Jan 16, 2011 12:29 am
by I Live...AGAIN
Good to see you are on top of things guys! Thanks for the hard work.

Re: Commercial Links in User Profiles and Signatures.

Posted: Mon Jan 17, 2011 12:42 am
by Corbin
I'm getting a massive amount of spam accounts at my own forums despite efforts to stop them, they continually circumvent it.

All this time I thought it was all automated. Guess not. SMF has this interesting puzzle solving thing when you sign up as an addon to prevent bots, but the reason I haven't done it is because I don't want to put off people who are genuinely trying to create an account. So what, these people have nothing better to do with their time?

Re: Commercial Links in User Profiles and Signatures.

Posted: Mon Jan 17, 2011 05:16 pm
by Willis
Nothing better to do is a matter of perspective. These people are probably making money doing what they are doing.

From what I'm seeing in the information of the questionable accounts still joining this forum, their methods lean more towards real people than bots (Normal browser strings, consistent browser strings across a session, answering specific questions). They also appear more strategical, not appearing like spam right away, waiting to fill out the spammy profile fields, etc...

In the last week, about 6 accounts have made it through, and all 6 had these normal user patterns. There is one last method I can implement to slow them down, but I'm still debating if it is worth the time.