26 replies to this topic

[Hobbesy]

-Note: This doesn't show up on the board index, so I assumed it may be a good idea to post it here as well. Disabling registrations is pretty drastic a move, and I hate for people to be turned away. :v

Due to a serious and dramatic increase in the number of spam bots attempting to join FS since the New Year we have temporarily disabled all new registrations for guests, effective immediately.

If any guests wish to register for Fallout Studios then we would request that they email us on admin@falloutstudios.net and advise us of their desired username and we will create their account for them, after we have validated the authenticity of the request.

We will be looking to remove this process as quickly as possible.

-Fallout Studios Administration

Edited by Hobbesy, 11 January 2011 - 15:35.

[Nem]

Whats wrong with just validating new members? Something really dumb is going on.

[R3ven]

Yeah, I highly doubt this would be the best way to go.

[Libains]

Nem, on 11 Jan 2011, 20:33, said:

Whats wrong with just validating new members? Something really dumb is going on.

We, and most other sites based on IPB (Revora, for example) are currently suffering from a massive surge in bot registrations, more than we can cope with by means of manual validation (which we've already been doing for the past year or so to combat the far more frequent bot registrations). To give you a rough idea, we're geting the thick end of 100 bots registering a day - going through those, checking the emails and IPs against known spammers, etc, is a severely time consuming task. It is far easier, and makes more sense, from our perspective, to simply ask that people get in touch with us until this surge in bot activity ends. Hopefully it won't be too long.

[Wizard]

Nem, on 11 Jan 2011, 20:33, said:

Something really dumb is going on.

I agree, like someone with no understanding of the situation commenting on something that they know nothing about.

[Dauth]

Update the Captcha? MIght slow them down a bit.

[Wizard]

Honestly, this isn't something we've just done for the hell of it. Forums everywhere have been deluged by bots, captcha or any other method of validation, not withstanding. This option isn't exactly out of line and pretty simple and quick. If a human can read the forum they can see what to do and we can process them quickly. I've just checked our email and no new members have requested registration besides the 200 bots we've had in the last 3 days.

[Hobbesy]

Nem, on 11 Jan 2011, 15:33, said:

Whats wrong with just validating new members? Something really dumb is going on.

Let's see you go through 200 bots one by one every 24 hours. We aren't disabling this because we're too lazy or because we think it's funny.

TheDR and I have both personally attempted to stop the influx of them for well over a week, and there's simply no end to the bots registering. This topic wasn't created as a statement to how we dislike validating members, it was created to better inform those who may wish to register that we have a work around until the problem ceases, or someone finds a way to stop it. I was honestly hoping you would have gathered this much from the first sentence in the OP.

Edited by Hobbesy, 12 January 2011 - 01:32.

[Stinger]

Any common link to be gleaned from those that registered? I can't imagine they all have different IPs.

[Libains]

Stinger, on 12 Jan 2011, 2:35, said:

Any common link to be gleaned from those that registered? I can't imagine they all have different IPs.

Interestingly, was looking for that earlier. There are a few similar IP addies, but no two bots use the same one, and the emails, whilst many have been made in Gmail, are still all unique. Even hunting down the location of the IPs gives no luck - they're distributed worldwide. If I had to make a guess, I'd say that someone somewhere has a botnet of sorts hitting IPB forums.

To give you a quick example of what happens if we let these things register, have a look at SWR's member list, sorted by join date. There has to be between 100-200 members having joined in the last 48hrs alone, of which about one appears to have actually completed validation. The same holds true for Revora's forums.

Edited by AJ, 12 January 2011 - 03:35.

[Ghostrider]

Yeah, email seems a viable option for becoming a member anyways, it's not that big of a deal. And it's not like we're getting several new registration requests a day anyways (at least that I'm aware of).

[GuardianTempest]

I wonder, what do those bots even want from us anyway?

[BeefJeRKy]

GuardianTempest, on 16 Jan 2011, 4:40, said:

I wonder, what do those bots even want from us anyway?

They tend to spam with links to sites where you are bombarded with ads. They ultimately make money for somebody.

[Gen.Kenobi]

Maybe IPB 3 is the solution? [I haven't checked their anti-bot tools yet]

(Or PHPBB? They have a lot of mods that prevent bots...)

Edited by Gen.Kenobi, 17 January 2011 - 01:12.

[CJ]

I was wondering whether you could upgrade the captcha or something along those lines? I avoided bots on my old forum simply by adding a plugin which replaces the ordinary captcha by simple questions like "1+1 = ? We don't care, just type 3 in the box"

[Wizard]

Gen.Kenobi, on 17 Jan 2011, 0:50, said:

Maybe IPB 3 is the solution? [I haven't checked their anti-bot tools yet]

(Or PHPBB? They have a lot of mods that prevent bots...)

IPB3 isn't a "solution" to this problem, it's a problem in and of itself, although it does have the facility to stop a large number of these bots.

CJ, on 17 Jan 2011, 4:07, said:

I was wondering whether you could upgrade the captcha or something along those lines? I avoided bots on my old forum simply by adding a plugin which replaces the ordinary captcha by simple questions like "1+1 = ? We don't care, just type 3 in the box"

I've been looking around as well, but not for updated captcha. However that isn't a great deal of difference to what we're doing now and that. This almost guarantees no bots.

[cccdfern]

meh seems fair to be honest, who wants wonton destruction by spambots?

[Mr.Choppy]

It sounds like a reasonable solution to the spike in spam. Obviously this is an inconvenience, but it is a necessary one.

[SorataZ]

As I understand it, a lot of Wikis (the RA3: Paradox Wiki being one) suffer from this as well. Has anyone found a captcha that actually works against the spambots? (From what I know, there exists a Russian made program that cracks pretty much every known captcha made up to date with 97% success rate).

[Alias]

Recaptcha does a better job than most.

[GuardianTempest]

Or simply they are given a picture of something/a character and told to identify it. It varies from site to site depending on it's theme.

For example in here we are shown a picture of Juhziz and told to identify.


And I just saw this in MotK, I'm not actually sure if this is recurring though but hows about a question everytime the person tries to make a post, although I know it isn't really that strict.

[BeefJeRKy]

Facebook's Social Captcha really impressed me btw. I think a math based captcha would work.

[GuardianTempest]

Scope, on 4 Feb 2011, 6:02, said:

Facebook's Social Captcha really impressed me btw. I think a math based captcha would work.

But the problem is that programs can be easliy programmed to recognize those symbols and make the proper calculations on this.

[Shirou]

I have occasionally tried to sweep through the extreme number of registrations but it got old very quickly at SWR as well. While occasionally bots get through, it hasn't been alarmingly more than before, and the only significant impact so far is the diluted member catalog thats been added to every day.

Edited by Shirou, 05 February 2011 - 14:01.

[Generalcamo]

With Questions like

Quote

Who is Nods leader?
Micheal Jackson
Kane
Lame
Donald Duck

A bot owner could train the bots to answer this, making this useless.