about ready to ban GMail

Discuss the talk-polywell site itself, including appearance, policies, and help-wanted requests from the administrators.

Moderators: tonybarry, MSimon

Post Reply
JoeStrout
Site Admin
Posts: 284
Joined: Tue Jun 26, 2007 7:40 pm
Location: Fort Collins, CO, USA
Contact:

about ready to ban GMail

Post by JoeStrout »

GMail has long been a haven for spammers, but lately it's gotten really bad — we're getting about 200 spam accounts registering for the forum every day, all with unique GMail addresses. No other domain is anywhere near as bad.

The only thing making me hesitate is that there are still some legitimate people using GMail users. So I'll wait a bit. I'm pretty sure that when I bad a domain, existing users are not affected; it only prevents new users from signing up from that domain.

So, please consider this official notice. If you're using GMail, you should consider switching to a different domain, because I'm sure I'm not the only webmaster getting fed up with all the GMail spammers. And if you're not willing to switch, and haven't yet registered for talk-polywell, you might want to do so soon, before it's too late.

Best,
- Joe
Joe Strout
Talk-Polywell.org site administrator

Betruger
Posts: 2321
Joined: Tue May 06, 2008 11:54 am

Post by Betruger »

Would it be any help if us who've already registered with gmail addies switched to a different address?

JoeStrout
Site Admin
Posts: 284
Joined: Tue Jun 26, 2007 7:40 pm
Location: Fort Collins, CO, USA
Contact:

Post by JoeStrout »

Betruger wrote:Would it be any help if us who've already registered with gmail addies switched to a different address?
No, I'm pretty sure that people who are already registered would not be affected. I appreciate the helpful attitude, though. That's what's so frustrating about this — there are many Gmail users who are not only real people, but good, helpful folks too. They're just vastly outnumbered by the legions of fake spammer accounts.
Joe Strout
Talk-Polywell.org site administrator

wisnij
Posts: 12
Joined: Sun Mar 16, 2008 1:57 pm
Location: a planet called Erp

Post by wisnij »

Browsing through the end of the member list is pretty hilarious in a sad sort of way. If you just nuked every username with a hyphen in it, would that mess up any real humans?
Last edited by wisnij on Fri Jun 06, 2008 6:35 pm, edited 1 time in total.

tonybarry
Posts: 219
Joined: Sun Jul 08, 2007 4:32 am
Location: Sydney, Australia
Contact:

Post by tonybarry »

Hello wisnij,
No, there are no users (who have posted one or more times) who have a hyphen in their name. Two have an underscore, but that's it.

You can sort the memberlist by posts, and from this you see that there are three pages of users who have posted once or more, and seven pages of zero posters.

Regards,
Tony Barry

vernes
Posts: 135
Joined: Tue May 13, 2008 10:22 am
Location: The Netherlands

Post by vernes »

If you're a bit into php, you can simply change the name of the inputfield used for username, and change the php code a bit to handle the change, and add a hidden inputfield with the original inputfield name used for the username.

Almost all bot-scripts don't boter using the actual registration page and dump the post-variables directly to register.php using the default post-variable names.

This little tweak would mess this process up.

And after you done it once, you can change it once every half year to keep messing up the process.

Josh Cryer
Posts: 526
Joined: Sun Aug 31, 2008 7:19 am

Post by Josh Cryer »

Or you could update to phpBB3, enable advanced CAPTCHA, and be done with it (for the most part). 90% of those are automated.

vernes
Posts: 135
Joined: Tue May 13, 2008 10:22 am
Location: The Netherlands

Post by vernes »

Where's the challenge in that? :lol:

Ok, that might be an easier course.

But just in case, I've did a bit of code digging.
The resistration formfields are defined in \styles\[youstyle]\template\ucp_register.html
Find the input field with name="username"

The submitted username is received by \includes\ucp\ucp_register.php
and find the first mentioning of $data = array(
There the code will look for the post-variable "username"


Changing "username" to something else at those two locations 'should' not break the registration process for normal users. Scripted processes would fail.

I wasn't able to test this yet. The free host I wanted to use for the test has not been cooperative.

hanelyp
Posts: 2261
Joined: Fri Oct 26, 2007 8:50 pm

Post by hanelyp »

If you wanted to get really tricky, dynamically generate field names and pass a hidden parameter so the processing script can figure what field names are used. Putting the right data in the right fields (possibly with something like repeat email fields to be catch typos) becomes the captcha.

Post Reply