Bot registrations

UKPA announcements will be made here.
Post Reply
PuzzleScot
Site Admin
Posts: 2664
Joined: Fri 18 Jun, 2010 10:45 pm
Location: Edinburgh, Scotland

Bot registrations

Post by PuzzleScot » Sat 29 Apr, 2017 11:27 pm

The site is being hammered with rogue registrations, and spam posts, so I've turned off self-registration.
For the foreseeable time, all new accounts must be admin approved.
Therefore, if you register a new account, you must email me (chairman@ this site's domain name) to request account activation.

I call them bots, but an 'I am human' question is presented on registration, and confirmation clicking on an email sent to a valid email account is required, so I believe there are just some really sad and desperate people out there. Some people do just ruin things for others. Seems we have to legislate for the most stupid people in any society we live in.

Shouldn't make much difference in reality. I will reopen self-registration nearer the time of the the UK championship season, when hopefully this madness dies down a bit.

Mephisto
Posts: 60
Joined: Tue 18 Jan, 2011 12:28 pm

Re: Bot registrations

Post by Mephisto » Sun 30 Apr, 2017 6:07 am

»I believe there are just some really sad and desperate people« ... No. All captchas and "I am human" checks supported by phpBB are broken. The SPAM registrations are indeed done by bots.

detuned
Posts: 1586
Joined: Mon 21 Jun, 2010 2:25 pm
Location: London, UK
Contact:

Re: Bot registrations

Post by detuned » Mon 01 May, 2017 2:40 pm

It's impressive in a way if the bots can beat the registration checks, but I've also heard stories of so-called click farms where people who are paid (pennies) to set up accounts, amongst other things

Mephisto
Posts: 60
Joined: Tue 18 Jan, 2011 12:28 pm

Re: Bot registrations

Post by Mephisto » Mon 01 May, 2017 3:32 pm

In this (rare?) case account confirmation by the admin would not work either, because there are real people doing the registration. A better way could be that the very first message of a new subscriber needs approval by the admin (phpBB supports that).

berni
Posts: 143
Joined: Mon 01 Nov, 2010 11:38 am
Contact:

Re: Bot registrations

Post by berni » Mon 01 May, 2017 3:51 pm

detuned wrote:It's impressive in a way if the bots can beat the registration checks, but I've also heard stories of so-called click farms where people who are paid (pennies) to set up accounts, amongst other things
In the german forum, we use a hack, were the people are asked to ignore the captcha and write 'logic' instead. That keeps almost all spammers out. (We also thought about showing a 4x4-sudoku and asking for a solution code, but havn't programmed that yet.)

PS: Just noticed, that the english translation of that phrase is not adapted...

GarethMoore
Posts: 1159
Joined: Thu 24 Jun, 2010 9:27 pm
Contact:

Re: Bot registrations

Post by GarethMoore » Mon 01 May, 2017 4:15 pm

Mephisto wrote:In this (rare?) case account confirmation by the admin would not work either, because there are real people doing the registration. A better way could be that the very first message of a new subscriber needs approval by the admin (phpBB supports that).
The problem is that the UKPA mailing list is exactly the same as the user list for the forum, so we want users to be able to join and not have to post, and conversely we don't want to start emailing out tournament details to ten thousand spam email accounts. When someone posts spam, we delete their user account as well as the posts.

I like Berni's idea though!

Mephisto
Posts: 60
Joined: Tue 18 Jan, 2011 12:28 pm

Re: Bot registrations

Post by Mephisto » Mon 01 May, 2017 5:05 pm

I also use a security hack and had no single bot registration for years. However, I don't think that it is very clever to describe security hacks in a public forum.

PuzzleScot
Site Admin
Posts: 2664
Joined: Fri 18 Jun, 2010 10:45 pm
Location: Edinburgh, Scotland

Re: Bot registrations

Post by PuzzleScot » Mon 01 May, 2017 10:43 pm

You'll notice an 'odd question' when you register here. Someone has recorded this oddity that occurs during registration here, and now who/whatever is clicking the right option.
We get 100s of attempts every day. 99% don't pass. Right now, all new registrations are on 'admin approval'. Easy to ignore, but maybe I should try updating the 'odd question'.

dickoon
Posts: 609
Joined: Mon 21 Jun, 2010 12:52 pm
Location: Stockton-on-Tees, UK
Contact:

Re: Bot registrations

Post by dickoon » Wed 21 Jun, 2017 11:17 pm

PuzzleScot wrote:Shouldn't make much difference in reality. I will reopen self-registration nearer the time of the the UK championship season, when hopefully this madness dies down a bit.
I'm about to plug the UKPC somewhere fairly soon. Is self-registration available again now, please, for those who might want to take part for the first time this year?

PuzzleScot
Site Admin
Posts: 2664
Joined: Fri 18 Jun, 2010 10:45 pm
Location: Edinburgh, Scotland

Re: Bot registrations

Post by PuzzleScot » Thu 22 Jun, 2017 9:22 am

dickoon wrote:I'm about to plug the UKPC somewhere fairly soon. Is self-registration available again now, please, for those who might want to take part for the first time this year?
Great. I have re-enabled self-authorising registration now.
It's been on admin approval recently, and I have been checking for registrations that appear valid. (Very sparse indeed)

PuzzleScot
Site Admin
Posts: 2664
Joined: Fri 18 Jun, 2010 10:45 pm
Location: Edinburgh, Scotland

Re: Bot registrations

Post by PuzzleScot » Fri 23 Jun, 2017 11:26 am

Well, that was a disaster. Having to delete around 50 bot registrations and numerous spam posts every day.

It should be much better now. I've added an extra (mathematical calculation) question to the registration screen.
Every time the bots find a way round it, I'll change the question.

Normal self-registration for humans has been restored.

PuzzleScot
Site Admin
Posts: 2664
Joined: Fri 18 Jun, 2010 10:45 pm
Location: Edinburgh, Scotland

Re: Bot registrations

Post by PuzzleScot » Thu 21 Sep, 2017 7:38 am

The bot filtering seems to be working. We've not had a rogue account activated in a long time.
However, we have had lots of attempted registration, which I just need to clear out. (c.20-30 per day!)

Anyway, I've upped the game, using the API available at https://stopforumspam.com/usage
Since doing that, we've had a couple of genuine registrations go through normally, and no bot registrations to clear out.

Any web forum admin that wants my php function, let me know.
It will work on any web server, with any forum software.

Post Reply