Spam. Seriously. WTF.

Spam. Seriously. WTF.
by on (#37746)
Is anyone EVER going to do something about it?

by on (#37747)
When I see obvious spam, I delete it and block the account. But I don't know of anything I could do to prevent spam from being posted between when I check the board and when I check the board again.

We could try preventing spammers from registering. But CAPTCHA and e-mail activation are already turned on. If I were to turn on administrator activation of all new accounts, how would I distinguish requests on behalf of spammers from requests on behalf of legitimate users?

by on (#37750)
Then I'll ask this: who CAN fix it? And how do we get their attention?

You don't know what else to do about it, apparently. Someone thinks they do, let him have a shot at it. I know, I know... you don't have access to do it. Who does? Whose balls do we have to bust to get some action? We've been going around in circles about this for MONTHS.

by on (#37753)
I guess Memblers is the administrator, but he's not very active.

And I guess asking people to compute something like 23 + 17 and inputl the answer (but with randomly selected numbers) when registering should get most spammers away.
I've also commonly seen strings of letters and numbers randomly arranged in an image created on the fly and the user has to decode them, something automated spammers can't do unless they have very complex AI in them. The server has to support this things I guess, but I know nothing about servers and all.

by on (#37757)
Bregalad wrote:
I've also commonly seen strings of letters and numbers randomly arranged in an image created on the fly and the user has to decode them, something automated spammers can't do unless they have very complex AI in them.

NESdev already tries to do this, but the standard phpBB 2 CAPTCHA is weak. There appears to be a reCAPTCHA mod for phpBB 2, but you need FTP privileges (a step up from admin) to install it.

by on (#37763)
tepples wrote:
If I were to turn on administrator activation of all new accounts, how would I distinguish requests on behalf of spammers from requests on behalf of legitimate users?

The problem with CAPTCHAs is that the answer is sent along with the question. Maybe you could generate a code, and the user uses it to find the respective word in a table found somewhere else, and provide textual instructions on how to find that table. The moderator would then compare the code and the word to see if they match. Only a human could pass through that that, because a computer would not be able to follow written instructions of where to find the answer. I don't know if it would work, but is the best I can think of right now.

by on (#37764)
tepples wrote:
There appears to be a reCAPTCHA mod for phpBB 2, but you need FTP privileges (a step up from admin) to install it.

Ok, so who has FTP privileges?

by on (#37766)
tepples wrote:
If I were to turn on administrator activation of all new accounts, how would I distinguish requests on behalf of spammers from requests on behalf of legitimate users?

Perhaps a field could be added to the registration page/profile that simply asks: "In 10 words or less, why are you joining this board? (REQUIRED)" OR perhaps just "Are you a spammer? Type YES or NO."

Spambots obviously aren't equipped to handle unique fields like those, and you can visually weed out spam accounts based on their replies (or lack thereof). If a human should happen to ignore the warnings and big red (REQUIRED)s, well, maybe they shouldn't be posting here in the first place.

If you don't have the privileges to do this, tepples, why not find the person who does and ask them nicely? No other phpBBs I frequent have spambot problems like this one because they've actually done something about it at the code level. You can't fix this problem by twiddling with the pre-installed features.

by on (#37767)
Or trying to warn them. "Don't do that spamming thing, please! :("

Just turn on email validation or something already ffs.

by on (#37768)
Between spam and jargon, I'm about ready to find a new NES development forum.

by on (#37769)
blargg wrote:
Between spam and jargon, I'm about ready to find a new NES development forum.

I knew there was something I was forgetting in my reply.

by on (#37770)
I would be more than happy to help accomodate you.

by on (#37778)
Xkeeper wrote:
Just turn on email validation or something already ffs.

tepples wrote:
But CAPTCHA and e-mail activation are already turned on.

by on (#37789)
Is this the kind of activation that sends new members an e-mail, in which they have to click a link or copy a code to activate their account? If so, how are spambots circumventing this?

by on (#37793)
blargg wrote:
Between spam and jargon, I'm about ready to find a new NES development forum.


Same here.

by on (#37795)
blargg wrote:
Between spam and jargon, I'm about ready to find a new NES development forum.
Co-signed.

by on (#37801)
BMF54123 wrote:
Is this the kind of activation that sends new members an e-mail, in which they have to click a link or copy a code to activate their account? If so, how are spambots circumventing this?

Spambots check their e-mail, parse the response from phpBB, and follow the link.

by on (#37808)
Is it possible to add more fields in the registration process? Because on another forum, they have fields in the registration process that they say specifically to not fill out because spambots always fill in some of them, thus significantly lowering the number of spammers.

loopy wrote:
blargg wrote:
Between spam and jargon, I'm about ready to find a new NES development forum.
Co-signed.


Oh for god's sake, is it really THAT irritating? Just ignore it. There are plenty of people who are legitimately active on this site who talk about legitimate stuff. True, I get a little disappointed when I see that there is a new post only to find that it's trashy spam, but I really don't let it get to me. It's not like you're getting personally harassed or anything... That's just what I think.

by on (#37810)
Too bad that this forum software doesn't (that I know of) have a "kill file". Does anyone here remember the good old days of "usenet death penalty"?

All of that aside... I see tepples point quite clearly. He's trying to mod the board using the rule of law, not mod rule. Jargon may be annoying (he reasons are mostly irrelevant), but has he broken an actual rule? Probably, but I haven't checked the fine print. Tepples has stated that he won't issue a "bill of attainder" [3] or take any action based on an 'expost facto law'. I don't know about the rest of the world, but those principles are fundamental part of our (USA) rights in our Constitution (Article 1, sections 9 & 10). People died in a war to give us those rights (I'm talking to you, UK.... Hi over there...)

