Anti-spam legitimate answer wasn't accepted

This is an archive of a topic from NESdev BBS, taken in mid-October 2019 before a server upgrade.
View original topic
Anti-spam legitimate answer wasn't accepted
by on (#174532)
The anti-spam question I first got when registering was "what feature of the 6502 did Ricoh not implement on the NES?". The answer I gave, "_____ flag", wasn't accepted.

Melissa

[note: post modified by admin for security/obscurity]
Re: Anti-spam legitimate answer wasn't accepted
by on (#174535)
That's a pretty cruel first question regardless. Mine asked what the name of the NES's "pad" controller is.
Re: Anti-spam legitimate answer wasn't accepted
by on (#174537)
Looks like it was expecting 'mode' rather than flag, thanks for pointing that out. I've added that as a possible answer now. But now I don't know if I should hide this thread or edit your post so a spammer doesn't Google search the exact wording of the question. :lol: Kind of an unavoidable situation. Well, you can edit your post if you want, or I'll come back this weekend if I don't forget and hide the thread.

Espozo: Looks like that one isn't on there anymore.

edit: decided to just get paranoid and edit part of your post already. Not likely it would matter, but might as well.
Re: Anti-spam legitimate answer wasn't accepted
by on (#174541)
Is that question something a new user would be expected to know? It seems like a rather advanced bit of trivia to me.
Re: Anti-spam legitimate answer wasn't accepted
by on (#174546)
The entire point of the questions is to act as a deterrent for human beings hired to do spamming of forums. It's not foolproof, but it works fairly well.

There are entire companies dedicated to this task. They speak/understand English, can bypass general captchas (because those are just intended to stop robots/software, not humans), do mathematics questions, and for everything else will Google search as they come across them. These places are *much less likely* to bother a forum where they're forced to try and dig up "semi-obscure" questions about, say, a retro video game console. The people visiting this forum, in most cases, are people who want to be involved with NES (or some form of retro console) development, and are more likely to be legitimate.

We would rotate the questions out whenever we'd get a large number of spammers showing up on the forum, combined with me adding some circumvention techniques so they couldn't even reach the site at all (getting back HTTP 403 Forbidden) (I refuse to discuss the techniques due to them possibly using information posted here to circumvent it).

The more simple/easy the question, the more likely spam will happen, and the more overall administrative effort has to be put forth to deal with the aftermath. It's a constant juggling act, to say the least.
Re: Anti-spam legitimate answer wasn't accepted
by on (#174550)
I'd argue the first answer was wrong, as that is still in the 2A03, accessible through the relevant push…but the expected answer Memblers mentions is not connected to it. I am a Devil's Advocate.
Re: Anti-spam legitimate answer wasn't accepted
by on (#174552)
A quick read of the Ricoh 2A03 Wikipedia page (which is very short) says it clearly.

And, I thought the question was intentionally hard to keep out people not genuinely interested in NES development.
Re: Anti-spam legitimate answer wasn't accepted
by on (#174567)
I loved the question that the "Tuts 4 You" reverse engineering community gave when you tried to sign up for an account. The question was encoded as a series of 3 digit numbers in octal. 103 141 156 40 171 157 165 40 162 145 141 144 40 164 150 151 163 77
Re: Anti-spam legitimate answer wasn't accepted
by on (#174614)
koitsu wrote:
The entire point of the questions is to act as a deterrent for human beings hired to do spamming of forums.

What the heck is the point of that? Is it to advertise crap, like the user "Harry Potter"?

rainwarrior wrote:
Is that question something a new user would be expected to know? It seems like a rather advanced bit of trivia to me.

That's what I thought. I guess I got lucky. :lol:

Dwedit wrote:
The question was encoded as a series of 3 digit numbers in octal.

I would have assumed it would be in hexadecimal and would have been hopelessly confused. :lol:
Re: Anti-spam legitimate answer wasn't accepted
by on (#174616)
Espozo wrote:
koitsu wrote:
The entire point of the questions is to act as a deterrent for human beings hired to do spamming of forums.

What the heck is the point of that? Is it to advertise crap, like the user "Harry Potter"?

Yes. We used to get a lot of ads for World of Warcraft gold sales and power-leveling services.
Re: Anti-spam legitimate answer wasn't accepted
by on (#174617)
I was able to reduce spam to nearly nothing by simply asking who Mario's brother was, with picture of the character next to it.
Is there a single person interested in NESDEV who has never played Super Mario Bros?
Re: Anti-spam legitimate answer wasn't accepted
by on (#174621)
That reminds me of how a couple of years ago during Halloween, where I was dressed as Luigi, people kept going up to me to compliment my "Mario" costume. :roll:
Re: Anti-spam legitimate answer wasn't accepted
by on (#174624)
That reminds of when, in high school, I dressed up as "the crow" and everybody asked me why I dressed up like a mime.
Why do we still allow IP editing?
by on (#174625)
[Split from Anti-spam legitimate answer wasn't accepted]

What I don't understand is if we make it harder on the forum to avoid spam account, why do we allow anonymous editing on the wiki? (Is it still possible?)

