StarDestroyer.Net BBS

[quote="Ohma"]I do honestly think that the pay to register system should be back in place. It's more of a hassle, but it does keep out [i]most[/i] of the total dickbrains, and it also helps keep the board afloat.[/quote]

I thought it was still in place. :?

The Romulan Republic wrote:

Ohma wrote:I do honestly think that the pay to register system should be back in place. It's more of a hassle, but it does keep out most of the total dickbrains, and it also helps keep the board afloat.

I thought it was still in place.

That would be the reason for this thread.

Though I'd say it should also be expanded to include non-free email addresses...though since I don't know how many people have tried to troll the board with those I don't know how reasonable that idea is.

Since there seems to be some confusion over this, this is how the mod-approved registration worked:

A user signs up with an account name and an e-mail address. The admins receive an automated email from the server with that information. The admin then has to manually check to see if the e-mail is a freemail account; the server doesn't know the difference between Comcast.net and freeRussianwebmailforviagraspammers.com. The board was set up to automatically reject accounts from a webmail on a list of known freemail providers, but that had to be manually updated, too, and the number of freemail providers is enormous. And the overwhelming majority of them that we were getting were Eastern European or Russian, too, meaning none of the mods had ever heard of them and, so, had to check them out manually. Finally, once you've confirmed an email is legitimate, then you have to manually email an activation link to the user.

The overwhelming majority of sign-ups were Russian spammers, generating a huge volume of new sign-ups; if you'll notice, the last few 0-post account purges by Mike have caught over 1000 members. Each and every sign-up, unless it's from a known paid email account (generally one provided by an ISP or university), requires someone go through this process. It would be a boring, thankless chore even if moderators were paid; the reason why Mike removed it is because 1) he thought that maybe his moderators would like to do something besides play PI with a bunch of third-world assholes trying to sell garbage to idiots, and 2) since it had been so long since we had any kind of organized invasion, we naively assumed it wouldn't happen again.

Now, that's how the old system worked. If anybody has some actual suggestions to improve it, that would be lovely. Off the top of my head, I'm thinking keeping the math problem requirement but going back to admin approve would filter out spambots, reducing the volume of necessary approvals. If we wanted to be really restrictive, we could change from a disallowed email list to an allowed email list with only known paymail sites on it, and force everyone else to compose an email asking to be let in.

Here's a couple of thoughts for things that might be doable, after browsing the phpbb 3.x mod database.

First: http://www.phpbb.com/community/viewtopic.php?t=1258765 - Account Justification
Requires a couple sentence blurb for the person to state why the want an account. Won't stop a determined invasion, but may help.

Second: http://www.phpbb.com/mods/db/index.php? ... ib_id=3182 - Requires the email verification before it shows up in the admin's mailbox for approval




This is for Phpbb 2.x, so it might take some coding work: http://www.phpbb.com/mods/db/index.php? ... ib_id=1311 - Disables use of bbcode and specific phrases until post count hits arbitrary amount

Another 2.x mod: http://www.phpbb.com/mods/db/index.php? ... ib_id=3125 - Sets a minimum post count before a person can start a new thread or PM

A third 2.x mod http://www.phpbb.com/mods/db/index.php? ... ib_id=1649 - Requires a user to have X posts and/or be registered for Y days before URLS can be posted.

A final 2.x mod: http://www.phpbb.com/community/viewtopic.php?t=443842 - Users with post count under Y will need to answer a captcha before being able to post

I have no idea how many of these are already implemented, but some of them might bear further investigating. Obviously, none of these will stop a determined invader, but some of them might make the account approval process easier for the admins. I just found all of these by browsing phpBB.

I really like the mods that cripple new accounts; this entire invasion would have been a couple of n00bs acting like idiots if they had BBcode and thread creation disabled. And as an added bonus, if we zero someone's post count as a punishment, he loses BBcode and thread creation, which seems like a good punishment between custom title and perm ban. The only one I don't like is the captcha; that's just too annoying. Nobody new would ever stay around.

