Armadillo Run forum

The most effective anti spam solution is asking a question or two on signup -- one that'd be obvious to any human on the forum, but not obvious to a spamming computer.
smf has built in support for this, but I'm sure you can get a mod for phpbb to do the same... also systems that work automatically with an IP blacklist are helpful as a backup.

Sounds good. I've encountered a few of these, and thought they'd be much easier for spammers to get past than the old captcha. But the proof is in the pudding....
Do we get to choose the question and possible answers, so we can make it AR specific?

The "put the objects the right way up" via sliders, and the "put the object in the right place" seemed much more human-logic intense as anti-spam options. But I guess these are not freebies?


Seeing two new spammers joining within 3 minutes of each other, I'm wondering if there is a "preferential list" passed around amongst spammers, of sites that are ripe for signups and spam posts? And if AR is on that list...... Like a reverse of the IP blacklist run by spamhaus.
Because the frequency and regularity makes it seems like a popular target now, and not just random accidental finds by random spammers.

If so, then we might need tougher action than usual to keep them at bay.


Then again, Andrews neat sql code will make the job of dealing with the spam fairly trivial, even if we return to the bad old days of user-approval.

I've now configured a few basic questions/answers as an anti-spam measure. Let's see how that holds up.

Another forum I browse (using smf) has a little reference to this software on it:

http://bad-behavior.ioerror.us/about/

So, they are using it, and it says it blocks about 8000 bad access attempts per week. The forum has about 1200 members, and 100,000 legitimate posts. Plus a lot of big pictures, so there's much more data than AR.

I don't think it helps the spam user registration, but keeps away spam postings, if I understand it right.
And it has a phpBB 3 (legacy) port available. And it's free-ish (donationware).



EDIT: ps, just tested the registration question.
It seems almost too simple, with the answer in the heading of the registration page. But if it stops the spambots, marvellous!
I registered "testuser2" but haven't activated it.

So far, the question/answer thing seems to work. 2 hours and no registrations.

PeterT wrote:So far, the question/answer thing seems to work. 2 hours and no registrations.

Apart from "testuser2" that arrived as you were typing.....
(Proves humans can pass the test, too)

bythelee wrote:EDIT: ps, just tested the registration question.
It seems almost too simple, with the answer in the heading of the registration page. But if it stops the spambots, marvellous!
I registered "testuser2" but haven't activated it.

Yeah, all the possible questions are really obvious for a human, but the hope is that this small forum doesn't warrant human attention.

If these questions fail we could go for something that would be a bit harder for humans and almost certainly defeat all spam attempts, like "How much does the shortest possible piece of rope cost to build in Armadillo Run?".

There's three new users appeared over a fifteen minute segment. But I can't tell if they've just arrived, or been there some time.


For my testuser2, I got the "What animal" question, which seemed very easy.

The "What game is discussed" question also looks too easy.

But the "name a material" question is much more on the money for difficulty. I was going to propose it, but you've already got it.

Perhaps "Where is the dillo trying to get to" could be another. (I can think of two answers - one per level, and another from the opening cutscene when you start the game).
The "Cheapest length of rope" suggestion mentioned earlier actually made me stop and think! (My instant answer was wrong. ) It might actually be too hard for novice users. Because it was only after starting competition that I realised there was a minimum length of more than one segment.

But, the numbers are not high (yet) so I'm happy to let things run for a few days / week and see how it goes.

I see the new users go into a seperate group. Testuser is still there, even though he has posted once. Should a genuine new user stay there, or get moved to the normal "registered users" section?

If anyone has any other suggestions for questions that are easy to answer for people who actually play the game, even novices, but hard/impossible for a bot or spammer spending a few seconds on it, I'm all ears.

I'll exchange the set of questions once we have 3 or so (I'll keep the materials question).

Not sure if you liked the "Where is the dillo trying to get to?" as a second question. (I'm trying to avoid giving the answers here in this thread)

The price question would work if it was less tricky.
So, "What is the price of a bar?" or "Price of a plate?" could work as two questions. Rubber could be a third, but it's used so little, I'd have to look it up in the game to be sure.

What materials can have tension or compression applied? - not as tricky as it looks - but only a player would know that! And it could be split into two questions (one tension, the other compression)

All materials (including rockets) can have both tension and compression so that's probably not a good one...

Maybe how many tutorial levels come with the game?

bythelee wrote:3) Permissions of user groups - allow new users to PM, but not post.
New users are rare, but not extinct. As SketchyGalore and Reuben have proven over the past month. Their ability to PM proved invaluable to their approval.

The further possibility is to add a new user group, with permissions to PM only, and not submit posts. Any new account registrations go in there. Peter Stock said he wasn't flooded with PMs even though his forum thread to new users said to do so.
Or, that if new users by default go to the "registered users" group, then the existing members get shifted to an "approved user" group with posting permissions, and the registered users group is denied.

Hi,

Here is my experience as a recent new user in case that helps what you decide to do.

When I was looking around at this site and considering whether I should register I saw that some conversations were very old, so I didn't bother to read those initially. That is how I missed seeing the forum thread to new users that asks new users to PM to Peter Stock. I went straight to the items that had new dates and jumped in there. When my post didn't work, then I just sent a PM to "bythelee" since I saw that that user was active and would probably be able to reply.

So - in summary - if you could place a "new user info" topic somewhere prominent, and then keep it fresh so that potential new users know that it still applies, that would help us find the way in - whatever way that ends up being.

-Reuben

PeterT has deleted a few users, and banned a few IPs from connecting.
It's a little hard to tell, but I think we're sitting at less than ten users getting in since Saturday.

I had planned to "Renew / Update" Peter Stock's New User message, along with dates whenever the new user list is "cleaned". So that if we do delete a genuine new user by mistake, they will know to try again.

We can "sticky" the thread about new users, and post it in the AR2 A league as well. "Sticky" means it remains at the top of the list (like the Admin clean up and Moderator clean up do at present), so I would hope that a large catchy title fairly close to the most recent challenge would catch attention, even if it is a little old.

I still need to check whether a new user can send PM's even if they can't post. (Going to use "testuser2" for that) Because PM is the only proven way that new users can catch the attention of the regulars. Thanks for the comments Reuben - it confirms what we need to do.

So, I'm a new test user and in theory this post will not be allowed until admin approval.

OK, so I used my testuser2, and discovered I couldn't send a PM.
I could post, but it went into the moderator queue like before. So far, this is the only queued post since the new system went live last Saturday.

It turns out that new user registrations go into a different group, with quite severe permissions restrictions.

I believe I have correctly edited the Permissions / User Roles / Newly Registered User Features role to add the ability to send and receive single PMs. (This is me changing what PeterT has configured)
Testuser2 was able to send a PM after the change.

If someone else would be kind enough to test out the user registration process, and send a PM to me to confirm all is working well, that would be swell!
You can try posting to a thread, too....