[DVC]DevCoin - Official Thread - Moderated

[sidhujag]

It really is just bots. About 36k accounts actually. But since registration requires approval,  they are just causing problems.

Cant we just add a captcha on the registration form?

[jasinlee]

http://deathbycaptcha.com/user/login

Captchas are completely pointless now days.

[sidhujag]

somethig similar?! Im sure online merchants are doing somethig to avoid
bots or have to bots been able to perpetrate all registration security out there?

[jasinlee]

somethig similar?! Im sure online merchants are doing somethig to avoid
bots or have to bots been able to perpetrate all registration security out there?

I have never seen a perfect method of keeping them out. But considering everything, since we do not NEED people to register, our best offense is to remove the option for the registration so the site isnt pounded constantly. Now I am looking into filtering the user accounts out to remove the spam ones.

[ranlo]

somethig similar?! Im sure online merchants are doing somethig to avoid
bots or have to bots been able to perpetrate all registration security out there?

I have never seen a perfect method of keeping them out. But considering everything, since we do not NEED people to register, our best offense is to remove the option for the registration so the site isnt pounded constantly. Now I am looking into filtering the user accounts out to remove the spam ones.

Select users that have empty user pages. That should cover it.

Also, for combating captchas, the best method I've seen so far is what Feathercoop did. Once a week they changed the captcha, and it was always something you had to look up. For example, "what is the largest known galaxy" and things like that. This ensured it required work to get the next one, and it killed the point of using a bot since you couldn't really automate things.

[jasinlee]

Those captchas are iframed (I think havent looked at it in a while) then filled out by humans. They still fill them in, its not truly automated. They pay people 0.00001 cents to fill them out.

[ranlo]

Those captchas are iframed (I think havent looked at it in a while) then filled out by humans. They still fill them in, its not truly automated. They pay people 0.00001 cents to fill them out.

But the captchas only work with certain types. You can just add a custom text box that requires something to be input. It won't be registered as a captcha but it, for all intents and purposes, is one.

[Unthinkingbit]

..
I have never seen a perfect method of keeping them out. But considering everything, since we do not NEED people to register, our best offense is to remove the option for the registration so the site isnt pounded constantly. Now I am looking into filtering the user accounts out to remove the spam ones.

I agree, there is no need for people to be able to automatically register. The only way to register should be to ask a sign up admin.

..
Select users that have empty user pages. That should cover it.

Sounds good. For the very few who do useful edits but do not want a user page, they can always ask an admin to make a new account.

[wiser]

Those captchas are iframed (I think havent looked at it in a while) then filled out by humans. They still fill them in, its not truly automated. They pay people 0.00001 cents to fill them out.

People do this for 0.00001 cents???  Those captcha fillers really ought to unionize! LOL

Just as an FYI, I did try to log in just now, and I got a similar story to others.  First, it told me my username or password was wrong.  Then when I tried the password reset option, it told me it couldn't find the user in the database.  But I'm in there, and at least one of my articles does show that I wrote it--at least when you go to an earlier revision.

Hope you guys can get this fixed soon.  I'm really sorry about all the trouble.

[jasinlee]

When the host has the ticket cleared I will get onto the user list clean up. Until then its pointless as it will just corrupt again most likely.

[ranlo]

Sounds good. For the very few who do useful edits but do not want a user page, they can always ask an admin to make a new account.

Hmm, maybe it could go based on activity instead. If the user has been active, don't remove. I noticed the bots aren't making any posts/edits/etc. at all so that should kick them all out, while not affecting anyone who's there legitimately. Not sure how DokuWiki handles the tracking of activity though.

[jasinlee]

Sounds good. For the very few who do useful edits but do not want a user page, they can always ask an admin to make a new account.

Hmm, maybe it could go based on activity instead. If the user has been active, don't remove. I noticed the bots aren't making any posts/edits/etc. at all so that should kick them all out, while not affecting anyone who's there legitimately. Not sure how DokuWiki handles the tracking of activity though.

They cannot post on those accounts due to the admin block on them based on their user group. It is just causing IO errors due to the amount of simultaneous registrations. But none of that will matter since we will just keep the registration page from being available to the bots now.