Anyway... Just let the owner of the board modify the rules (ie, more clearly define 'being a dick' or 'asshattery' (to borrow a term from Loopy)), and then appropriately ban asshats AFTER the new rule goes into effect and AFTER said asshat engages in asshattery.

*ducks and runs*


[1] http://en.wikipedia.org/wiki/Killfile

[2] http://en.wikipedia.org/wiki/Usenet_death_penalty (type #1, active :) )

[3] http://en.wikipedia.org/wiki/Bill_of_attainder

by on (#37813)
clueless wrote:
All of that aside... I see tepples point quite clearly. He's trying to mod the board using the rule of law, not mod rule. Jargon may be annoying (he reasons are mostly irrelevant), but has he broken an actual rule? Probably, but I haven't checked the fine print. Tepples has stated that he won't issue a "bill of attainder" [3] or take any action based on an 'expost facto law'. I don't know about the rest of the world, but those principles are fundamental part of our (USA) rights in our Constitution (Article 1, sections 9 & 10). People died in a war to give us those rights (I'm talking to you, UK.... Hi over there...)

Democracy is great in real life, but it doesn't apply so well to messageboards. Or the Internet in general.

by on (#37814)
I thought this was about spam? There's enough jargon threads elsewhere.

Celius wrote:
Oh for god's sake, is it really THAT irritating? Just ignore it. There are plenty of people who are legitimately active on this site who talk about legitimate stuff. True, I get a little disappointed when I see that there is a new post only to find that it's trashy spam, but I really don't let it get to me. It's not like you're getting personally harassed or anything... That's just what I think.


I ignored it the first time. And the tenth time. And the hundredth. I could keep ignoring it forever. I can pretty much depend on spam appearing like clockwork now. Something would feel missing if we _didn't_ get our regular dose of spambots.

I'm not annoyed by spammers. I'm annoyed at moderators for letting an excellent board slowly get run down from prolonged negligence.

by on (#37816)
Well, I finally got a bit tired of it: NinDev.

And unlike here, there will actually be somebody paying attention to the place. (Hate to be a jerk, but seriously, it feels like nothing ever gets done here.)

I'm willing to do whatever it takes to accomodate the community here, though. The good news is that the other two forums I'm running off of this code have had no spambots whatsoever.

Oh, one nice plus over phpBBs: Threads don't all instantly mark themselves read if you leave the board for more than 15 minutes.

(Oh, right -- if you guys have any ideas for other forums, let me know so I can add them asap)

by on (#37817)
Is starting this forum going to do more good than harm?

There might be people who stay here, when other people move over there. Thus the topics and the general understanding of the NES will be split between two forums.

by on (#37818)
I DON'T want to split up, but maybe this will get somebody's attention enough to fix things here.

by on (#37819)
Celius wrote:
Oh for god's sake, is it really THAT irritating? Just ignore it. There are plenty of people who are legitimately active on this site who talk about legitimate stuff. True, I get a little disappointed when I see that there is a new post only to find that it's trashy spam, but I really don't let it get to me. It's not like you're getting personally harassed or anything... That's just what I think.

So, if my next door neighbors were to start reciting sales pitches very loudly, at all hours of the day and night, distracting me from my everyday business, I should just ignore them because they're not personally harassing me?

I only have so much time I can spend on the Internet, and I'd rather not waste it clicking through a bunch of sales pitches (or, more often than not, random gibberish) in search of legitimate new posts.

by on (#37820)
I don't necessarily want to split, but I think it would be in the best interest. Nothing here is getting done; the administrator shows up once in a great while, spambots are taking over the forum, the place is falling apart.

I also started it because I have a lot of experience in running forums (see Jul). Letting this shit happen is a great way to lose people, and having threads full of spam tends to cause some problems down the road with people who aren't following along.

In addition, if we set up an IRC channel, I could set up my bot to report all new replies to that channel; so, for example, when somebody makes a new thread about something, you can jump right on it and help them out as soon as possible instead of just sitting here refreshing every five minutes =P

I wouldn't have considered this at all if it wasn't for the (many) people in this thread complaining about all the problems here... and with a concerted effort, we can move everything to the other one all in one fell swoop without leaving anything behind.

by on (#37821)
BMF54123 wrote:
So, if my next door neighbors were to start reciting sales pitches very loudly, at all hours of the day and night, distracting me from my everyday business, I should just ignore them because they're not personally harassing me?

I only have so much time I can spend on the Internet, and I'd rather not waste it clicking through a bunch of sales pitches (or, more often than not, random gibberish) in search of legitimate new posts.


Okay, there's a major difference here. A. There aren't people spamming all day and night here. True, practically every day, but not all the time. B. If there's a spam post, scroll past it... Press the "back" button... There's all sorts of things you can do to not have the spam displayed on your screen. It's a lot easier to not see than to not hear. Though I do agree that the not personally harassing thing would be a lame excuse if your neighbors were shouting sales pitches.

But I'd rather have it so something is done about spam, but I'm not going to leave this board because of it. At least not at this low magnitude of spam.

Though if everyone/everything moves to another thread to reduce spam, I'd be perfectly happy.

by on (#37822)
Celius wrote:
Okay, there's a major difference here. A. There aren't people spamming all day and night here. True, practically every day, but not all the time.
Keep in mind that for most people, they only view the board for maybe a few minutes out of every day; stop by, see what's new, move on.

New spam once a day is enough to throw several "false positives", making it less likely anybody views new threads unless they see a familiar name on the "Last post in forum" column. After all, why open it if it's just spam?

