Commercial Links in User Profiles and Signatures.

Problems logging in? Links not working? Graphics missing? 4xx errors? Post any forum problems here.

Moderator: Webmasters

User avatar
DustyStyx
2D Artist
Posts: 2038
Joined: Wed Aug 11, 2004 02:12 am
Location: Salt Lake
Contact:

Commercial Links in User Profiles and Signatures.

Post by DustyStyx »

Spambots have figured out how to make user accounts and I can't/don't know how to update the forums to combat this. I've been deleting 3 or 4 accounts a day for the past few weeks and it's getting annoying.

As near as I can tell they are doing this just to provide links to various commercial websites, presumably to inflate search results on Google, Bing, etc.

They have primarily embedded URL links into signatures and the user profiles.

I apologize to those who are affected by this that have links to other Blood related websites. Hopefully we will be able to rectify this in short order.
User avatar
Ransu
Cheetah
Posts: 555
Joined: Sun Dec 10, 2006 09:44 pm
Location: Kissimmee, Florida, USA

Post by Ransu »

You can't add in the stuff like a simple math problem and a Captcha thing to prove the user signing up is not a bot?
User avatar
Corbin
Zealot
Posts: 158
Joined: Sat Aug 16, 2008 09:48 pm
Location: california
Contact:

Post by Corbin »

Ransu wrote:You can't add in the stuff like a simple math problem and a Captcha thing to prove the user signing up is not a bot?
Yeah, there should be some sort of add-in or mod for phpBB that would allow you to do this.

Check this site, you should find something to help you out with this.
User avatar
DustyStyx
2D Artist
Posts: 2038
Joined: Wed Aug 11, 2004 02:12 am
Location: Salt Lake
Contact:

Post by DustyStyx »

We already have a CAPTCHA.

I'd like to add in a simple "dagger, eye, moon" type combination lock. I'll look into the extra stuff tho. Thanks, Ransu, Corbin.

addendum: Corbin, it looks like all that stuff is for phpBB 3 or greater, we are still running v2
User avatar
Slink

Not to be a dick, but...

Posts: 1904
Joined: Mon Aug 16, 2004 04:42 am
Location: Niagara County, NY

Re:

Post by Slink »

DustyStyx wrote:We already have a CAPTCHA.

I'd like to add in a simple "dagger, eye, moon" type combination lock. I'll look into the extra stuff tho. Thanks, Ransu, Corbin.

addendum: Corbin, it looks like all that stuff is for phpBB 3 or greater, we are still running v2
THAT would be pretty cool. I could code that. What should I code it in? PHP?
User avatar
Corbin
Zealot
Posts: 158
Joined: Sat Aug 16, 2008 09:48 pm
Location: california
Contact:

Re:

Post by Corbin »

DustyStyx wrote:addendum: Corbin, it looks like all that stuff is for phpBB 3 or greater, we are still running v2
Sorry about that, didn't pay attention to detail. :)
User avatar
Slink

Not to be a dick, but...

Posts: 1904
Joined: Mon Aug 16, 2004 04:42 am
Location: Niagara County, NY

Re: Commercial Links in User Profiles and Signatures.

Post by Slink »

Seriously, should we code this?
User avatar
Willis

Master of the Mask
Lead Programmer

Posts: 872
Joined: Tue Aug 10, 2004 09:28 am
Location: Eau Claire, WI USA
Contact:

Re: Commercial Links in User Profiles and Signatures.

Post by Willis »

No, extra programming isn't really required.

In the last few days I've implemented improvements that should help, however, for this forum, the biggest problem isn't automated bots, it's real people signing up spam accounts, so making more advanced measures won't help much.

I have changed away the regular captchya for a Blood-specific question/answer method, and I have added an additional verification step that should keep automated bots out. The real person sign-ups will still have to be dealt with manually, there isn't much any mods will be able to help with. The only step I could take to further this would be to subscribe to an additional dns black list, but even then results are only marginal, so I'll save my time for the moment.
User avatar
Tchernobog
Tchernobog's Love Child
Posts: 1402
Joined: Tue May 27, 2008 07:30 am
Location: Rural Alberta, Canada
Contact:

Re: Commercial Links in User Profiles and Signatures.

