Bugs and things to fix

[wavewright62]

Dilandu reports that he's suddenly banned from the forum, I'm guessing it's the antispam things that are a bit too effective again. Can anyone help him?

Poor Dilandu, I can see him attempting to log in from all sorts of devices.  This is among the hundreds of continuing attempts by the Russian spambots to enter. (This is not hyperbole.  There were well over 800 hits since the evening of 10 Dec, at which point I stopped scrolling back.)  I identified several basic IP addresses, but they must switch them around, because a different crop have started attempts this week.

[JoB]

[Oh, look. It's the guy who keeps parading bad news around again. ]

Over in the comments (on page 42), Kis asked whether someone could unban him (again).

[wavewright62]

I'm seeing what I can do for him.

[viola]

I removed one of the IP addresses that is similar to Kis's. Their email, hostname, and user names are not listed on the ban list, so I'm pretty certain it's not one of those.

[hushpiper]

Quick heads-up: I've removed the BotScout mod from our forum, as it was doing its job of keeping spam registrations away too well--by shutting down registrations entirely. I'm looking at options to potentially keep it around, but for the moment, just keep a close eye out for spammers. 

[Ragnarok]

Quick heads-up: I've removed the BotScout mod from our forum, as it was doing its job of keeping spam registrations away too well--by shutting down registrations entirely. I'm looking at options to potentially keep it around, but for the moment, just keep a close eye out for spammers. 

Found one!

Seriously though, good luck.

[wavewright62]

I've put in bans on entire swathes of Ukrainian IP addresses, which has been working to repel dozens of hits daily, 10K+ over the past year.  This newest spammer had at least one of their IP addresses in the Ukraine (the other was for an individual from Vietnam), and an email address from Palau.
I try to scope new registrations for dodgy entities, ones where the IP addresses and hosts don't match each other, as well as email addresses from known spam sites.  I especially look for the new class where they put up a website that mashes together completely random phrases from medical journal websites, as a vehicle for generating spam email entities.  The Palau address was one of those.
I don't get to check every day, so I'm sorry I missed that one.
Thanks hushpiper for your help!

[hushpiper]

Well you know, there's more than one way to skin the spam cat--how about we try introducing some more friction into the signup process? I've turned on the option to require email verification for new signups. That should stop a huge portion of them, especially the ones whose email addresses don't exist in the first place.

It also probably wouldn't be hard to just block Ukraine's IP space wholesale, but that would cause issues for any Ukrainian members or prospective members, so I don't know how good an idea it is.

ETA: Email verification has downsides as well--like the possibility that the verification message might go to spam, although that doesn't seem to be an issue in gmail so far--but it's a common mitigation. Having people contact us by other means if they run into issues seems to be a decent workaround so far?

[wavewright62]

The gobbledy-gook websites do exist, I suspect mostly as a domain for hosting bot email addresses.  The addresses would be legitimate, since they belong to a registered domain. Setting up a website often allows X number of free email addresses as part of the deal. 
I see one user awaiting email verification now, and I am curious to see the outcome.
The ban on Ukrainian IP is not universal - it is total for one particular mobile bandwidth provider, true, and partial for another provider.  So far, I have not heard of any bounced users being from the Ukraine, though, even from among our Russian Forumites.
The newest ban on a gobbledy-gook website has possibly yielded three thwarts within 24 hours, from what I can tell.  All of those were trying, as their first touch on the website, to access a thread left by the bot that got through, that has since been banned.  Apparently the bot registered another user *while I was instituting the ban* and it never got to post, poor baby.

[Unlos]

Do we have a possibility to set up control questions in the signup process? Super easy ones, but where you need to click the correct answer?

[viola]

The lovely Wyrd (Hush's other half) has joined the admin team and is working behind the scenes to outfit the forum with protection from spam bots. It will take a bit of time but we should have better security without making things difficult for users.

[WyrdGrin]

Do we have a possibility to set up control questions in the signup process? Super easy ones, but where you need to click the correct answer?

The lovely Wyrd (Hush's other half) has joined the admin team and is working behind the scenes to outfit the forum with protection from spam bots. It will take a bit of time but we should have better security without making things difficult for users.

Right now it's gathering site statistics and reviewing what the forum software is capable of and to make sure it can keep doing what it's doing.

For logging in for the future the initial goal that would affect users would be:

Email only login: using just your private email that you signed up with instead of your public facing user. Less softhacking attempts or spoofiing.

Captcha validation: There's a few heuristics with this but the idea is to use what's on the shelf for the software so it's futureproof.

Everything else should be in the background handling most of the heavy lifting.

With that being said due to holidays, time, pumpkin bread, and just life in general I'll work on this when I can.

Happy holidays!

[wavewright62]

I am seeing stats for unusually high traffic:
Example:
37 Guests, 4 Users (0 Buddies)

Users active in past 15 minutes:
wavewright62, (3 others whose names are redacted)

Most Online Today: 848. Most Online Ever: 848 (Today at 15:30:09)

Now, I would love to think these new usage records that have been reset repeatedly since early December are due to resurgent interest in the Forum and SSSS in general, but the disjoint between the record online figures and the number of registrations/posts leads me to believe that there is something else going on.  I should note that I have not seen any hits from banned IPs in a time range any of the times I checked.
Can someone with more visibility into the traffic patterns please take a quick look to see what might be going on? 

[viola]

I wouldn't be too worried about it. It could be spiders (search bots), which show up when there are links to or from the forum with search sites. They're pretty harmless. I'll keep an eye on it though.

[wavewright62]

Thankeeee