Shouldn't the wiki have stricter rule for creating content, like I tried once long time ago (request account on nesdev, only nesdev user can create content) since they are both related anyway? The goal was to reduce administration task in the first place.
Re: Anti-spam legitimate answer wasn't accepted
by on (#174628)
Dwedit wrote:
I was able to reduce spam to nearly nothing by simply asking who Mario's brother was, with picture of the character next to it.
Is there a single person interested in NESDEV who has never played Super Mario Bros?

Respectfully: this wouldn't work for this forum. The traffic is too high. Again: a simple Google search without any kind of digging will provide an answer to that question. The people doing the spamming read/understand English, and will search to find answers -- but not spend an immense amount of time. The trick is finding the balance -- trivia questions that would take up "too much time" (vs. just moving on to another forum/place), yet still being easy enough that a dedicated (legitimate) person can find the answer. It is not as easy as you might think.
Re: Anti-spam legitimate answer wasn't accepted
by on (#174629)
Banshaku wrote:
What I don't understand is if we make it harder on the forum to avoid spam account, why do we allow anonymous editing on the wiki? (Is it still possible?)

AFAIK -- and Tepples, please correct me if I'm wrong -- the current model is that you can anyone can view the wiki, but only people with wiki accounts can edit it. To get an account, you have to sign up (and make it past a captcha (this keeps most robots/automated software out)), then it has to be manually approved (editing capability for that account enabled) by a moderator (e.g. tepples, memblers, myself (maybe not any more?), etc.).
Re: Anti-spam legitimate answer wasn't accepted
by on (#174631)
Banshaku wrote:
What I don't understand is if we make it harder on the forum to avoid spam account, why do we allow anonymous editing on the wiki? (Is it still possible?)

Mainspace editing requires creating an account, which requires solving a CAPTCHA very similar to that on the forum, and then getting it confirmed. Talk page editing is open to IPs, but adding external links to a talk page as an IP requires (again) solving a CAPTCHA. So all we get are those few spammers willing to add an advertisement without an external link to a talk page, and those edits have proven easy for anybody with rollback privileges to blow away.

There are currently three ways to get a wiki account confirmed:
  • Contact an administrator through PM or IRC.
  • The account is at least four days old and has at least two talk page edits.
  • Verify ability to receive email at the address associated with the account.

In addition, many patterns used by spammers and other wiki vandals can be detected through regular expressions. Wikimedia offers a MediaWiki extension called the ABUSE filter, which lets administrators define patterns to classify Actions By Users, Such as Edits. These patterns include regular expression matches, the experience of a user (days or edits), and more. If an action is classified as unconstructive, a filter can warn the user, prevent the action, or perform any of several other actions. Most filters enabled at NESdev Wiki are set to "warn" because most spambots don't know how to click through the warning. Here's what the ABUSE filter is keeping out.
Re: Anti-spam legitimate answer wasn't accepted
by on (#174634)
This is somewhat related to the whole anti-spam thing, that I found funny: http://www.theverge.com/2014/4/16/56215 ... every-time
Re: Anti-spam legitimate answer wasn't accepted
by on (#174637)
Espozo wrote:
This is somewhat related to the whole anti-spam thing, that I found funny: http://www.theverge.com/2014/4/16/56215 ... every-time

...which is exactly why for decades I have advocated that manual human intervention be part of the approval process for account sign-ups (on anything). It's a social problem, driven by monetary focus, that cannot be solved with technology.
Re: Anti-spam legitimate answer wasn't accepted
by on (#174639)
tepples wrote:
...those edits have proven easy for anybody with rollback privileges to blow away.

How many users actually have "rollback privileges", and how are they acquired?
Re: Anti-spam legitimate answer wasn't accepted
by on (#174646)
Espozo wrote:
This is somewhat related to the whole anti-spam thing, that I found funny: [Google computer vision defeats Google's own CAPTCHA]

That's been possible for years. Even during the era when automatic confirmation based on e-mail or two talk edits wasn't possible, both NESdev Wiki and my own wiki got dozens of automatically generated FirstnameLastname sign-ups clogging the Recent Changes page because bots or sweatshops were passing ReCAPTCHA. Once I realized that was the problem, I instituted the ABUSE filter and the present Q&A system on my wiki. And what worked there has largely worked for NESdev Wiki as well.

koitsu wrote:
which is exactly why for decades I have advocated that manual human intervention be part of the approval process for account sign-ups (on anything).

As with all things security, it's a tradeoff between security and convenience. It depends on the site, but sometimes reverts every week or two are more convenient for administrators than having someone standing by in all time zones 7 days a week to approve applications for new accounts. And the accounts that go on to make trouble here are more the StalkerDragon types than those who sign up and post off-topic advertisements.

rainwarrior wrote:
tepples wrote:
...those edits have proven easy for anybody with rollback privileges to blow away.

How many users actually have "rollback privileges"

Administrators and rollbackers. But rollback is a shortcut for the undo feature that anyone can do, just without the confirmation page or the ability to change the edit summary for the revert.

rainwarrior wrote:
and how are they acquired?