Limited accounts on low post counts seems to be the best way to deal with this. Disallow posting of URLs and IMGs for people with very low post counts. Maybe limit thread creations to the testing forum.

As an aside, it seems that registration has been disabled. When I click on the link, I get nothing, not even a 404.

Don't be fooled. Already tested that myself. You have to be logged out in order to register.

[quote="RedImperator"]I really like the mods that cripple new accounts; this entire invasion would have been a couple of n00bs acting like idiots if they had BBcode and thread creation disabled. And as an added bonus, if we zero someone's post count as a punishment, he loses BBcode and thread creation, which seems like a good punishment between custom title and perm ban. The only one I don't like is the captcha; that's just too annoying. Nobody new would ever stay around.[/quote]

That's part of what worries me: that people will overreact as a response to this recent invasion, and the result will be the institution of policies that will discourage new membership. I'm hoping that the moderators and administration will proceed in a cautious and sensible, as opposed to a needlessly heavy-handed manner.

I like that limited account for low post count members, maybe is possible limit it so that new member can use quote funtion and maybe text formating, but no pics, links or smilies and maybe also limit their ability to post new threads (like new posts only in testing or something like that), just keep the postcount limit low enough that those who truly want to be here don't have to wait for ages to get access to full use of posting but high enough that if a troll tries to break it by mass posting they'll metaphorically hang themselves.


ofc another possibility if possible is that new member could post only 1 new topic in (insert time limit) until they got x non-testing posts (maybe combine that with limited accounts), that you can make new topic right away but lets say only 1 topic per day and you got limited account, until you get x posts, as long as we don't go overboard (pardon the pun) with the limitations it should work and not scare away new members. Maybe with optional possibility for admins (or even mods) to activate your full account should you prove worthy of it even before you hit the limit, but if we keep the post limit at something like 100 post or more at worst it shouldn't be too harsh.

basically the message being "if you wanna stay, prove that you've read and know the rules and know how to behave"

The Romulan Republic wrote:

RedImperator wrote:I really like the mods that cripple new accounts; this entire invasion would have been a couple of n00bs acting like idiots if they had BBcode and thread creation disabled. And as an added bonus, if we zero someone's post count as a punishment, he loses BBcode and thread creation, which seems like a good punishment between custom title and perm ban. The only one I don't like is the captcha; that's just too annoying. Nobody new would ever stay around.

That's part of what worries me: that people will overreact as a response to this recent invasion, and the result will be the institution of policies that will discourage new membership. I'm hoping that the moderators and administration will proceed in a cautious and sensible, as opposed to a needlessly heavy-handed manner.

In case you missed it, child pornography was plastered all over the place earlier. And not just a link to it that only an idiot would click on, but in threads where anyone could be exposed to it and the legal implications that involves. So far we haven't heard of anyone who got hit with it at their workplace, but it could have easily happened. We're not talking about banning half the members of certain forums here, these are sensible precautions so this shit doesn't happen again.

Flagg wrote:

The Romulan Republic wrote:

RedImperator wrote:I really like the mods that cripple new accounts; this entire invasion would have been a couple of n00bs acting like idiots if they had BBcode and thread creation disabled. And as an added bonus, if we zero someone's post count as a punishment, he loses BBcode and thread creation, which seems like a good punishment between custom title and perm ban. The only one I don't like is the captcha; that's just too annoying. Nobody new would ever stay around.

That's part of what worries me: that people will overreact as a response to this recent invasion, and the result will be the institution of policies that will discourage new membership. I'm hoping that the moderators and administration will proceed in a cautious and sensible, as opposed to a needlessly heavy-handed manner.

