[DONE] Maintenance tonight

New build announcements plus site news and changes.

Moderators: dorpond, trevor, Azhrei, Craig

Xennon
Kobold
Posts: 17
Joined: Tue Aug 05, 2008 6:14 am

Re: Maintenance tonight

Post by Xennon »

PHPBB is a pretty easy one for spambots I think.

I host a PHPBB that someone else runs (so I never actually go to it). It has security, activation, capacha etc on it, but I got an email from my host warning me that there were too many outgoing emails from my account and that I was being investigated as being a spam service.

I dug around and found out that this forum was the result of the emails. I did some data mining like you, out of 190,000 (yes, 190 THOUSAND) users, approx 250 were valid.

I had to disable registration by literally ripping the code out of the PHP :-/

User avatar
jfrazierjr
Deity
Posts: 5176
Joined: Tue Sep 11, 2007 7:31 pm

Re: Maintenance tonight

Post by jfrazierjr »

Heh... I wish activation email links had a series of "pages" with questions(similar to a survey) to help weed out the spammers. ESPECIALLY if it were randomized(so it could not be robo-formed) questions from a large pool of questions tied to the session(requires cookies enabled). So for example, 5 questions(out of say 200 possible questions for example), one per page with a combination of radio button, dropdown, and textbox based answers. For example, a TEXT question might say something like this:
Paris is the Capitol of which of the following countries: United States, China, France, or United Kingdom

So you have to type in "France".

Another might be a radio button like:
5 litters = how many gallons:
  • approximately 1.32
  • approximately 75.1
  • approximately .156
with of course 1.32 being the one that makes the most sense(thanks google search for your auto conversion calculations!). You could even mix it up some to "require" people to search for things that might not be immediately relevant to many people. For example:
A "Stone" is a unit of measuring weight which was used primarily in Great Britain which has mostly been abandoned in favor of using metric units with the exception of measuring the human body weight. If a man weighs 15 Stone, how much do they weigh:
  • approximately 308 pounds/140 kilograms
  • approximately 14 pounds/6 kilograms
  • approximately 210 pounds/95 kilograms
  • approximately 768 pounds/329 kilograms
Basically, they pay people to answer these capacha questions in bulk, so the best way to hurt them is to make them spend more time. For an average person, an extra 5-10 minutes filling out a form for a survey activation is not going to really make that much of a difference.... but if someone is doing that 100 times a day, it will make a huge dent in their productivity.
I save all my Campaign Files to DropBox. Not only can I access a campaign file from pretty much any OS that will run Maptool(Win,OSX, linux), but each file is versioned, so if something goes crazy wild, I can always roll back to a previous version of the same file.

Get your Dropbox 2GB via my referral link, and as a bonus, I get an extra 250 MB of space. Even if you don't don't use my link, I still enthusiastically recommend Dropbox..


User avatar
jfrazierjr
Deity
Posts: 5176
Joined: Tue Sep 11, 2007 7:31 pm

Re: Maintenance tonight

Post by jfrazierjr »

wolph42 wrote:they *hire* people to do that?!?!

this spamming gets weirder and weirder...
well.. if you call a pittance of money "hire", then yea.. the pay a tiny, tiny, tiny amount of money. Most of these are in Africa or Eastern Asia where any money, even if it's only enough for a single meal is better than going hungry.

I use the term "hire" VERY loosely here...
I save all my Campaign Files to DropBox. Not only can I access a campaign file from pretty much any OS that will run Maptool(Win,OSX, linux), but each file is versioned, so if something goes crazy wild, I can always roll back to a previous version of the same file.

Get your Dropbox 2GB via my referral link, and as a bonus, I get an extra 250 MB of space. Even if you don't don't use my link, I still enthusiastically recommend Dropbox..

