Discuss the massively-multiplayer home defense game.
You are not logged in.
Use this thread to post all spamming accounts so Jason can deal with them.
Dinnanid
Offline
AspipleTulp, RellRelsram, Illeragertida, AssufahLask, hoganma0, trealtger and FlackusaMoock are all spamming accounts that I have reported posts from that have not yet been deleted.
Dinnanid
Offline
Yeah, thanks everyone who has been reporting these to me! It's been really helpful.
Offline
Also, I just disabled guest posting of new topics, and forced email confirmation for registrations.
Guests can still post replies, though. We'll see how that goes.
Offline
Also, I just disabled guest posting of new topics, and forced email confirmation for registrations.
Guests can still post replies, though. We'll see how that goes.
Yea there was one person who was spamming as Guest and they were using the same name as a registered spammer.
Dinnanid
Offline
Jason, Can you do one of those image human account creation verifiers or whatever you call them?
Dinnanid
Offline
Yeah, it's called a CAPTCHA.
I really hate those, though.... so that will be a last resort. Email confirmation will usually block bots, I think.
But that won't work for guest posts. I really don't want to turn off guest posts.
Offline
I really don't want to turn off guest posts.
I agree but it is becoming a problem. On the "Facepalm inducing deaths" thread someone was spamming as a guest using a whole bunch of different names.
Last edited by Dinnanid (2013-04-09 20:12:00)
Dinnanid
Offline
Yeah, it's called a CAPTCHA.
I really hate those, though.... so that will be a last resort. Email confirmation will usually block bots, I think.
But that won't work for guest posts. I really don't want to turn off guest posts.
Unfortunately, anonymous posts are a relic from the '90s. The internet is full of jerks now.
Offline
Yeah, it's called a CAPTCHA.
I really hate those, though.... so that will be a last resort.
Well I do too but I still see newly created accounts spamming and they appear to be bots.
Dinnanid
Offline
Could you make a whitelist of people who have purchased the game and captcha the rest?
Offline
for minecraft voting i once saw a different captcha, it showed 9 pictures (once you clicked ready to start the captcha) and first asked you to click on let's say a house, then an airplane, than a child playing. and only if you had all 3 good you could vote. maybe get something similar?
Offline
Another captcha type that works quite well is the simple word puzzle, or some written out math.
But guest posting is impossible nowadays, with all the spammers around. The best thing you can do is have guest posts be put on a queue for approval before being shown.
Offline
Jason, whatever you have done to stop spam is clearly not enough. Spammers are still starting new topics.
There's another option though, which I used myself in phpBB. It does not require CAPTCHAs, and it does not annoy real users.
First you have to understand what these spambots are generally doing:
-- They probably found this board by searching for "Powered by FluxBB" in Google. Some may also search for "Index User list Search Register Login" in order to find boards that removed the FluxBB footer.
-- Requiring valid email addresses won't stop the more advanced spambots, which know how to receive the default FluxBB email and use it.
-- When they post anonymously, they know to fill in the req_username, req_email, and req_message fields.
-- When they register, they know how to fill in req_user, req_email1, and req_email2.
-- They know that the buttons are called "Submit" and "Preview"
-- They know the addresses register.php, login.php, and post.php, and can navigate there directly by URL.
So the solution, of course, is to change FluxBB names from their defaults. Change the "Submit" button, change the names of the req_ fields, change the names of the php files. If you want to be really fancy, make req_message into a hidden field, and make the actual visible field called req_real_message. Then, if anyone submits a req_message, you know they're a spambot. You can do a similar thing with the register page.
The users won't even notice it, but it should stop the spambots cold. Hope it works for you!
Offline
Ouch! I had no idea that running a forum would be such a spam headache.
Seems like i need to put the CAPTCHA in place, at least for new accounts, and then block guests from posting entirely.
Offline
After spam account creation is stopped there is going to need to be a lot of accounts deleted. I just looked at the account list today and in the past few days is has grown HUGE.
Dinnanid
Offline
Jason, whatever you have done to stop spam is clearly not enough. Spammers are still starting new topics.
There's another option though, which I used myself in phpBB. It does not require CAPTCHAs, and it does not annoy real users.
First you have to understand what these spambots are generally doing:
-- They probably found this board by searching for "Powered by FluxBB" in Google. Some may also search for "Index User list Search Register Login" in order to find boards that removed the FluxBB footer.