In case you missed it, child pornography was plastered all over the place earlier. And not just a link to it that only an idiot would click on, but in threads where anyone could be exposed to it and the legal implications that involves. So far we haven't heard of anyone who got hit with it at their workplace, but it could have easily happened. We're not talking about banning half the members of certain forums here, these are sensible precautions so this shit doesn't happen again.

No, I didn't miss it. In fact, it is partly because I am aware of how fucking serious this is that I'm worried about an overreaction that will damage the board.

That said, I'm not saying some improved safeguards of some sort aren't a good idea. I'm just glad I wasn't on when this happened.

I think TRR is talking about Red's thoughts on the captcha. This thread has indeed seen some very reasonable security ideas passed around, and I would vouch my support for the crippling of n00b accounts until they can prove they want to stick around, but measures like asking people to pay would be rather... draconian, IMO. Why pay ten bucks (or what have you) just so you can post on a discussion board of little to no consequence? Sure, there would be no invaders, but we have seen how many people sign up under that system compared to now. So if you value forum growth as TRR does, that might not be such a good idea.

I don't think anyone has yet said they think CP being plastered on the walls here would be a good thing, and I doubt anyone ever will.

Despite my registration date, I suggested all of that even though I'll probably be caught in the low post count filters.

My two preferred ones are the two registration related mods, the one where you need to respond to the confirmation email before it ever reaches the admin for approval (tosses all the invalid email addresses right there) and the two sentence why you want an account. If the two sentence why scares people off this forum, I almost wonder why they would bother registering. If faced with the justification prompt, my response would be to comment on the occasional fan fic entry that I enjoy.

As for the restrictions, all those mods are for the previous version of the BB, so I don't know if they can be ported, but they might be a good starting point for one of the CS savy folks here to adapt.

the key is to find the right balance between what not enough and what's overreacting

as long as we keep the limits low enough, it won't scare people away (especially if we notify them that until they've proven they've read the rules they have limited access), but it will cripped the trolls and perhaps even reduce their numbers (100% troll free is like, 100% efficient it exist in theory only).

surely people who could be productive members won't scared away by lack of what's essentially cosmetic funtions (like BBCode), like I said the key is to find the balance that will allow productive new members coming (which we want), but keep trolls out (or at least make it easier to remove them)

Lord Revan wrote:the key is to find the right balance between what not enough and what's overreacting

as long as we keep the limits low enough, it won't scare people away (especially if we notify them that until they've proven they've read the rules they have limited access), but it will cripped the trolls and perhaps even reduce their numbers (100% troll free is like, 100% efficient it exist in theory only).

surely people who could be productive members won't scared away by lack of what's essentially cosmetic funtions (like BBCode), like I said the key is to find the balance that will allow productive new members coming (which we want), but keep trolls out (or at least make it easier to remove them)

Obviously we want some security, given that these people are explicitly targeting us and might do so again. However, I would point out that of the half-dozen or so other forums I'm a member of, none of them, at least so far as I can recall, have any security precautions of these sorts whatsoever. Unless my experiences have been rather unusual or my memory is inaccurate, we're already one of the more cautious and secured boards out their when it comes to new membership applications. Also, I do not feel it is appropriate to punish all prospective new members because of the actions of a few.

Though I appreciate the need for security, I'm concerned that if the cut-off is too high, potentially valuable posters who aren't on line very often or are only interested in posting in certain forums may simply give up out of boredom and stop posting. Secondly, it may encourage a tendency towards spammy (not nessissarily trollish) posts from members who want to raise their post counts. Of course counterballancing this is that it might help discourage the stupid, lazy, or trollish, and improve the overall quality of the board. It would also mean that anyone who made it through will probably be someone who really likes the board, is familiar with it, and wants to be here, since they'll have had to work for it. The trick may be in getting the post count cut-off set at a suitable number; not too high, but not too low.

I'm sorry if I come off as overly critical or one-sided, but I seem to be in the minority, so I'm just compensating by pointing out the other side of things I guess.