Similarly:
Quote:
B. If there's a spam post, scroll past it... Press the "back" button... There's all sorts of things you can do to not have the spam displayed on your screen.

That requires knowing where the spam posts are. Who's to say it's not some newbie? This is especially true where the only new post is in a thread -- who says it's not some newbie with a question or detail or something? You don't know it's spam until you view it -- and if turns out the only new post in that thread is spam, congratulations, you've just wasted time. That annoys people.


Quote:
It's a lot easier to not see than to not hear. Though I do agree that the not personally harassing thing would be a lame excuse if your neighbors were shouting sales pitches.

But I'd rather have it so something is done about spam, but I'm not going to leave this board because of it. At least not at this low magnitude of spam.
Keep in mind the spam is not the only reason I made this. Look at the front page. It's deader than dead. There's no mention of the Wiki. The forum has only a passing mention. The last update was over three years ago. For all intents and purposes, somebody coming here would see it and think the site's been long dead!

On the other hand, while I know the site here is all but blank, I would be more than willing to set up a news system so people active in the nesdev community could post about things happening in the scene, such as new emulators, demos, documents, whatever -- so that there's an actual updated front page.

In other words, spam isn't the only reason. The whole site here is falling apart. I want to help fix this, but with none of the admins or anybody active, the only option I have is to make something new.

That's what I'm doing. If we all co-operate with this, we can all achieve something better -- that's all I'm saying.

Believe me, I didn't want to move either (it's more to deal with). It's just that this site is all but forgotten by the owners.

by on (#37825)
Who has SSH and FTP access to this account anyway? Is the guy AWOL?
There's really no point to having absentee admins without shell access.

Even though I am completely guilty of this myself. I "own" Fanimutation Wiki, and ended up handing off WikiSysOp access to Quietust, but only me and Mudi have SSH access.

by on (#37826)
Yeah, I've actually noticed that the front page has been dead since 2005. I agree it would be nice to see a front page that was constantly updated, maybe with people's demos uploaded so we wouldn't have to start new topics for all of our demos/games. I'm totally up for an improved front page, no matter how it comes about.

And you're right about the wasting time part that's annoying. Though you can usually tell if something's spam. If you see one spam post from a member, you can be sure that all posts by them are spam. I usually don't waste my time to view them all. But still, you have to initially waste time to make sure the member is a spammer, which sucks.

Oh, and the funny thing is, I was messing around with NESDev trying to figure out basic stuff for about 6 months. I was well aware of the front page, but I had no idea this forum existed until I randomly ran into it!

EDIT: Oh, by the way, to reduce the number of spammers here, it'd be great to ban anyone with this as their website:

www dot u4game dot com

I've seen several spammers with this as their personal website.

by on (#37827)
Right on cue...


Celius wrote:
Yeah, I've actually noticed that the front page has been dead since 2005. I agree it would be nice to see a front page that was constantly updated, maybe with people's demos uploaded so we wouldn't have to start new topics for all of our demos/games. I'm totally up for an improved front page, no matter how it comes about.

That's the thing; if I can get people interested in posting "Community digest" messages (updates on the state of things), I'll be glad to start up a frontpage for nindev.rustedlogic.net. More than glad to; I already have a system I use myself for things.


Quote:
And you're right about the wasting time part that's annoying. Though you can usually tell if something's spam. If you see one spam post from a member, you can be sure that all posts by them are spam.

But, most spammers only post 1-2 messages. There are new accounts all the time; for example, this user just posted 2 messages today. It's always somebody new, so trying to remember who the spambots are is futile.


Quote:
Oh, and the funny thing is, I was messing around with NESDev trying to figure out basic stuff for about 6 months. I was well aware of the front page, but I had no idea this forum existed until I randomly ran into it!
That's what I mean -- I would've never noticed if I hadn't been linked here by somebody else because I never knew about it. There's literally nothing but "P.S., the forums are open" on the front page.

by on (#37829)
Xkeeper wrote:
Well, I finally got a bit tired of it: NinDev.

And unlike here, there will actually be somebody paying attention to the place. (Hate to be a jerk, but seriously, it feels like nothing ever gets done here.)

I'm willing to do whatever it takes to accomodate the community here, though. The good news is that the other two forums I'm running off of this code have had no spambots whatsoever.

Oh, one nice plus over phpBBs: Threads don't all instantly mark themselves read if you leave the board for more than 15 minutes.

(Oh, right -- if you guys have any ideas for other forums, let me know so I can add them asap)


I see that your intention are good but if we do this, we may split the current community.

Basically what you're saying is the current administration doesn't do it job or doesn't have the proper rights to do it. Isn't it the time to add more fresh admins that would update the main page and take care of the message board to fix the spam issue?

Can we find a way to add people to do the job and add all the interesting ideas that you propose or right now nobody is listening? If this is the case then we would have no choice to move somewhere else.

By the way, does the content of this message board can be imported to the bbs you're using?

by on (#37830)
Acmlmboard is completely custom software, there's no off-the-shelf importer for PHPBB.

by on (#37831)
Dwedit wrote:
Acmlmboard is completely custom software, there's no off-the-shelf importer for PHPBB.
I could likely write one, but it wouldn't occur without some loss of data. Probably nothing major, but definitely some.

And yheah, it's completely custom; that's one big reason it's entirely spambot-proof (none of them work with it), among others.

Quote:
I see that your intention are good but if we do this, we may split the current community.

Basically what you're saying is the current administration doesn't do it job or doesn't have the proper rights to do it. Isn't it the time to add more fresh admins that would update the main page and take care of the message board to fix the spam issue?