User avatar
Bone White
Great Wyrm
Posts: 1124
Joined: Tue Aug 23, 2011 11:41 am
Location: Cornwall, UK

Re: Maintenance tonight

Post by Bone White »

So looking at it from the flip-side, your counter-measures will make their job not profitable for the employer, and that person may starve as a result, so your counter-measures may be contributing to starvation?

Just an observation.

User avatar
Azhrei
Site Admin
Posts: 12086
Joined: Mon Jun 12, 2006 1:20 pm
Location: Tampa, FL

Re: Maintenance tonight

Post by Azhrei »

Well, I don't know if people are "hired" per se, but I've seen reports that porn sites that require authentication will put up CAPTCHAs and people will answer them in order to get access to the porn site. :?

User avatar
Merkuri
Giant
Posts: 194
Joined: Sat Feb 28, 2009 3:20 pm
Location: Massachusetts, USA

Re: Maintenance tonight

Post by Merkuri »

Azhrei wrote:Well, I don't know if people are "hired" per se, but I've seen reports that porn sites that require authentication will put up CAPTCHAs and people will answer them in order to get access to the porn site. :?
Yeah, sometimes they're not being paid to do it. Sometimes they don't realize they're doing it. The spammers set up some real but shady site that people want access to (like porn), and the security measures they put up are actually pulled from some poor unwitting legitimate site (like this forum). Once the real person enters in the right answers to get their porn those answers are submitted to the legitimate site by a spambot, which now has access to said legitimate site.

This is why we can't have nice things. :?
Adventure is not outside; it is within.
--Found in a fortune cookie on game night

MapTool Framework for Sufficiently Advanced

User avatar
Azhrei
Site Admin
Posts: 12086
Joined: Mon Jun 12, 2006 1:20 pm
Location: Tampa, FL

Re: Maintenance tonight

Post by Azhrei »

We haven't had any complaints about things so I'm going to figure the maintenance didn't disrupt anyone's use of the site.

I did notice that only the prosilver and subsilver themes were updated so my next step is to determine what the changes in those files actually were and apply them to other themes that people are actually using. If those changes are relevant. There are currently 29 different themes being used but I'm going to do the user purge prior to updating the themes -- many of them may have been selected by spambot accounts and can be ignored. I have some reading to do before I can do the purge, so it'll likely be a day or two before that happens. I'll announce how I plan to do the purge so any interested parties can point out how badly I'm going to screw things up before I actually screw them up. ;)

User avatar
Jagged
Great Wyrm
Posts: 1306
Joined: Mon Sep 15, 2008 9:27 am
Location: Bristol, UK

Re: Maintenance tonight

Post by Jagged »

Merkuri wrote:This is why we can't have nice things. :?
Maybe the answer is RP specific questions?

Which of these is not a RPG?
  • Dungeons&Dragons
  • Swords&Sorcery
  • Fortnum&Masons
What am I saying, people going to pr0n sites will be able to answer that :/
Last edited by Jagged on Fri Aug 17, 2012 4:35 am, edited 1 time in total.

User avatar
Azhrei
Site Admin
Posts: 12086
Joined: Mon Jun 12, 2006 1:20 pm
Location: Tampa, FL

Re: Maintenance tonight

Post by Azhrei »

Heh, good point. But then people just learning about RPGs may not be able to answer it either. :?

User avatar
aliasmask
RPTools Team
Posts: 9024
Joined: Tue Nov 10, 2009 6:11 pm
Location: Bay Area

Re: Maintenance tonight

Post by aliasmask »

I look at it like this. There is no convenient way to safeguard almost anything. We lock our doors knowing people can break in. These steps are just deterrents against opportunists, not the dedicated criminal. That's why all these security systems have cops to monitor them. Trained or otherwise, they can tell most of the time when a system has been compromised and take action. What the computer environment lacks is a system of consequences and given that, we have to rely more on the security precautions to bar intrusion.

