Page 1 of 1

Bot registrations

Posted: Sat 29 Apr, 2017 11:27 pm
by PuzzleScot
The site is being hammered with rogue registrations, and spam posts, so I've turned off self-registration.
For the foreseeable time, all new accounts must be admin approved.
Therefore, if you register a new account, you must email me (chairman@ this site's domain name) to request account activation.

I call them bots, but an 'I am human' question is presented on registration, and confirmation clicking on an email sent to a valid email account is required, so I believe there are just some really sad and desperate people out there. Some people do just ruin things for others. Seems we have to legislate for the most stupid people in any society we live in.

Shouldn't make much difference in reality. I will reopen self-registration nearer the time of the the UK championship season, when hopefully this madness dies down a bit.

Re: Bot registrations

Posted: Sun 30 Apr, 2017 6:07 am
by Mephisto
»I believe there are just some really sad and desperate people« ... No. All captchas and "I am human" checks supported by phpBB are broken. The SPAM registrations are indeed done by bots.

Re: Bot registrations

Posted: Mon 01 May, 2017 2:40 pm
by detuned
It's impressive in a way if the bots can beat the registration checks, but I've also heard stories of so-called click farms where people who are paid (pennies) to set up accounts, amongst other things

Re: Bot registrations

Posted: Mon 01 May, 2017 3:32 pm
by Mephisto
In this (rare?) case account confirmation by the admin would not work either, because there are real people doing the registration. A better way could be that the very first message of a new subscriber needs approval by the admin (phpBB supports that).

Re: Bot registrations

Posted: Mon 01 May, 2017 3:51 pm
by berni
detuned wrote:It's impressive in a way if the bots can beat the registration checks, but I've also heard stories of so-called click farms where people who are paid (pennies) to set up accounts, amongst other things
In the german forum, we use a hack, were the people are asked to ignore the captcha and write 'logic' instead. That keeps almost all spammers out. (We also thought about showing a 4x4-sudoku and asking for a solution code, but havn't programmed that yet.)

PS: Just noticed, that the english translation of that phrase is not adapted...

Re: Bot registrations

Posted: Mon 01 May, 2017 4:15 pm
by GarethMoore
Mephisto wrote:In this (rare?) case account confirmation by the admin would not work either, because there are real people doing the registration. A better way could be that the very first message of a new subscriber needs approval by the admin (phpBB supports that).
The problem is that the UKPA mailing list is exactly the same as the user list for the forum, so we want users to be able to join and not have to post, and conversely we don't want to start emailing out tournament details to ten thousand spam email accounts. When someone posts spam, we delete their user account as well as the posts.

I like Berni's idea though!

Re: Bot registrations

Posted: Mon 01 May, 2017 5:05 pm
by Mephisto
I also use a security hack and had no single bot registration for years. However, I don't think that it is very clever to describe security hacks in a public forum.

Re: Bot registrations

Posted: Mon 01 May, 2017 10:43 pm
by PuzzleScot
You'll notice an 'odd question' when you register here. Someone has recorded this oddity that occurs during registration here, and now who/whatever is clicking the right option.
We get 100s of attempts every day. 99% don't pass. Right now, all new registrations are on 'admin approval'. Easy to ignore, but maybe I should try updating the 'odd question'.

Re: Bot registrations

Posted: Wed 21 Jun, 2017 11:17 pm
by dickoon
PuzzleScot wrote:Shouldn't make much difference in reality. I will reopen self-registration nearer the time of the the UK championship season, when hopefully this madness dies down a bit.
I'm about to plug the UKPC somewhere fairly soon. Is self-registration available again now, please, for those who might want to take part for the first time this year?

Re: Bot registrations

Posted: Thu 22 Jun, 2017 9:22 am
by PuzzleScot
dickoon wrote:I'm about to plug the UKPC somewhere fairly soon. Is self-registration available again now, please, for those who might want to take part for the first time this year?
Great. I have re-enabled self-authorising registration now.
It's been on admin approval recently, and I have been checking for registrations that appear valid. (Very sparse indeed)

Re: Bot registrations

Posted: Fri 23 Jun, 2017 11:26 am
by PuzzleScot
Well, that was a disaster. Having to delete around 50 bot registrations and numerous spam posts every day.

It should be much better now. I've added an extra (mathematical calculation) question to the registration screen.
Every time the bots find a way round it, I'll change the question.

Normal self-registration for humans has been restored.

Re: Bot registrations

Posted: Thu 21 Sep, 2017 7:38 am
by PuzzleScot
The bot filtering seems to be working. We've not had a rogue account activated in a long time.
However, we have had lots of attempted registration, which I just need to clear out. (c.20-30 per day!)

Anyway, I've upped the game, using the API available at https://stopforumspam.com/usage
Since doing that, we've had a couple of genuine registrations go through normally, and no bot registrations to clear out.

Any web forum admin that wants my php function, let me know.
It will work on any web server, with any forum software.