This issue has been here for a long time. I swear I've brought it up before, and even then Memblers seems to show up about once a year.

Even then, what little action is taken here seems to be wholly inefficient.

by on (#37832)
I see you're using the invisible textbox trick. I use it too, but not with the IP banning part yet. Works quite well at stopping most bots. But when the spambots that parse CSS come around, watch out for the zombie flood.

by on (#37839)
Quote:
Between spam and jargon, I'm about ready to find a new NES development forum.

Agreed.
Quote:
Nothing here is getting done; the administrator shows up once in a great while, spambots are taking over the forum, the place is falling apart.

Well, it's true that since Quietust and Koetsu are gone, the Nesdev communauty has seriously decayed. Memblers is still here but is really not that much active, likely he's busy with something else in real life and we can't blame him for that.

About moving to a new forum, why not (we have already moved to this forum from another several years ago right after I came into NESdev), but will this really fix problems or will it add more problems ? If administrators and moderators are more active, will that incitate people to release more games or demoes for the NES ?

by on (#37846)
No offense but if we were to move I'd liked it to be hosted by someone who's been here for a while that I know can trust, again no offense.

Also just because acmlmboard (or what ever the software is called) is custom written doesn't make it secure. Just doing a google for acmlmboard proves my point 3rd result: "AcmlmBoard 1.A2 (pow) Remote SQL Injection Vulnerability".
I also tried visiting acmlm just for fun and received one 404 and one fatal error in a php script..

edit:
!! internet drama ahoy !!

now I also found this.. old but still
http://board.acmlm.org/thread.php?id=4911&o=0&p=20 wrote:
[small snippet]
When I wake up, I almost literally find the board in complete ruins; I can't even believe that I wasn't still dreaming. I'm told a summary of events, and we suppose there's no choice but to continue Acmlm's Board from here. We had reverted the board to the latest backup, from a few days before, obviously keeping Xkeeper banned. Acmlmboard is infamous for being a huge security hole (it was only lucky it hadn't had too many serious take-downs in its past), and Xkeeper likely knows many nooks and crannies of the damn thing.


Quote:
[more drama]
Sometime in July or August 2007, blackhole decided to start coding on the board. Bad idea. Xkeeper throws a shit-fest over there, much the same he did here, attempts to destroy it, and splits off yet another splinter-community board (named “Justus League 2”, or “JUL” for short)


yeah this sounds like a great idea..

Please correct me if any of this is wrong.. I've never been to acmlmboard before and never really heard of you either before, so I might have had this all wrong?

by on (#37874)
dXtr wrote:
No offense but if we were to move I'd liked it to be hosted by someone who's been here for a while that I know can trust, again no offense.

It's going to be co-run by BMF54123, who has been a NES ROM hacker for more than 7 years and has been a member of this forum for about two. I'm just doing the technical upkeep side of things.


Quote:
Also just because acmlmboard (or what ever the software is called) is custom written doesn't make it secure. Just doing a google for acmlmboard proves my point 3rd result: "AcmlmBoard 1.A2 (pow) Remote SQL Injection Vulnerability".
I also tried visiting acmlm just for fun and received one 404 and one fatal error in a php script..

That isn't even an Acmlmboard; it's a clone coded by somebody else that is in a gravely incomplete state. "acmlm.org" has nothing to do with Acmlm at all; the domain is registered to somebody else and he refuses to give it to Acmlm.

By the way, that vulnerability? Yeah, that's for a version of the board five years old. I've been fixing these vulnerabilites left and right, and I even have my own pet hacker (who loathes me) to constantly try exploits that I patch within a day or two as soon as I find it.


Quote:
edit:
!! internet drama ahoy !!

now I also found this.. old but still
http://board.acmlm.org/thread.php?id=4911&o=0&p=20 wrote:
[small snippet]
When I wake up, I almost literally find the board in complete ruins; I can't even believe that I wasn't still dreaming. I'm told a summary of events, and we suppose there's no choice but to continue Acmlm's Board from here. We had reverted the board to the latest backup, from a few days before, obviously keeping Xkeeper banned. Acmlmboard is infamous for being a huge security hole (it was only lucky it hadn't had too many serious take-downs in its past), and Xkeeper likely knows many nooks and crannies of the damn thing.


Quote:
[more drama]
Sometime in July or August 2007, blackhole decided to start coding on the board. Bad idea. Xkeeper throws a shit-fest over there, much the same he did here, attempts to destroy it, and splits off yet another splinter-community board (named “Justus League 2”, or “JUL” for short)


yeah this sounds like a great idea..

Actually, the reason for the splits are not being told correctly. By the way, fun fact: The users on that forum loathe me. Many other people detested them, I banned them from the board, and that's where they're all at now. Reading anything there comes with inherant bias, so learn that now.

Regardless, the reason for the splits, in order:
- The server admin on board.acmlm.org gave somebody else root access without telling me, who proceeded to "fix" bugs that didn't need fixing, breaking a ton of shit in the process
- blackhole89 disagreed with my style of administration, so instead of talking to me about it directly decided to stage a hostile takeover, aided by a former admin from 2002 (this happening in 2007, and he promptly left afterwards) and a few others. The fact that most of the community left with me to Jul should indicate something.


Quote:
Please correct me if any of this is wrong.. I've never been to acmlmboard before and never really heard of you either before, so I might have had this all wrong?
I've answered all of your points. All I can say is that you are finding pretty much the most incorrect information on the internet. If you have any other questions, direct them to me.

by on (#37875)
Oh, boy, here we go.

