All,
I'm working on tightening things up to stop the torrential influx of spam. The process needs to be refined a bit.
Thanks for your patience as we continue to address this.
Dave
Testing replies. Again.
And, testing remotely. Yay.
Well the drug peddlers seemed a lot more tenacious than the movie rippers. Although I'm hard pressed to see the value in spamming the forum beyond the Google spidering it may generate. Sure glad I don't have this on an RSS feed.
Did a lot of the spam come from a small range of IP addresses? And could it be stemmed to some degree with moderation or down voting of posters/sources?
Anyway thanks for getting it fixed...
Hi Per,
It came from literally *thousands* of IPs. Otherwise, I would have blocked them, or entire subnets, if necessary. Not only that: as I was implementing security measures, whatever was attacking was adapting. Kind of impressive, if it didn't suck up a day of my life that could have been better spent doing anything else ever.
We need to require logins. In fact, the entire forum needs to be replaced.
Keep in mind that we are a 2 man team running a site that gets over three million visits a month. Note Google-level, but, still...
Thanks for your patience and support.
Appreciate a 2men teams effort.
But have been facing this trouble since a long time. have reported this on the forum many times before that a "login" would be appreciable on the forum.
the reCAPTCHA consumes time to refresh.
PS: on a 2mbps connection
The CAPTCHA is helping, but not perfect.
We're going to go ahead and add a login system over the next day or two.
<3 <3 <3
The only captcha that works are the captchas that are so hard to read that normal users regularly have to request a new again and again to manage to guess what characters to write.
People has just invested so much time into OCR-decoding captcha images.
Captcha's seem to be working fine on the western side of the pond, though admittedly with 5-50 Mbps connections.
I have zero delays with the captchas.
Would I need to read a bunch of legal terms, and fill out a bunch of forms, to register an account?
I can understand that, if registering an account is too easy, then it is useless. However, if it is too difficult, it stops questioners.
It often helps if you are forced to supply a valid email address and can't activate your account without clicking a magic link you get sent out to the email address you supplied.
This also helps later when trying to blacklist people - you block the account and block that email address from creating a new account.
People who run own mail servers can create an infinite number of email addresses but in that case it's possible to blacklist the whole email domain.
No legalese, other than the checkbox that says you realize you're going to get an email for account validation.
We built this for OnARM.com (now defunct) a few years ago and it worked pretty well. I'm migrating that login system (not the entire forum) and integrating it with this application.
The process is basically:
1. Create an account 2. Supply a valid email address. 3. Site emails you 4. You click a link in the email, validating your address. 5. Link takes you to a page to reset your password. Which does NOT require 1Of 3vEry!@tipe of character in UTF-8 alphabet. Because that is lame.
So, pretty typical stuff.
PS:
I feel everyone's pain - I'm already getting frustrated entering CAPTCHAs just replying to these threads. The CAPTCHA is a stop-gap measure that is fairly effective and took a minimum amount of time to implement, not a long-term solution.
... could you also fix the delay in marking posts read
Test.
FWIW: no improve on that front after today's downtime.
The thread list view still claims that old threads (as in: no changes since before the downtime) are new, by showing them boldfaced. And before I posted this, the thread list still claimed that the latest contribution to this thread was made "Friday, 06:47 GMT", although the actual latest contrubition is David Lively's "Test" post, whose timestamp in the thread list is Thursday, 23:47 GMT. The latter is credible, the former way is wrong, by the same 7 hours I've gotten used to here (Germany, GMT +1). Looks like it's still applying a timezone correction bass-ackwards.