-- Requiring valid email addresses won't stop the more advanced spambots, which know how to receive the default FluxBB email and use it.
-- When they post anonymously, they know to fill in the req_username, req_email, and req_message fields.
-- When they register, they know how to fill in req_user, req_email1, and req_email2.
-- They know that the buttons are called "Submit" and "Preview"
-- They know the addresses register.php, login.php, and post.php, and can navigate there directly by URL.So the solution, of course, is to change FluxBB names from their defaults. Change the "Submit" button, change the names of the req_ fields, change the names of the php files. If you want to be really fancy, make req_message into a hidden field, and make the actual visible field called req_real_message. Then, if anyone submits a req_message, you know they're a spambot. You can do a similar thing with the register page.
The users won't even notice it, but it should stop the spambots cold. Hope it works for you!
Great Job Howrad! It's good to know there's people out there that are still trying to stop these guys.
Offline
Okay, finally put a test for humans in place on the registration form. Guest posts are also disabled.
Though I wonder if all these new registrations are bots that are planning to come back later to post spam. Maybe they know to wait 24 hours to avoid detection.
Offline
Jason, can you please delete the guest spam posts form "Facepalm inducing deaths" and "Big steals"?
It is really bugging me
Last edited by Dinnanid (2013-04-12 20:58:22)
Dinnanid
Offline
Are those posts still there? Have you reported them?
I've been keeping up with the reports every few days, deleting stuff.
Even with the human test, lots of spam accounts are being made. I just made the human test questions harder to guess (4 digit numbers as answers). But the spam might be from human spammers. If that's the case, then obviously some other measure will be needed.
Running a forum is a real pain!
Offline
Are those posts still there? Have you reported them?
I've been keeping up with the reports every few days, deleting stuff.
Even with the human test, lots of spam accounts are being made. I just made the human test questions harder to guess (4 digit numbers as answers). But the spam might be from human spammers. If that's the case, then obviously some other measure will be needed.
Running a forum is a real pain!
Are there any trustworthy members in the community that you would consider giving Moderator privileges on the forum so that they can help ease the load of banning any bots that get through?
Offline
Yeah, I've thought about making moderators, but that's just passing the buck.
That also makes the whole thing dependent on THOSE people remaining active (and doing a lot of annoying work.... uggh).
I'm still looking for a better solution.
Right now, the spammers are answering my "really advanced" math problems with 4-digit answers. That means these are all humans, not bots (they were also answering my questions about animal legs just fine).
There's also the idea of requiring new members to be "approved" before they can post new topics.... but again, that requires an admin headache and is harmful to the good users.
I'm about to try adding a question specific to the game itself, something that would take a human spammer a few minutes to find the answer to, making it not worth their time.
Offline
Yeah, I've thought about making moderators, but that's just passing the buck.
That also makes the whole thing dependent on THOSE people remaining active (and doing a lot of annoying work.... uggh).
I'm still looking for a better solution.
Right now, the spammers are answering my "really advanced" math problems with 4-digit answers. That means these are all humans, not bots (they were also answering my questions about animal legs just fine).
There's also the idea of requiring new members to be "approved" before they can post new topics.... but again, that requires an admin headache and is harmful to the good users.
I'm about to try adding a question specific to the game itself, something that would take a human spammer a few minutes to find the answer to, making it not worth their time.
Hmm. Perhaps there is a way to sync the game's ticket server to the forum so that people without the game are limited to only posting in a specific board? Wouldn't eliminate the spam entirely, but it would at least contain it - the most meaningful conversation is going to be coming from people who have played the game, so limiting areas to just those users shouldn't impact things too badly.
Offline
Hmm. Perhaps there is a way to sync the game's ticket server to the forum so that people without the game are limited to only posting in a specific board? Wouldn't eliminate the spam entirely, but it would at least contain it - the most meaningful conversation is going to be coming from people who have played the game, so limiting areas to just those users shouldn't impact things too badly.
One problem I see with this solution is that some people use a different email for forums than they do for games or other security-sensitive accounts (bank accounts, paypal, etc.).
I have multiple emails and I used a different one for the forums than I used for the game. So as long as there is an option to add a different email to the whitelist then I don't mind.
Offline
Okay! The game-based question (how much does the gun in the game cost) seems to have stopped spam accounts from being created.
There are still a bunch of existing accounts that will have to be weeded out, though.
Also, it remains to be seen whether REAL users are okay with answering that question!
Offline