First: 1.A2 is an old, incomplete clone of the original code (the latest, most secure version is currently in use on Jul; disregard the date). Those security holes do not exist in the version Jul is running.

Second: I was there for every one of those drama storms, and suggest you take anything that board has to say with a grain of salt. It was far more complex than "Xkeeper threw a fit and blew up the board." The only people that post on that board anymore are the ones who were repeatedly banned for spamming and disruptive behavior (as a quick visit here proves), so obviously their view of past events is going to be a bit tainted.

[edit]
What Xkeeper said. :P

by on (#37876)
Regardless, I am more swayed by this argument.
dXtr wrote:
No offense but if we were to move I'd liked it to be hosted by someone who's been here for a while that I know can trust, again no offense.

by on (#37877)
loopy wrote:
Regardless, I am more swayed by this argument.
dXtr wrote:
No offense but if we were to move I'd liked it to be hosted by someone who's been here for a while that I know can trust, again no offense.


Xkeeper wrote:
dXtr wrote:
No offense but if we were to move I'd liked it to be hosted by someone who's been here for a while that I know can trust, again no offense.

It's going to be co-run by BMF54123, who has been a NES ROM hacker for more than 7 years and has been a member of this forum for about two. I'm just doing the technical upkeep side of things.


I myself have been ROM hacking on and off for several years (first started in 2001, even), but not quite a member of this community. As I've already said, BMF has full access to this site in its entirety.

by on (#37880)
Huh.

Well, I'm thinking what Banshaku said is the best thing. Memblers is obviously really busy, because he rarely comes online that often. To me, it would seem a better idea to see if he is comfortable enough to share FTP privileges with someone to the main site, and allow them to make updates to it, fix broken links, etc., as well as fix up the boards to guard against spambots.

Picking up and moving to an entirely different place just seems like a bad idea to me. There is so much info here, it's crazy!

by on (#37881)
XKeeper >
If what you say is true (and I have no reason to doubt) I'm sorry for sounding like I accused you for something.
I just got a bit surprised when the only I found on the first search result page was that kind of posts.

by on (#37883)
dXtr wrote:
XKeeper >
If what you say is true (and I have no reason to doubt) I'm sorry for sounding like I accused you for something.
I just got a bit surprised when the only I found on the first search result page was that kind of posts.
That's usually what happens with niche communities. :|

Also, re: multiple users updating the front site: I'm not sure Parodius's hosting services even allow that.

by on (#37887)
Xkeeper, I appreciate your solution to the problem. If phpBB is broken, there's no reason we should stuck with it. I've added a few mods and patches to it before, and usually that involved editing a lot of files manually and was generally a pain. I'd be glad to see it go, but I can't imagine that everyone really wants to move now.

We were using a different forum software for a long time. Hell, we had anonymous posts enabled for years without any notable problem. It was all nice and open, I think many people posted who wouldn't have otherwise, and the forum grew.

The main complaint with the old forum, was that no one could edit posts. So we moved to phpBB, the older forum is frozen but still up for reference. First post was 10/12/00, almost 8 years ago.
http://nesdev.com/cgi-bin/wwwthreads/showpost.pl?Board=nesdev&Number=1&page=43&view=collapsed&sb=5

If there's anyone who really wants to become a spam control expert for the site, by editing the forum software, just say so. If I can't get you ftp access, I could supply the needed files.

by on (#37888)
Memblers wrote:
Xkeeper, I appreciate your solution to the problem. If phpBB is broken, there's no reason we should stuck with it. I've added a few mods and patches to it before, and usually that involved editing a lot of files manually and was generally a pain. I'd be glad to see it go, but I can't imagine that everyone really wants to move now.


This is how I feel a little bit. It is a solution but it seems a little bit extreme. It could fix the spam problem but it may create some too:

- You have to re-create your account (I guess). What happen if an old member's account from a user that is not active at the moment is taken over by a new user?
- You cannot import the content 100% because it's a custom solution
- You cannot continue existing threads
- The community could becomes fragmented

etc

It's a nice solution but not the appropriate one but at least your intentions are good like I said.

Some time we have to figure out how to fix the current issue and not "tearing the house down" just because it seems the easiest solution. There is always consequences to restart from the ground up.

This is my person opinion, people don't have to agree with it.

By the way Membler, who can update that main page? "Updated in 2005" seems so wrong. We should update that page more often. This is how we find the forum and everything, it should be more active than that.

by on (#37890)
Hey Xkeeper:
How do you know that IP packets with forged address won't trigger the registration "IP ban me" feature?

by on (#37894)
Roth found a mod that he'd used before, and we have that working now. So anyone who tries to register an account, and fills out any of the info fields (url, interests, etc.) will be stopped from registering. You fill out those info field after registering (if you want).

Hopefully this will stop enough of the spammers.

by on (#37896)
Re: password IP-banning: That's actually just an empty threat to scare newbies into not using them ;) There actually hasn't been anybody banned for using one in quite some time (last one circa about mid-2007, likely even earlier)
Not only that, but I'm not really sure you can forge $_SERVER[REMOTE_ADDR].

Quote:
- You have to re-create your account (I guess). What happen if an old member's account from a user that is not active at the moment is taken over by a new user?
- You cannot import the content 100% because it's a custom solution
- You cannot continue existing threads
- The community could becomes fragmented

With time and access, this could all be solved.

For "taken over", I haven't ever encountered it being a serious problem. Those who do have it happen (on rare occasions) are usually revealed by others or forced to have a name change.


