All,
I'm working on tightening things up to stop the torrential influx of spam. The process needs to be refined a bit.
Thanks for your patience as we continue to address this.
Dave
Hi Per,
It came from literally *thousands* of IPs. Otherwise, I would have blocked them, or entire subnets, if necessary. Not only that: as I was implementing security measures, whatever was attacking was adapting. Kind of impressive, if it didn't suck up a day of my life that could have been better spent doing anything else ever.
We need to require logins. In fact, the entire forum needs to be replaced.
Keep in mind that we are a 2 man team running a site that gets over three million visits a month. Note Google-level, but, still...
Thanks for your patience and support.
Appreciate a 2men teams effort.
But have been facing this trouble since a long time. have reported this on the forum many times before that a "login" would be appreciable on the forum.
the reCAPTCHA consumes time to refresh.
PS: on a 2mbps connection
The CAPTCHA is helping, but not perfect.
We're going to go ahead and add a login system over the next day or two.
<3 <3 <3
The only captcha that works are the captchas that are so hard to read that normal users regularly have to request a new again and again to manage to guess what characters to write.
People has just invested so much time into OCR-decoding captcha images.
Captcha's seem to be working fine on the western side of the pond, though admittedly with 5-50 Mbps connections.
I have zero delays with the captchas.
Would I need to read a bunch of legal terms, and fill out a bunch of forms, to register an account?
I can understand that, if registering an account is too easy, then it is useless. However, if it is too difficult, it stops questioners.
It often helps if you are forced to supply a valid email address and can't activate your account without clicking a magic link you get sent out to the email address you supplied.
This also helps later when trying to blacklist people - you block the account and block that email address from creating a new account.
People who run own mail servers can create an infinite number of email addresses but in that case it's possible to blacklist the whole email domain.
No legalese, other than the checkbox that says you realize you're going to get an email for account validation.
We built this for OnARM.com (now defunct) a few years ago and it worked pretty well. I'm migrating that login system (not the entire forum) and integrating it with this application.
The process is basically:
1. Create an account 2. Supply a valid email address. 3. Site emails you 4. You click a link in the email, validating your address. 5. Link takes you to a page to reset your password. Which does NOT require 1Of 3vEry!@tipe of character in UTF-8 alphabet. Because that is lame.
So, pretty typical stuff.
PS:
I feel everyone's pain - I'm already getting frustrated entering CAPTCHAs just replying to these threads. The CAPTCHA is a stop-gap measure that is fairly effective and took a minimum amount of time to implement, not a long-term solution.
... could you also fix the delay in marking posts read
Test.
FWIW: no improve on that front after today's downtime.
The thread list view still claims that old threads (as in: no changes since before the downtime) are new, by showing them boldfaced. And before I posted this, the thread list still claimed that the latest contribution to this thread was made "Friday, 06:47 GMT", although the actual latest contrubition is David Lively's "Test" post, whose timestamp in the thread list is Thursday, 23:47 GMT. The latter is credible, the former way is wrong, by the same 7 hours I've gotten used to here (Germany, GMT +1). Looks like it's still applying a timezone correction bass-ackwards.
The lengthy maintenance window was due to issues unrelated to the forum. We are validating forum modifications at the moment which should address many of the concerns that have been raised.
We recognize the value of the forum to our users and take it very seriously. As such, any changes have to be carefully considered and tested before deployment.
Today I have failed several times with the captcha - maybe the "quality" has been increased.
It's just that the automatic captcha processors are better than most human beings, so trying to get a captcha to stop spam will block normal users more efficiently than the spammers.
That recently happened to me with another site.
I ended up cleaning my glasses.
Problem was then resolved.
Cleaning glasses doesn't help much when some characters are totally squashed so there is just an indication that there is one or more extra character hidden in there.
The majority of images have been easy but I have had three today that have been way past what I can guess. All images with digits are trivial to see. Some of the text images have zero distortion. But a few of the text-based have been very garbled.