Ending the Nonsense Part Two

Any Topic

Moderator: OpenUru.org Moderators

Post Reply
User avatar
Whilyam
Member
Posts: 64
Joined: Tue Jan 20, 2009 2:40 am
Contact:

Ending the Nonsense Part Two

Post by Whilyam »

The Horn of Helm Hammerhand will sound in the deep, one last time...

When lunanne was effectively banned from the MOULa forums (by way of removing her from the group that allows people to post on the forum) I was immediately asked to make an Ending the Nonsense Part Two. I was initially hesitant because I didn’t really care about that forum’s drama and I doubted I could be effective. In reflection, however, I realize that this doubt is what has caused these problems to persist for so long and why I must at least try to make a difference.

Let’s start with the obvious: the moderator responsible for this (veralun) should be removed from his moderating privileges. This is the most recent of a long history of veralun and other MOUL forum moderators abusing their powers. This is an abuse of the moderator’s powers to silence individuals because of their views. This is furthermore an abuse without a warning or a notice. This kind of abuse does not reflect well on Cyan and Cyan should, for its own sake, end this nonsense. If Cyan continues to allow this kind of behavior, however infrequent or isolated, it will tarnish Cyan’s reputation in the gaming community. No matter if this is just one “bad apple” the effects will be enormous. This must end now.

Furthermore, this abuseable power should be removed. Hoikas suggested a better anti-spam solution: When you register in the forum, your name could be checked against the spammer database. This system has been used successfully by the GoW and should be used on the MOULa forums. It is time that Cyan joins this noble and comprehensive program.

Finally, and most importantly, Cyan must expend some energy to collaborate with its community. What we have at present is moderators and others picked by Cyan to act in their stead. I still remember Rand’s reaction to “hacks” that opened the door to the “grey hats” keeping the cavern alive. If the good people at Cyan were able to see what good has come from this hacking, perhaps we would see more collaboration and shared growth. Instead we have a new D’ni word… and everyone who cares has either lost interest or has been “banned” in the most shameful, hurtful, and cowardly way possible.
Stucuk
Member
Posts: 36
Joined: Mon May 23, 2011 8:22 am

Re: Ending the Nonsense Part Two

Post by Stucuk »

Furthermore, this abuseable power should be removed. Hoikas suggested a better anti-spam solution: When you register in the forum, your name could be checked against the spammer database. This system has been used successfully by the GoW and should be used on the MOULa forums. It is time that Cyan joins this noble and comprehensive program.
One "Simple" (Well simple if you have some basic PHP knowledge) method is to modify a key field in the registration and/or login bits so the field name is something else (I.E "ilikechocolate") and have a dummy field with the old name which is hidden using style="Display: None;". You modify the PHP so that if the old field name is used then it is ignored by the forum.

Since 99% of bots just submit a general "HTML Form" with the common field names it will fall for the trap. Humans are unaffected because they only ever see the new field.

Its not a 100% perfect solution but it can cut down on spam by alot.
Image
-Stu
User avatar
Whilyam
Member
Posts: 64
Joined: Tue Jan 20, 2009 2:40 am
Contact:

Re: Ending the Nonsense Part Two

Post by Whilyam »

Stucuk wrote:
Furthermore, this abuseable power should be removed. Hoikas suggested a better anti-spam solution: When you register in the forum, your name could be checked against the spammer database. This system has been used successfully by the GoW and should be used on the MOULa forums. It is time that Cyan joins this noble and comprehensive program.
One "Simple" (Well simple if you have some basic PHP knowledge) method is to modify a key field in the registration and/or login bits so the field name is something else (I.E "ilikechocolate") and have a dummy field with the old name which is hidden using style="Display: None;". You modify the PHP so that if the old field name is used then it is ignored by the forum.

Since 99% of bots just submit a general "HTML Form" with the common field names it will fall for the trap. Humans are unaffected because they only ever see the new field.

Its not a 100% perfect solution but it can cut down on spam by alot.
I don't know enough about PHP to comment on that, but it seems like using the database would be simpler to implement and less distracting for the casual user.
User avatar
Mac_Fife
Member
Posts: 1239
Joined: Fri Dec 19, 2008 12:38 am
Location: Scotland
Contact:

Re: Ending the Nonsense Part Two

Post by Mac_Fife »

Actually, I used something very similar to the techniques described by Stucuck back when one of my forums was using phpBB2: Changing the field variable name for one of the essential registration form fields, plus removing the "website" profile field from the registration form altogether. If a submitted form used the old variable name or supplied the website profile field then it had to be a bot and I just sent a "die" to the process. However, the bots got smarter and could spot the changed/omitted fieldnames in the form source, and that technique became ineffective. These days they can even work their way around a lot of javascript based protection :( . If you read some of the postings from the low-lifes on the blackhat SEO forums, you'd be forgiven for deciding never to use the internet again :roll:

Something like ZBBlock is an easy to add mod (basically a one line edit in phpBB3, possibly a little more in phpBB2 to cover all bases), but the issue on the MOUL forums is really one of getting "someone" the time to do something, and I believe that the situation currently is that only Rand has the access to change anything on the forum server space.
Mac_Fife
OpenUru.org wiki wrangler
Stucuk
Member
Posts: 36
Joined: Mon May 23, 2011 8:22 am

Re: Ending the Nonsense Part Two

Post by Stucuk »

Whilyam wrote:I don't know enough about PHP to comment on that, but it seems like using the database would be simpler to implement and less distracting for the casual user.
It may be simpler to implement but the database doesn't always have a bots known usernames. Thats why its good to never rely on one method. Using both is better then using one. My method is not distracting for casual users because they never see it. The only difference to the end user is that they have to download a few extra bytes.
Mac_Fife wrote:However, the bots got smarter and could spot the changed/omitted fieldnames in the form source, and that technique became ineffective.
There are actually alot of bots that fall for it. One thing to note is that with my method the old fields are still there, so they are likely to fall for it because they still see the old fieldnames. I added it to Altar Games forums last year, and it cut the amount of spam by alot (Unfortunately they use an IPB forum where the code is scrambled so installing mods/etc is out of the question so filtering out bots based on parameters sent was the only option). To test if it was effective i added some code to log each time a bot got caught out(The code was later disabled as it was wasting the servers time generating a log).

It doesn't take much to add it on the PHP side(Note the code is for IPB not PHPBB3):

Code: Select all

// Stucuk Was Here

if (strtolower($_POST['act'])=='reg') 
{
 $StuBad = $_POST['EmailAddress'];
 if (isset($_POST['AltarRocks'])) $_POST['EmailAddress'] = $_POST['AltarRocks'];

 if (!empty($StuBad)) 
 { 
 //$myFile = "regfailedlist.txt";
 //$fh = fopen($myFile, 'a');
 // $text = date("y.m.d H:i:s").' - Username: '.$_POST['UserName'].' OldEmailField: '.$StuBad.' NewEmailField: '.$_POST['AltarRocks'].' Referer: '.$_SERVER["HTTP_REFERER"]."\n";
 // fwrite($fh, $text);
 //fclose($fh);

 header('Location: http://forum.altargames.com/'); exit; }
 }

// End of Stucuk
No method is perfect, but it does help hold back the tide. The more hoops bots have the jump through the less likely they will succeed.

Note: Its proberly more effective when my method is added to the login bits as bots are less likely to expect the login fields to be different. They are also far less likely to use humans for the actual posting(Some claim that some bot registrations are humans....).
Image
-Stu
Post Reply

Return to “Open Discussion”