Getting a real person to enter captcha is a smart idea, since all we're testing for is if it is a real person. Since all our physical actions are translated in to the digital (moving a mouse, typing on keyboard) we have to come up with a system that can test the person. The problem with that is people are imperfect and don't have the same information or reasoning skills (I find the captcha difficult to get right on the first try).

In the real world, we don't report the news (unless you're Fox) without verification of multiple sources or a direct recounting. It would be cool if we could get internet ids, like a credit card, to visit secure sites. Yes, credit card fraud is rampant but there is a third party that double checks the data to find fraud. So, if at any point fraud is discovered all associations can be notified at once, because their history is tracked by use of the id and pin. This could add a level of anonymity and consequence. Sites like this would only need to know is, this person is not a spammer.

There's a good video on TED called David Birch: Identity without a name that goes in to detail on a system like this.

User avatar
jfrazierjr
Deity
Posts: 5176
Joined: Tue Sep 11, 2007 7:31 pm

Re: Maintenance tonight

Post by jfrazierjr »

Not to get too off topic here but:
aliasmask wrote: In the real world, we don't report the news (unless you're Fox) without verification of multiple sources or a direct recounting.
You mean like Dan Rather's news report concerning President Bush's national guard service?


---------------------------

Or NBC's edit (which was then carried by NBC, MSMBC.com(transcript) of the George Zimmerman 911 call as the story ran:
“This guy looks like he’s up to no good… he looks black.”


However, the conversation actually when this way:
ZIMMERMAN: This guy looks like he's up to no good… or he's on drugs or something. It's raining and he's just walking around, looking about.

DISPATCHER: Okay, is this guy, is he white, black, or Hispanic?

ZIMMERMAN: He looks black.
--------------------------

Or various new outlets who show a picture of George Zimmerman with no "visible injuries" regardless of the documented paramedic reports to the contrary as well as obscured video(you know.. those pixelated blocks) which show an obvious scar?

--------------------------

Or again, same case where a ton of media outlets show a picture of Trayvon Martin as a child instead of a recent picture?



Now... don't get me wrong, I know there are unreported facts(ie, not running a story that makes "your" side look wrong or not in the best possible light), half truths and factual inaccuracies reported by media on both sides of the political spectrum, so please don't bash one network in exclusion of the others since they ALL do it.
I save all my Campaign Files to DropBox. Not only can I access a campaign file from pretty much any OS that will run Maptool(Win,OSX, linux), but each file is versioned, so if something goes crazy wild, I can always roll back to a previous version of the same file.

Get your Dropbox 2GB via my referral link, and as a bonus, I get an extra 250 MB of space. Even if you don't don't use my link, I still enthusiastically recommend Dropbox..

User avatar
aliasmask
RPTools Team
Posts: 9024
Joined: Tue Nov 10, 2009 6:11 pm
Location: Bay Area

Re: Maintenance tonight

Post by aliasmask »

Wow, that really is off my point. I was just making a political quip. But to respond, I would say those would be the exceptions rather than the norm. I feel fully justified pointing the finger at Fox News.

http://www.dailykos.com/story/2007/07/3 ... s-in-court

User avatar
wolph42
Winter Wolph
Posts: 9999
Joined: Fri Mar 20, 2009 5:40 am
Location: Netherlands
Contact:

Re: Maintenance tonight

Post by wolph42 »

aliasmask wrote:Wow, that really is off my point. I was just making a political quip. But to respond, I would say those would be the exceptions rather than the norm. I feel fully justified pointing the finger at Fox News.

http://www.dailykos.com/story/2007/07/3 ... s-in-court
That's disturbing!

User avatar
RPTroll
TheBard
Posts: 3159
Joined: Tue Mar 21, 2006 7:26 pm
Location: Austin, Tx
Contact:

Re: Maintenance tonight

Post by RPTroll »

Does anyone else see the circular logic loop forming?
ImageImage ImageImageImageImage
Support RPTools by shopping
Image
Image

Locked

Return to “Announcements”