Page 1 of 1

about ready to ban GMail

Posted: Thu May 29, 2008 2:08 pm
by JoeStrout
GMail has long been a haven for spammers, but lately it's gotten really bad — we're getting about 200 spam accounts registering for the forum every day, all with unique GMail addresses. No other domain is anywhere near as bad.

The only thing making me hesitate is that there are still some legitimate people using GMail users. So I'll wait a bit. I'm pretty sure that when I bad a domain, existing users are not affected; it only prevents new users from signing up from that domain.

So, please consider this official notice. If you're using GMail, you should consider switching to a different domain, because I'm sure I'm not the only webmaster getting fed up with all the GMail spammers. And if you're not willing to switch, and haven't yet registered for talk-polywell, you might want to do so soon, before it's too late.

Best,
- Joe

Posted: Thu May 29, 2008 3:29 pm
by Betruger
Would it be any help if us who've already registered with gmail addies switched to a different address?

Posted: Thu May 29, 2008 3:46 pm
by JoeStrout
Betruger wrote:Would it be any help if us who've already registered with gmail addies switched to a different address?
No, I'm pretty sure that people who are already registered would not be affected. I appreciate the helpful attitude, though. That's what's so frustrating about this — there are many Gmail users who are not only real people, but good, helpful folks too. They're just vastly outnumbered by the legions of fake spammer accounts.

Posted: Thu Jun 05, 2008 7:23 pm
by wisnij
Browsing through the end of the member list is pretty hilarious in a sad sort of way. If you just nuked every username with a hyphen in it, would that mess up any real humans?

Posted: Thu Jun 05, 2008 11:41 pm
by tonybarry
Hello wisnij,
No, there are no users (who have posted one or more times) who have a hyphen in their name. Two have an underscore, but that's it.

You can sort the memberlist by posts, and from this you see that there are three pages of users who have posted once or more, and seven pages of zero posters.

Regards,
Tony Barry

Posted: Thu Jan 08, 2009 9:59 pm
by vernes
If you're a bit into php, you can simply change the name of the inputfield used for username, and change the php code a bit to handle the change, and add a hidden inputfield with the original inputfield name used for the username.

Almost all bot-scripts don't boter using the actual registration page and dump the post-variables directly to register.php using the default post-variable names.

This little tweak would mess this process up.

And after you done it once, you can change it once every half year to keep messing up the process.

Posted: Fri Jan 09, 2009 12:22 pm
by Josh Cryer
Or you could update to phpBB3, enable advanced CAPTCHA, and be done with it (for the most part). 90% of those are automated.

Posted: Fri Jan 09, 2009 2:51 pm
by vernes
Where's the challenge in that? :lol:

Ok, that might be an easier course.

But just in case, I've did a bit of code digging.
The resistration formfields are defined in \styles\[youstyle]\template\ucp_register.html
Find the input field with name="username"

The submitted username is received by \includes\ucp\ucp_register.php
and find the first mentioning of $data = array(
There the code will look for the post-variable "username"


Changing "username" to something else at those two locations 'should' not break the registration process for normal users. Scripted processes would fail.

I wasn't able to test this yet. The free host I wanted to use for the test has not been cooperative.

Posted: Sat Jan 10, 2009 7:52 am
by hanelyp
If you wanted to get really tricky, dynamically generate field names and pass a hidden parameter so the processing script can figure what field names are used. Putting the right data in the right fields (possibly with something like repeat email fields to be catch typos) becomes the captcha.