Page 1 of 1

Bot registrations

PostPosted: Sat 29 Apr, 2017 11:27 pm
by PuzzleScot
The site is being hammered with rogue registrations, and spam posts, so I've turned off self-registration.
For the foreseeable time, all new accounts must be admin approved.
Therefore, if you register a new account, you must email me (chairman@ this site's domain name) to request account activation.

I call them bots, but an 'I am human' question is presented on registration, and confirmation clicking on an email sent to a valid email account is required, so I believe there are just some really sad and desperate people out there. Some people do just ruin things for others. Seems we have to legislate for the most stupid people in any society we live in.

Shouldn't make much difference in reality. I will reopen self-registration nearer the time of the the UK championship season, when hopefully this madness dies down a bit.

Re: Bot registrations

PostPosted: Sun 30 Apr, 2017 6:07 am
by Mephisto
Ā»I believe there are just some really sad and desperate peopleĀ« ... No. All captchas and "I am human" checks supported by phpBB are broken. The SPAM registrations are indeed done by bots.

Re: Bot registrations

PostPosted: Mon 01 May, 2017 2:40 pm
by detuned
It's impressive in a way if the bots can beat the registration checks, but I've also heard stories of so-called click farms where people who are paid (pennies) to set up accounts, amongst other things

Re: Bot registrations

PostPosted: Mon 01 May, 2017 3:32 pm
by Mephisto
In this (rare?) case account confirmation by the admin would not work either, because there are real people doing the registration. A better way could be that the very first message of a new subscriber needs approval by the admin (phpBB supports that).

Re: Bot registrations

PostPosted: Mon 01 May, 2017 3:51 pm
by berni
detuned wrote:It's impressive in a way if the bots can beat the registration checks, but I've also heard stories of so-called click farms where people who are paid (pennies) to set up accounts, amongst other things


In the german forum, we use a hack, were the people are asked to ignore the captcha and write 'logic' instead. That keeps almost all spammers out. (We also thought about showing a 4x4-sudoku and asking for a solution code, but havn't programmed that yet.)

PS: Just noticed, that the english translation of that phrase is not adapted...

Re: Bot registrations

PostPosted: Mon 01 May, 2017 4:15 pm
by GarethMoore
Mephisto wrote:In this (rare?) case account confirmation by the admin would not work either, because there are real people doing the registration. A better way could be that the very first message of a new subscriber needs approval by the admin (phpBB supports that).

The problem is that the UKPA mailing list is exactly the same as the user list for the forum, so we want users to be able to join and not have to post, and conversely we don't want to start emailing out tournament details to ten thousand spam email accounts. When someone posts spam, we delete their user account as well as the posts.

I like Berni's idea though!

Re: Bot registrations

PostPosted: Mon 01 May, 2017 5:05 pm
by Mephisto
I also use a security hack and had no single bot registration for years. However, I don't think that it is very clever to describe security hacks in a public forum.

Re: Bot registrations

PostPosted: Mon 01 May, 2017 10:43 pm
by PuzzleScot
You'll notice an 'odd question' when you register here. Someone has recorded this oddity that occurs during registration here, and now who/whatever is clicking the right option.
We get 100s of attempts every day. 99% don't pass. Right now, all new registrations are on 'admin approval'. Easy to ignore, but maybe I should try updating the 'odd question'.