An administrator adds a user to the rollbackers group through the user rights interface. You can request the privilege by asking an administrator (such as myself) while mentioning your history of reverting vandalism on the wiki, such as through use of the undo feature.
Re: Anti-spam legitimate answer wasn't accepted
by on (#174654)
tepples wrote:
...mentioning your history of reverting vandalism on the wiki, such as through use of the undo feature.

I specifically don't revert vandalism on the wiki because I don't have the rollback feature, because I don't want to clutter the recent changes timeline with "undos". I would do it if I had that feature. I don't do it because I know letting a "rollbacker" do it results in a cleaner timeline.
Re: Anti-spam legitimate answer wasn't accepted
by on (#174656)
RC clutter is a separate issue from rollback privileges. The Recent Changes Cleanup extension is installed, which lets anyone with a few hundred or so edits see a form listing the past hundred or so edits with controls to turn each edit's "bot" flag on or off. If I see a bunch of spam and reverts in RC, I can hide them.
Re: Anti-spam legitimate answer wasn't accepted
by on (#174657)
tepples wrote:
RC clutter is a separate issue from rollback privileges. The Recent Changes Cleanup extension is installed, which lets anyone with a few hundred or so edits see a form listing the past hundred or so edits with controls to turn each edit's "bot" flag on or off. If I see a bunch of spam and reverts in RC, I can hide them.

I thought that's what rollback did. Can anyone else hide them, or only you?
Re: Anti-spam legitimate answer wasn't accepted
by on (#174659)
Rollback just allows skipping the confirmation for an undo. A rollback appears in RC the same as any other edit marked "minor".

The only qualification for RCC is that your edit count has to be high enough.
Re: Anti-spam legitimate answer wasn't accepted
by on (#174660)
Okay, I found Special:RecentChangesCleanup, and have verified that I can use it. Now that I know this, I would use rollback if you gave it to me.

I do have a question, though: is a link to Special:RecentChangesCleanup supposed to appear ANYWHERE? It's not listed in Special Pages. It's not listed on the recent changes list. Shouldn't it be linked somewhere users might find it? I had to type in the URL manually to get there.

I'd asked about it before, but I had the impression that it was extra stuff that appeared on the recent changes timeline for someone with sufficiently advanced privelages (but I guess I had the wrong idea here?). Is RecentChangesCleanup supposed to integrated at all with the Special:RecentChanges? Like, shouldn't the "hide" button appear there too? Why is it on this other hidden page?
Re: Anti-spam legitimate answer wasn't accepted
by on (#174663)
For me, "Recent Changes Cleanup" appears under "Recent changes and logs" on the list of special pages. The pages with bold titles are available only to users who hold special privileges. ("User rights management" is how I just gave you rollback.) Perhaps there's a defect in the extension that causes it not to appear if your RCC privileges are solely through edit count.
Re: Anti-spam legitimate answer wasn't accepted
by on (#174664)
tepples wrote:
Perhaps there's a defect in the extension that causes it not to appear if your RCC privileges are solely through edit count.

It does not appear in either of those locations for me. (I can see the rollback now, though.)

The only bold link on special pages for me is "Upload file".
Re: Anti-spam legitimate answer wasn't accepted
by on (#174667)
rainwarrior wrote:
tepples wrote:
Perhaps there's a defect in the extension that causes it not to appear if your RCC privileges are solely through edit count.

It does not appear in either of those locations for me. (I can see the rollback now, though.)

The only bold link on special pages for me is "Upload file".

Same here, less rollback.

…this really seems like it should be split off into the Wiki forum, but starting where? post 174631? 174639? (And is Rainwarrior going to object?)
Re: Anti-spam legitimate answer wasn't accepted
by on (#174668)
Odds are the issue is one of the following:

a) The extension is outdated (version 1.2 appears to introduce better support for "who gets RCC capability"; 1.3 is latest),
b) The LocalSettings.php configuration for this MediaWiki extension is incorrect (wrong group name, $wgAvailableRights isn't correct, etc.),
c) A kind of subset of (b): the individuals who should have access to this feature aren't in the correct group per $wgGroupPermissions.

When it comes to this stuff in MediaWiki, it's rarely simple. I'd urge anyone using this feature to read the extension web page though, since it explains details about usage/where to find it/etc..

This is subject/topic should probably be split into its own thread. The issue Myria had has been fixed.
Re: Anti-spam legitimate answer wasn't accepted
by on (#174674)
koitsu wrote:
A kind of subset of (b): the individuals who should have access to this feature aren't in the correct group per $wgGroupPermissions.

The feature for hiding/showing bot edits works (and worked before tepples did anything to my group assignments), what's not working is the revision to displayed pages that should show me that the feature exists. I have to manually type the URL to get to the page that lets me hide edits.

Myask wrote:
…this really seems like it should be split off into the Wiki forum, but starting where? post 174631? 174639? (And is Rainwarrior going to object?)

I'm categorically object to all splits.

How about I just start a new thread and stop discussing it here?
Re: Anti-spam legitimate answer wasn't accepted
by on (#174676)
rainwarrior wrote:
I'm categorically object to all splits.
I categorically object to your objection. Now that that's settled, let's drop it.