I know that moves can be fragmenting (as I said, I've observed it several times, none of which were planned). But as long as it's a smooth and well-handled transition, it can go well.

As I said prior, I think it would be nice to move somewhere where the administration is actually active more often than once every few weeks, but...

by on (#37897)
Roth wrote:
Huh.

Well, I'm thinking what Banshaku said is the best thing. Memblers is obviously really busy, because he rarely comes online that often. To me, it would seem a better idea to see if he is comfortable enough to share FTP privileges with someone to the main site, and allow them to make updates to it, fix broken links, etc., as well as fix up the boards to guard against spambots.

Picking up and moving to an entirely different place just seems like a bad idea to me. There is so much info here, it's crazy!

Agree 100% with everything here.

Xkeeper wrote:
As I said prior, I think it would be nice to move somewhere where the administration is actually active more often than once every few weeks, but...

If some responsibilities can be delegated, a move is unnecessary.

by on (#37911)
Xkeeper wrote:
I'm not really sure you can forge $_SERVER[REMOTE_ADDR].

Proxies. Residential dynamic IP addresses.

Quote:
Quote:
- You have to re-create your account (I guess). What happen if an old member's account from a user that is not active at the moment is taken over by a new user?

With time and access, this could all be solved.

For example, open one forum on the old board for users to post something that authenticates their account on the new board.

by on (#37916)
Quote:
Proxies.


Test if common ports are open for the anonymous ones, eg 8080, etc.

Another method would be to fetch
http://en.wikipedia.org/wiki/User_talk:$_SERVER[$REMOTE_ADDR] (1), and if "proxy" is found in the result, it's probably a proxy. Flag it for manual approval.

This would only be done during registration one time, of course.

Quote:
Residential dynamic IP addresses.


/20 - /26 subnet mask. Not enough users here to worry about two with the same local town ISP.

----------------------------------------

I believe Tor also has a way to test for its exit points.

I see your point though. It's better not to get into an unwinnable game of cat and mouse. Just raise the difficulty of registration, eg ~24 hour delay before a moderator manually approves a new account. Eg annoy them away.

Honestly though, at least the spam posts are somewhat comprehensible. Which is more than I can say for certain other accounts here ...

by on (#37927)
Banshaku wrote:
By the way Membler, who can update that main page? "Updated in 2005" seems so wrong. We should update that page more often. This is how we find the forum and everything, it should be more active than that.


Only my account can upload it. It does suck that I haven't maintained it. What's even worse is my contact email address on there is extremely ancient and spam-filled (14 years or so? it still works but I almost never check it). I think it's because I was most enthusiastic about organizing it all while I was still learning the ropes. When I got better at programming I wanted to do that more, but once I started writing soft+hard+firmware (heh), I about quit writing http. Anyways it seemed like the site (through the forum) had a life of it's own.

by on (#37945)
Memblers wrote:
Anyways it seemed like the site (through the forum) had a life of it's own.

The problem is, as Xkeeper mentioned before, the only link to the forums from the main page is practically invisible. Most legitimate new members likely find them via either a Google search or a link from another site. :(

At the very least, you should add a note to the main page stating that it's basically an archive, and provide visible links to both the forums and the wiki.

by on (#37947)
Memblers wrote:
Only my account can upload it. It does suck that I haven't maintained it. What's even worse is my contact email address on there is extremely ancient and spam-filled (14 years or so? it still works but I almost never check it). I think it's because I was most enthusiastic about organizing it all while I was still learning the ropes. When I got better at programming I wanted to do that more, but once I started writing soft+hard+firmware (heh), I about quit writing http. Anyways it seemed like the site (through the forum) had a life of it's own.


I see how you feel about it.

Maybe you should ask someone to maintain the main page and give it back to you for the updating it? That way you don't have to worry about html coding and content, just the uploading and approval part.

by on (#37964)
Quote:
The problem is, as Xkeeper mentioned before, the only link to the forums from the main page is practically invisible. Most legitimate new members likely find them via either a Google search or a link from another site. Sad

At least jargon managed to find us.

And yeah the main page should be updated. Just all dead links (re)moved (that's about 80% of the links over there), and new links added to recent releases in NESdev communauty, especially the wiki and the bootgod database.

by on (#38027)
I do have a volunteer who will go through and remove the dead links.. that will be a start. Then we can start adding new stuff.

I know it sounds simple to do to everyone, but my time is limited and I'm putting most of my NESdev time into work on Garage Cart #2. So any and all help is appreciated, I'll let everyone know when we're ready to move forward.

by on (#38107)
Memblers wrote:
I do have a volunteer who will go through and remove the dead links.. that will be a start. Then we can start adding new stuff.

I know it sounds simple to do to everyone, but my time is limited and I'm putting most of my NESdev time into work on Garage Cart #2. So any and all help is appreciated, I'll let everyone know when we're ready to move forward.


Great to hear that we have some volunteer to update the main page.

I understand how you feel. If you have a full time job and a family, it's hard to put time for your hobbies. I'm lucky when I can put 1h per day on it!

If there a small thing I can help with, I'll be more than happy to do it. But my time is limited too.

by on (#38212)
Hey, these days I haven't seen any spam yet... mod or spam protection getting good?

by on (#38217)
OK, the link-fixed version of index.html is up. Anyone want to volunteer to expand it?

I'm glad to hear the spammers haven't gotten through yet. But, it's only a matter of time.

by on (#38220)
Memblers wrote:
OK, the link-fixed version of index.html is up. Anyone want to volunteer to expand it?


Good job in updating the front page, this is already a good start!

Right now I cannot volunteer to expend it but I would like to give a few suggestion and hope other people of the community will do the same. Then we can apply the best suggestions.

