Armadillo Run forum

After some rather extreme steps taken in the database.

More testing...

So, can anyone other than me reply to this now?

If this works, the answer is YES.

Hi Peter, thanks for responding so quickly to our distress.

EDIT: yes, it worked like a charm. Screen refreshed like usual too.

Awesome. This was a strange issue, but at least I was able to fix it.

PMs seems to be working again too. I've just sent a challenge solution to Rob for the latest competition.

Thanks for the incredible instant help, and for dropping your Saturday afternoon to fix it. Whatever "it" was.


There were so many things that could have happened, it's hard to know where to start.

The mildest is that something restored from Peter Stock's backup on Thursday was "not right" or clashed with some of the security changes we had been playing with to control the spam problem.

The worst is that one of the spammers I had recently blocked (by changing their password to tie up the email account too) deliberately hacked and damaged the site in vengeance. I mention it in case your other metaclassofnil sites are vulnerable too.

Heh, I just let mySQL optimize the "posts" table after deleting all the spam, and it went from 4 GB to 13 MB

I've now also updated the board from 3.0.5 to 3.0.11.

PeterT wrote:Heh, I just let mySQL optimize the "posts" table after deleting all the spam, and it went from 4 GB to 13 MB

I was going to suggest you do that -- it might pay to do the same to the users table... and also purge the sessions table.

Andrew wrote:I was going to suggest you do that -- it might pay to do the same to the users table... and also purge the sessions table.

Yeah, I had already done that before updating, to reduce the size of the backup I made before that.

I've now re-enabled new user registration, using reCaptcha. Let's see how well that works out.

Talking to myself for further testing

Everything seems to be more or less in order. "Select all" on the moderation panel still isn't working, but if reCaptcha works out for minimizing the amount of spambot registrations that shouldn't be too bad a limitation.

So we already have the first spammer registered. I'll take down registration again for now.

PeterT wrote:Heh, I just let mySQL optimize the "posts" table after deleting all the spam, and it went from 4 GB to 13 MB

Wow, that's more like it! Plus the 64Mb or so of file attachments from the various challenge solutions, should be an easy backup now.


Just 14 minutes for the first spammer. Oh dear.


For the spambot registrations, I have a few suggestions:

1) Email requests instead of signup
- keep the forum at "none allowed"
- have a major post inviting people wanting to join to send an email to a communal account. But written in non-copiable form.
Something like "armadillorunforummembership at gmail dot com". And we can ask for something specific in the title too, if that helps with filtering. You guys probably know what works to foil spammers better than me.....

Also, the thread could be updated every time the email account is "cleaned", so if someone is trying to join and they get missed, they can see they need to try again, and shout louder.
If a genuine user is detected, the "admin" can switch it on for a few minutes to create the new account, and then shut it off again.

Someone would still need to check the email account (I can do that, but it can be "communal" too, since it's sole purpose is forum registrations), but I think it'll be much easier than trying to keep the flood of spam accounts at bay. I think it was that flood that prompted Peter Stock to switch to the self-authorisation and queued post approval about a year ago. If the flow increases too much, we register a new email account and abandon the old to google..... (changing the forum thread to reflect the new email address).
That's the best benefit - it shifts the flood of new information to another server, as well as limiting that flood in the first place.


2) Revert to Admin account approval before posting is allowed.
We could probably cope with sifting through 10 or so new accounts daily (maybe up to 50 per day short term), if the forum registrations setting is reverted back to the admin approval requirement of old. But a couple of days ago, one spammer registered 25 accounts all at once, so if we leave a crack open, it'll be forced wider.
I'm happy to give this a go, watching and seeing if it is manageable, if this is the preferred option.
Although, 14 minutes for the first hit...... I'm worried....


3) Permissions of user groups - allow new users to PM, but not post.
New users are rare, but not extinct. As SketchyGalore and Reuben have proven over the past month. Their ability to PM proved invaluable to their approval.

The further possibility is to add a new user group, with permissions to PM only, and not submit posts. Any new account registrations go in there. Peter Stock said he wasn't flooded with PMs even though his forum thread to new users said to do so.
Or, that if new users by default go to the "registered users" group, then the existing members get shifted to an "approved user" group with posting permissions, and the registered users group is denied.


4) move home, or software
Or, we shift to Andrew's server, as he says he has no trouble at all with spam registrations.....
Does smf have better anti-spam properties? I have no idea about this one.....


It's lovely to have the problem of having to choose.

But I'm not the expert here, so whatever PeterT, Andrew, and probably PeterS think would work best, I'll go with.
I have the time to admin for the foreseeable future (ie volunteering for all of the above). So don't worry about it being neglected. I'll shout if / when that time comes.

As a first step, I'm evaluating the effectiveness of a few phpBB mods. I think we should only fall back to a manual solution if all automatic methods fail.