176 members and 529 guests right now

[Corran]

+1 to everything fishbulb and analoguey mentioned.

This is a font of information for those interested in LF - be them new or old members. In reality, the vast majority of folks do not write anything or even sign up.

I've never gotten a single bit of spam from my usage of this forum, either via email or via my blog. I have my cell phone number and email on my personal website and it causes no issues.

[StoneNYC]

The challenge with closing off the forums from view by unregistered visitors (i.e. guests) is that if the forum becomes no longer public, very few people will discover it. Discovery of this forum is usually done by searches for LF information. If it's not public, it's not searchable, and over the long term, there will be far fewer new members joining than there are leaving (losing interest in LF, or aging into senility and having their computers taken away, or whatever). Over time, the forum activity will slow to a crawl, and other LF communities will start up elsewhere, because people will think that no community exists online, since it isn't searchable.



The sad situation of today's internet is that anything a person does on a computer is being broadcast to the entire world. At a minimum, it's being watched by a dozen national security organizations, much less all the hackers, spammers, bots, etc. Closing the forum off to registered users only just means that a bot needs to register to harvest that information - not a difficult task. In fact there are likely dozens of bots already registered and crawling the forums (but not posting, lest they be discovered) if my experience running other Vbulletin-based forums is anything to go by.

This forum doesn't even have an SSL certificate (allowing encrypted https:// connections). Anything we do here - what we read, what we write - can be seen by anyone, and easily, even if it's in a private message. It's like we are all writing postcards to each other and mailing them by making a billion copies and air-dropping them all over every major city in the world. For example, if I'm at work posting on this forum, my employer can read everything I post, and they know which account I am using to post, without even visiting the forum in a web browser.



I agree completely.

I'd also like to see this forum get an SSL certificate so we can have https:// Certificates are about $15-20 per year.

Hmm good points.

With regards to registered bots, one forum when I joined made me do math to join, they asked a question simple like "what is the square root of sixty-four? And you had to answer in text and not numbers "eight".

There were only 3-4 of these type questions and even if you're not good at math you can use a calculator.

This to me seemed like one that made a lot of sense, why this isn't widely implemented already surprises me.

[Jac@stafford.net]

Posts made here show up in Google almost immediately, floated to the top. That is a good thing.

[Winger]

Hmm good points.

With regards to registered bots, one forum when I joined made me do math to join, they asked a question simple like "what is the square root of sixty-four? And you had to answer in text and not numbers "eight".

There were only 3-4 of these type questions and even if you're not good at math you can use a calculator.

This to me seemed like one that made a lot of sense, why this isn't widely implemented already surprises me.

I think that those are an add-on and not free with vBulletin. Which is true with most of the cool stuff.

[fishbulb]

Unfortunately, all forms of "captcha" - solving math problems, reading distorted words, whatever - can be defeated by bots, sometimes with very clever methods.

One way to defeat any machine-unreadable captcha: Funnel the captcha question, as seen by the bot, to another website, where a human answers it, not knowing they are helping a bot.

For example, a pornography site that displays a captcha every few images or videos to supposedly "make sure you're not a bot". A real person, wanting to view the pornography, answers the captcha. The pornography site actually received the captcha question from one of its bots that encountered the captcha when registering for a forum that it wanted to spam. The bot sends the captcha question to the pornography site. The site automatically registers that there is a new captcha to answer in the captcha queue. The site displays the captcha to, say, five different visitors. The visitors answer the captcha. The site picks the mode from the answer pool, and sends it back to the bot. The bot enters the captcha and proceeds, spamming another forum with links to the pornography site, or to download malware that will infect more PCs and allow them to be remotely controlled and used as more bots.

That's not to say they shouldn't be used however. The most effective way to prevent forum spam is to have multiple layers of security. Several different captchas, both for registering, and for the first few posts of a new user. Multiple types of captchas too, often more than one type for things like registering for accounts. Another layer: automated content review - a program scans new content that is about to be posted to see if the structure of the content matches typical spam content. Mollom and Akismet are examples of this. Another layer: checking the email addresses, IP addresses, and user names against a database of those used by spammers, such as stopforumspam.com.

[Jac@stafford.net]

There seems to be a way to defeat all such methods, and some have become Open Source. Instead of becoming cynical I am grateful for our smart admin.

[Sal Santamaura]

Bots aren't the only problem. Spam here has come from places where humans are paid so little they're competitive with bots. There is no solution other than vigilant monitoring by us all, notifying moderators and having them deal with things.

[StoneNYC]

Unfortunately, all forms of "captcha" - solving math problems, reading distorted words, whatever - can be defeated by bots, sometimes with very clever methods.

One way to defeat any machine-unreadable captcha: Funnel the captcha question, as seen by the bot, to another website, where a human answers it, not knowing they are helping a bot.

For example, a pornography site that displays a captcha every few images or videos to supposedly "make sure you're not a bot". A real person, wanting to view the pornography, answers the captcha. The pornography site actually received the captcha question from one of its bots that encountered the captcha when registering for a forum that it wanted to spam. The bot sends the captcha question to the pornography site. The site automatically registers that there is a new captcha to answer in the captcha queue. The site displays the captcha to, say, five different visitors. The visitors answer the captcha. The site picks the mode from the answer pool, and sends it back to the bot. The bot enters the captcha and proceeds, spamming another forum with links to the pornography site, or to download malware that will infect more PCs and allow them to be remotely controlled and used as more bots.

That's not to say they shouldn't be used however. The most effective way to prevent forum spam is to have multiple layers of security. Several different captchas, both for registering, and for the first few posts of a new user. Multiple types of captchas too, often more than one type for things like registering for accounts. Another layer: automated content review - a program scans new content that is about to be posted to see if the structure of the content matches typical spam content. Mollom and Akismet are examples of this. Another layer: checking the email addresses, IP addresses, and user names against a database of those used by spammers, such as stopforumspam.com.

WOW!! That's REALLY clever, never thought of that, it's horrible too, but clever. Sheesh!