[smeagol]

Also, for combating captchas, the best method I've seen so far is what Feathercoop did. Once a week they changed the captcha, and it was always something you had to look up. For example, "what is the largest known galaxy" and things like that. This ensured it required work to get the next one, and it killed the point of using a bot since you couldn't really automate things.

That would be cool, except maybe get a random question from a pool of questions or something.

People do this for 0.00001 cents???  Those captcha fillers really ought to unionize! LOL

  hahaha

[markm]

Well we could make them fill out a captcha first in order to learn the fact that they cannot sign up. Why give them that information "for free" up front? :evilgrin:

Basically if they are seemingly human, then tell them what it is that they do have to do in order to get someone to create an account for them.

Maybe bearing in mind we know they are willing to deploy captcha-solvers to do it, so whatever it is should bear that in mind. Which might be why we want a sample article or whatever. (Though I guess bots could have libraries of those too.)

-MarkM-

[matt608]

I published 70,000 words on Devtome last week.  I've PMed unthinkingbit 3 times asking to add me to the payment list and recieved no reply, and I can't see myself on the list.  Can I be added please?

[FuzzyBear]

Well we could make them fill out a captcha first in order to learn the fact that they cannot sign up. Why give them that information "for free" up front? :evilgrin:

Basically if they are seemingly human, then tell them what it is that they do have to do in order to get someone to create an account for them.

Maybe bearing in mind we know they are willing to deploy captcha-solvers to do it, so whatever it is should bear that in mind. Which might be why we want a sample article or whatever. (Though I guess bots could have libraries of those too.)

-MarkM-

We could even trump the people paid to fill out captcha's by using some of these? http://crapcha.com/ :evilergrin

On the forums I run... to stop spam just some simple questions works that vary... I have set some maths questions on ppcointalk and that works for me on that site.. not had to remove spam posts for 5-6 months now.

FuzzyBear

[FinShaggy]

Well we could make them fill out a captcha first in order to learn the fact that they cannot sign up. Why give them that information "for free" up front? :evilgrin:

Basically if they are seemingly human, then tell them what it is that they do have to do in order to get someone to create an account for them.

Maybe bearing in mind we know they are willing to deploy captcha-solvers to do it, so whatever it is should bear that in mind. Which might be why we want a sample article or whatever. (Though I guess bots could have libraries of those too.)

-MarkM-

Reading this makes me feel like deleting the registration page is going to direct bots at our admins mailboxes. I know they won't at first, but once that is the knows method of registration it will be right?

Not really related to the post, just a thought that came up.

[FinShaggy]

I published 70,000 words on Devtome last week.  I've PMed unthinkingbit 3 times asking to add me to the payment list and recieved no reply, and I can't see myself on the list.  Can I be added please?

Too many problems to worry about stuff like that. If you set up your userpage you should be fine.

[jasinlee]

Well we could make them fill out a captcha first in order to learn the fact that they cannot sign up. Why give them that information "for free" up front? :evilgrin:

Basically if they are seemingly human, then tell them what it is that they do have to do in order to get someone to create an account for them.

Maybe bearing in mind we know they are willing to deploy captcha-solvers to do it, so whatever it is should bear that in mind. Which might be why we want a sample article or whatever. (Though I guess bots could have libraries of those too.)

-MarkM-

We could even trump the people paid to fill out captcha's by using some of these? http://crapcha.com/ :evilergrin

On the forums I run... to stop spam just some simple questions works that vary... I have set some maths questions on ppcointalk and that works for me on that site.. not had to remove spam posts for 5-6 months now.

FuzzyBear

The real problem is IO, each time the form is submitted whether successful or not it still attempts. Removing the registration page will make that issue disappear.

[matt608]

I published 70,000 words on Devtome last week.  I've PMed unthinkingbit 3 times asking to add me to the payment list and recieved no reply, and I can't see myself on the list.  Can I be added please?

Too many problems to worry about stuff like that. If you set up your userpage you should be fine.

I have done, this is it, hopefully it's ok.

http://www.devtome.com/doku.php?id=wiki:user:matt608