Post by Tchernobog »

Willis wrote:I have changed away the regular captchya for a Blood-specific question/answer method, and I have added an additional verification step that should keep automated bots out.
How difficult are these questions? I mean, do you have to correctly identify words in cultist or is it just simple trivia questions like "What is the final boss of Blood?" or "What is the first weapon you start with?". How much Blood experience before hand would you need?

Cool idea though. Pestis cruento vilomaxus. :)
User avatar
Willis

Master of the Mask
Lead Programmer

Posts: 872
Joined: Tue Aug 10, 2004 09:28 am
Location: Eau Claire, WI USA
Contact:

Re: Commercial Links in User Profiles and Signatures.

Post by Willis »

They are what should be very simple questions.

For example, the two hardest questions ask what company developed the game, and what year it was released. Both very easy to find. The rest are very simple questions that should be answerable to anybody who has simply entered the first level of either Blood or Blood 2.
User avatar
Tchernobog
Tchernobog's Love Child
Posts: 1402
Joined: Tue May 27, 2008 07:30 am
Location: Rural Alberta, Canada
Contact:

Re: Commercial Links in User Profiles and Signatures.

Post by Tchernobog »

Willis wrote:For example, the two hardest questions ask what company developed the game, and what year it was released. Both very easy to find. The rest are very simple questions that should be answerable to anybody who has simply entered the first level of either Blood or Blood 2.
Ah, so there are Blood 2 questions as well. :)

It all sounds fairly reasonable then, and if someone has trouble, my Wiki is at there disposal.</>shameless plug<> :wink:

So what does this mean in terms of account signatures? Will they be renableded at some point?
User avatar
Willis

Master of the Mask
Lead Programmer

Posts: 872
Joined: Tue Aug 10, 2004 09:28 am
Location: Eau Claire, WI USA
Contact:

Re: Commercial Links in User Profiles and Signatures.

Post by Willis »

I will consider it after seeing how the current spam reduction measures fare.

As for Blood 2 questions, there is only 1 question that is Blood 2 only. It has 4 answers. If the question were asked about Blood 1, it would have 1 answer, which would work for Blood 2 as well. I think you can imagine what that is.

There are a few generic questions that you can actually answer with different answers for Blood 1 or Blood 2 that it will accept either answer. In the future, I will likely expand the questions as needed, and may indeed put a link to the wiki to help those who may be unfamiliar.
User avatar
I Live...AGAIN
Cabal member
Posts: 810
Joined: Fri Aug 13, 2004 05:33 am
Location: Detroit
Contact:

Re: Commercial Links in User Profiles and Signatures.

Post by I Live...AGAIN »

Good to see you are on top of things guys! Thanks for the hard work.
User avatar
Corbin
Zealot
Posts: 158
Joined: Sat Aug 16, 2008 09:48 pm
Location: california
Contact:

Re: Commercial Links in User Profiles and Signatures.

Post by Corbin »

I'm getting a massive amount of spam accounts at my own forums despite efforts to stop them, they continually circumvent it.

All this time I thought it was all automated. Guess not. SMF has this interesting puzzle solving thing when you sign up as an addon to prevent bots, but the reason I haven't done it is because I don't want to put off people who are genuinely trying to create an account. So what, these people have nothing better to do with their time?
User avatar
Willis

Master of the Mask
Lead Programmer

Posts: 872
Joined: Tue Aug 10, 2004 09:28 am
Location: Eau Claire, WI USA
Contact:

Re: Commercial Links in User Profiles and Signatures.

Post by Willis »

Nothing better to do is a matter of perspective. These people are probably making money doing what they are doing.

From what I'm seeing in the information of the questionable accounts still joining this forum, their methods lean more towards real people than bots (Normal browser strings, consistent browser strings across a session, answering specific questions). They also appear more strategical, not appearing like spam right away, waiting to fill out the spammy profile fields, etc...

In the last week, about 6 accounts have made it through, and all 6 had these normal user patterns. There is one last method I can implement to slow them down, but I'm still debating if it is worth the time.
Post Reply