jacques Posted November 11, 2008 Posted November 11, 2008 Yeah, just like I thought! Great topics to start new discussions about. Looks like some sicko managed to post something here at last.... what was that...basket case?
Thundersteel Posted November 11, 2008 Posted November 11, 2008 That's the 4th one today. I wonder what's going on.
mars_hall Posted November 11, 2008 Posted November 11, 2008 The way other forums have dealt with this type of intrusion is to request activation confirmation through a private email address. It limits the intrusions from bots, which these could possibly be. Admin needs to trace route the IP of the sender...It is probably being routed through several servers if it is a bot. Hey, it could be what's his name at G ;D
Administrator Posted November 11, 2008 Posted November 11, 2008 The way other forums have dealt with this type of intrusion is to request activation confirmation through a private email address. It limits the intrusions from bots, which these could possibly be. Admin needs to trace route the IP of the sender...It is probably being routed through several servers if it is a bot. Hey, it could be what's his name at G ;D There are three more pending accounts (edit: not now) which are likely to be spambots as well. The accounts are using free email systems and various IP blocks (in mutliple countries). Looking at the accounts that have been banned already, they're likely using a botnet, which makes it virtually impossible to preempt. The board is already configured to require an activation email, but that's fairly easy to circumvent (e.g., script an automated visit using wget or similar to the link when it arrives) if you really want to, and we are not configured to block requests which use free email (gmail, yahoo, etc.). At this point, the options are to prevent anyone with a free email address from joining, require manual approval of all new accounts, or ride it out. Or, some combination fo the three. If it gets much worse, I will probably go for the second option first. Thanks for your patience.
mars_hall Posted November 11, 2008 Posted November 11, 2008 How about a character verification/authentication scheme?
wingnut1 Posted November 11, 2008 Posted November 11, 2008 I imagine if you use manual verification it will stop since they wont be able to create an account so there isn't any payoff.
Administrator Posted November 11, 2008 Posted November 11, 2008 How about a character verification/authentication scheme? If you mean something like 'captcha', that is already required. It was on 'medium dificulty' so I have upped it to 'high difficulty' which makes it a pain to read. I do not know what effect it has on the automated scripts (captcha has been cracked as a security method).
Administrator Posted November 11, 2008 Posted November 11, 2008 I imagine if you use manual verification it will stop since they wont be able to create an account so there isn't any payoff. It also means more work for yours truly. :'(
golferwave Posted November 12, 2008 Posted November 12, 2008 It also means more work for yours truly. :'( Thanks for your time and effort. I wonder what kind of thrill these guys get out of doing this. I think they need more constructive things to occupy their time.
wingnut1 Posted November 12, 2008 Posted November 12, 2008 I think they have pushed spam emails as far as they can and there have been several large arrests against the spammers. This is the new frontier, they aren't manually doing it they have software that is doing it for them.
tulk1 Posted November 12, 2008 Posted November 12, 2008 It also means more work for yours truly. :'( Could you share the pain? Maybe the Moderators could help. Or possibly a Members Moderator position? Not sure how that all works. But I think we have enough vested members to handle some extra load.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.