The hell is wrong with TRR's quote tags? They look correct. Why aren't they working?

havokeff wrote:The hell is wrong with TRR's quote tags? They look correct. Why aren't they working?

At a guess, I'd say I caused it somehow when I was altering my board preference to keep images off. That's when it started, anyhow. I didn't know they were showing up that way to everyone else, though, and now I don't know how to fix it.

*quick detective work*
I would guess, you have your BBC code turned off in you board posting preferences. (Edit posting defaults)

hence you keep the cut-off and limits low enough that you can use the board reasonbly well, if in somewhat limited fasion and if we tell about it honestly (that's why I said I think 100 or more should be an absolut max for the limit) it's not gonna bother those who want to stay.

the thing is we simply can't ignore this (as a board either).

intelligent and mature people will understand if we have certain (but not overly harsh) limit on new members (there's some unwritten ones already even if we don't want to admit they exist)

lets say you disable pictures and linking (maybe keeping pic linking for AMP), until you've proven yourself (aka gotten x posts or proven yourself to the staff(I'd keep that option just to keep productive but low-key member here)

the discussion here isn't "how to punish potential new members" but "how to prevent trolls while keeping productive new members"

and TRR you probably disabled BBCode and that's why the quote tags aren't working.

TRR, I think you disabled BB code in all your posts, because it isn't just the quote tags. there is an option, when you post normally (rather than quick post) that turns code on and off.

Anyway, while I appreciate what you are saying about this board being tighter security then other boards, consider also the general quality of posts here as opposed to many other boards. Clearly we are doing something right. And the actions of the few it may be, but the repercussions of the few are potentially overwhelming in this case. And this is not the first invasion this board has survived, either, so its not a passing or temporary concern. Sure, it has been a while since the last attempted invasion, but its obvious that there are still moronic fucks who want to try it. With most of these provisions in place, they would be stopped in their tracks. And that isn't taking into account ordinary (i.e. independent) trolls and spammers.

Edit: late night mistakes.

Lord Revan wrote:hence you keep the cut-off and limits low enough that you can use the board reasonbly well, if in somewhat limited fasion and if we tell about it honestly (that's why I said I think 100 or more should be an absolut max for the limit) it's not gonna bother those who want to stay.

As long as its low enough to be practical, but high enough to be effective, I suppose it could be ok.

the thing is we simply can't ignore this (as a board either).

intelligent and mature people will understand if we have certain (but not overly harsh) limit on new members (there's some unwritten ones already even if we don't want to admit they exist)

Like what? :)

lets say you disable pictures and linking (maybe keeping pic linking for AMP), until you've proven yourself (aka gotten x posts or proven yourself to the staff(I'd keep that option just to keep productive but low-key member here)

I think I was thinking more along the lines of certain forums being off-limits to the noobs. I don't see any problem with limiting link posting. I certainly wouldn't miss it, since I hardly ever use linking.

However, if you want it to work I'd advise that it be instituted in AMP as well. Otherwise the trolls will just go their, right?

the discussion here isn't "how to punish potential new members" but "how to prevent trolls while keeping productive new members"

I understand that. I'm just trying to point out potential flaws with the various suggestions that have been proposed.

and TRR you probably disabled BBCode and that's why the quote tags aren't working.

Is it working now? :?:

Edit: Smilies still won't work, not that I'm particularily choked up about it. And I think I know what I did now in any case.

My two preferred ones are the two registration related mods, the one where you need to respond to the confirmation email before it ever reaches the admin for approval (tosses all the invalid email addresses right there) and the two sentence why you want an account.

I'd like to second this system, and volunteer to help with with the approval process. These changes can be easily implemented to reduce the flaws of a tried-and-true system, one that has always worked far more efficiently than any gimmicky test question or probation period could hope to do.

I'd volunteer for this as well. My job and free time activities usually aren't so pressing that I'm offline for more than a day, and beyond that, they usually keep me at a computer anyway.