I would suggest that the main page be split into multiple sections. This page is too huge and hard to browse. If you split it, this would allow you to delegate a specific section to a volunteer. That way, no more clash if more than one people edit the main page.

Then I would suggest that the main page be as minimalist as possible. You should only show what is new about the community, link to other sites related to this page (bbs, wiki etc) and link to the information that have been splits by categories.

By doing this, this should help make the maintenance of this site easier.

People of the nesdev community, it's time to give your suggestion! ;)

by on (#38253)
Nice to see a little update on the front page :)

by on (#50068)
Okay, I'm sick of all that damn spam everywhere.
My board gets very little spam. I am using two things to stop it:
* Fake textarea located above the real one, hidden by CSS. It's also using the field names of the real textarea to suggest that it's the real thing, but all posts with something put in there are rejected. Of course, this requires modifying all field names.
* Newly registered users or guests can not post URLs or Links in their first post. I haven't done it yet, but this rule could be modified by adding a Recapcha for anyone whose first post would legitimately contain links. Yes, spammers are catching on to this one, and posting nonsensical posts before their link barrage, but the fake textarea trick still stops most of them.

by on (#50071)
Sounds like a never ending cat and mouse play. Smammers developp new programms to bypass people's anti-spam measures, and people developp new measures to bypass spambots. I wonder how far it'll go.

by on (#50079)
Let's not forget that there are actual companies you can hire (some in India are confirmed) who will have human beings sit around and create accounts on forums + post whatever content you desire.

And CAPTCHAs are worthless, not to mention downright annoying, and waste server/system resources.

The donut/whirlpool forum here on Parodius had a problem with spammers. They tried all sorts of things, and the entire time I kept telling them the only way to solve the problem was to make the board user/password protected (using HTTP authentication) and if someone wants an account, have someone manually add it (e.g. you had to request an account via Email to the board owner). There was no automatic process. All Emails were reviewed by a person.

Ultimately they went with this, and from that day forward got absolutely no spam. Welcome to 2009.

by on (#50085)
We had a similar style of spamming over on the Minimig forums. After discovering that all the spam was coming from a particular IP range then it was a simple matter to block access from that IP range. Had the side affect of blocking a (probably) large number of users form a particular ISP in a particular country (it escapes me as to which it was) but the admin decided that the risk of blocking any legit users from said ISP and country was far outweighed by the relief of blocking the spam.

Can't say that would be a suitable tactic here tho, considering the greater global presence of NESDev ^_^

by on (#50089)
I kinda miss the days when anonymous posting was allowed. When the forum first started, I don't think it would have gone anywhere without it (or at least would've been much slower to grow).

Considering that the user registration page already has a custom-added question on it, and won't let you register without answering it correctly, I'd think there has to be a human in the loop somewhere (to at least config their bot for this forum). So I don't see what else could possibly work, besides changing that question very often or taking the very drastic measures that were just mentioned.. Seems like even a completely coded-from-scratch forum would still get spammed eventually.

by on (#50092)
koitsu wrote:
The donut/whirlpool forum here on Parodius had a problem with spammers. They tried all sorts of things, and the entire time I kept telling them the only way to solve the problem was to make the board user/password protected (using HTTP authentication) and if someone wants an account, have someone manually add it (e.g. you had to request an account via Email to the board owner). There was no automatic process. All Emails were reviewed by a person.

Ultimately they went with this, and from that day forward got absolutely no spam. Welcome to 2009.


With today's spam tactics, you cannot have a public forum and hope that it will not be spammed in some way. I think I reported recently many links to Tepples by pm since they seems to post at night (for the US) and for me it's during the day so I see them while posting..

Since Nesdev is a very niche topic I think the only solution is to go with an invite only like Koitsu say. I know it sucks compared to 1999 but where not in that era anymore. Time change, so should nesdev. It just who will do the job of creating the account and reviewing them? We could always separate the job between a few users to relief Memblers pain. I don't mind to review some account request when I have time.

I don't say to make the forum private. The content should stay public. But the automatic creation of account.. I think that era is over.

by on (#50105)
Sorry double post. Someone just registered (aamaomao) and spammed right away. This is a new wave of spam this week. Either we change the registration system or we have to make it manually like explained above. The later is maybe the better but the most annoying to take care of.

by on (#50108)
By "invite", did you really mean the system where you have to get an invitation code from an existing member out-of-band and then each member can only give out a small number of valid invitation codes per month, like early Orkut? Or do you mean like Advogato, which requires that users be certified by other users in order to post outside their own blog?

by on (#50109)
tepples wrote:
By "invite", did you really mean the system where you have to get an invitation code from an existing member out-of-band and then each member can only give out a small number of valid invitation codes per month, like early Orkut? Or do you mean like Advogato, which requires that users be certified by other users in order to post outside their own blog?


The system I described worked like this: you could read the board without authentication, but an attempt to post (e.g. the Submit button) would require HTTP authentication (mainly using an Apache .htpasswd file).

How users got added: there was a notice at the top of the board stating that if you wanted the ability to post, send an Email to {address} and request a username/password. {address} happened to be an alias which went to 3 or 4 Email addresses (all board maintainers). The admins would then receive an Email from someone requesting post access, and they'd review it + discuss it (or whatever -- I wasn't one of the maintainers), and choose to add the user to .htpasswd.

The same sort of methodology could be applied without Email (e.g. requests for account additions could go into a queue and show up as forum posts in an admin-only forum), but Email was the easiest way for the admins of the board.

Sure, they got standard Email spam to it on occasion, but that's what spam filters are for.

by on (#50110)
That sounds like what's done on some other boards: New accounts may post only in the "Introductions" forum. If an administrator or global moderator finds a user's first post coherent, the administrator or global moderator puts the user in a group that can post almost anywhere.

But then this raises the question of what happens should moderators become unavailable for extended periods. We don't want another Atarimike situation.

(Bug report: The 401 error page at http://donut.parodius.com/ isn't helpful. If / is restricted access, the 401 page SHOULD explain why.)

by on (#50111)
tepples wrote:
(Bug report: The 401 error page at http://donut.parodius.com/ isn't helpful. If / is restricted access, the 401 page SHOULD explain why.)


I think that's because their entire site has been offline for a couple years now. The maintainers lost interest / lacked time due to real life jobs, but one of them has been occasionally (every few months) working on something new, so the entire site is password protected at this point.

I'm sure if they cared enough to change the default 401 message they would have. :-)

by on (#50114)
tepples wrote:
By "invite", did you really mean the system where you have to get an invitation code from an existing member out-of-band and then each member can only give out a small number of valid invitation codes per month, like early Orkut? Or do you mean like Advogato, which requires that users be certified by other users in order to post outside their own blog?


I think I chose the wrong word for it. If we have an invite like you said, this would reduce the people that can create an account and I find this wrong. What I meant is a user will have to send a request to get is account approved. It could be a form with the requested username and the user could talk a little bit about his interest/goal about nesdev etc. If it's a bot, the message would make no sense anyway. But it would make judging if an account is valid hard if the bots get smarter. But in that case, it would mean the spammer are directly targeting nesdev for some strange reason.

koitsu wrote:
The system I described worked like this: you could read the board without authentication, but an attempt to post (e.g. the Submit button) would require HTTP authentication (mainly using an Apache .htpasswd file).


But does this mean that on every post you will need to write the password or the authentication is only done once? My guess is this is a one time action until the session is over.

tepples wrote:
But then this raises the question of what happens should moderators become unavailable for extended periods. We don't want another Atarimike situation.


In the case of the previous wiki, we only had 1 administrator which was not easily reachable. Now we have me, you, Memblers and in the worst case scenario Koitsu can help on the subject. If we are concerned about this, we just add more admins to avoid the problem. It should be people that post here often. If someone cannot cover his position for a certain time, he should get in touch with the other moderators. I don't mind to help once in a while since I did it already for the wiki and can cover night requests.

by on (#50119)
Banshaku wrote:
koitsu wrote:
The system I described worked like this: you could read the board without authentication, but an attempt to post (e.g. the Submit button) would require HTTP authentication (mainly using an Apache .htpasswd file).


But does this mean that on every post you will need to write the password or the authentication is only done once? My guess is this is a one time action until the session is over.


Present-day browsers (IE, Firefox, Opera, Safari, Konqueror, and many others) all support saving the username/password used for authentication at a specific URL. If you use Firefox, I'm sure you've seen the bar at the top of the browser pop up asking you if you want to save this password for future use.

All that happens when you post is that you get a username/password box, which has the fields already populated, and you just hit Enter/OK.

by on (#50120)
I see what you mean but never use these options. I always been against those form saving functionality for security reasons. So this mean it will be asked on every post. hmm... We should keep it in mind as one possible solution. It seems a little bit drastic but could work if it goes out of hand.

I'm no expert for phpbb but one option I saw in this thread is to have a note to admin on admin activation. But this imply that the admin must activate every account, which could be a chore. I don't mind to help for that part. Bots will not write that note and human spammers must write something that make sense to be able to be activated. Bot could at a later stage write something but since it's a script, it would need to be targeted at nesdev anyway so it should be easy to filter out.

I think this should reduce already a lot of spam but I don't know which version of phpbb we are using right now. The (C) on the front page seems to imply an older version. It may make it harder for normal users to register but I guess someone that really wants to talks about nes programming and that is not a spammer is able to write a simple text about it.

by on (#50125)
The whole concept of what I described **is** that it requires administrators to confirm/deny applications for an account with posting ability. All existing automated methods (CAPTCHAs, etc.) have been defeated.

Regarding phpBB version: the copyright logo, AFAIK, has nothing to do with the version. The site uses phpBB 2.0.21, while 2.0.23 happens to be the latest in the 2.0.x series.

I realise they're up to 3.x, but I'm certain migrating from one to the next is a pain. Not to mention, the phpBB installation here has custom modifications to make Unicode work for the non-English forums.

by on (#50134)
In that case, someone should suggest guidelines as to what to look for in a new user's introduction before granting privileges.

by on (#50163)
Koitsu:

I really don't know squat about phpBB so I based my judgment on the date of the page. If we could upgrade without too much hassle to 2.0.23, I guess it would be enough for now. This way, we could use the note to admin "plugin", if we can call it that way.



@Tepples:
I think there is no 100% fail safe way to make sure the person that will register is not a spammer. You have to use your own judgment based on the message for the note to admin. If it seems the intention of the user is nes oriented, we have to give them a chance. A bot will not post something that make sense. A human spammer, he will have to be creative a little bit.

Of course it's not 100% sure no spammer will try to post spam but still better than the current situation. Worst situation, if the spam degenerate after that, we can go with Koitsu suggestion. But for now I would still prefer a solution that is less drastic then this one, unless we have no choice.

by on (#50166)
We wouldn't even need a mod that allows notes to administrator. I'd prefer to make a single forum that any registered user can post in, called "Introductions". A coherent introduction would result in privileges. I'm ready to open a straw poll in another topic.