A ton of Armed Intelligentisians have already found the new Free Fire Zone, TTAG’s forum where you can talk about whatever you want with like-minded (or not) individuals. And you may have noticed that we’ve had a bit of a spam problem recently. For the moment we have it licked, but as a result one of the administrators will need to manually enable your account before you can post. At most, we’re talking a 12 hour delay. I’m looking into a better long term solution that will remove this headache, but unlike Hornady’s top secret prototype (pictured above) we don’t have a spam-seeking bullet we can unleash. Yet. To all those who have already created an account and posted, thanks. And to everyone else, what are you waiting for?
I find it ironic that Nick Leghorn works in data security at RackSpace, but you guys are incapable of setting up a spam blacklist.
We use a load balanced setup, meaning the source IP of all the traffic is the load balancer. Things get complicated when you go big.
I don’t know what it takes do sign in – it was so trivial I didn’t even bother to remember it. I didn’t notice if there was an email intercept, or a “captcha” – type puzzle thingy, but that’s what I’d recommend.
In any case, I’d be interested in reading about what you did and so on.
Things get complicated when you go big.
Which means you dont understand what you’re doing, or you’re lazy.
meaning the source IP of all the traffic is the load balancer
What load balancer are you using? F5 doesnt do this. And someone has to know the source IP of the client, otherwise the traffic would never get sent back. Also I know F5 balancers can have their own blacklists.
I still think the suggestion to change the “FFZ” on the top bar to “Forum” or “Free Fire Zone (Forum)” is a good one, so that more people find it. You may want to hold off on that until you get the authentication issue worked out, though.
Are you using the latest version of phpBB? I know when I was running a phpBB based forum a couple years ago, the fact that the CAPTCHA on that earlier version was known to be hacked was a “known issue.” Upgrading to the latest version (at that time) allowed use of things like reCAPTCHA (that’s the one with the two words instead of the letter salad of the current CAPTCHA) and the “human check” questions, where you could input a specific question that required an answer (e.g. “What does TTAG stand for?” A human can type out the answer, but a bot won’t.)
Matt, please stop pretending like you know about data security, services similar to Mechanical Turk will bypass both.
FWIW, I *do* know about data security (and have worn the “Chief Security Officer” title in the past) and in my professional opinion Matt makes a perfectly good point.
Security is not an event, it’s a process. Focusing on only one threat vector (e.g. the Mechanical Turk method you cite) does little or nothing to address the overall problem. If anything, that’s a net negative because someone following your advice might believe that if their solution addresses the Mechanical Turk attack vector, then they’re secure. Yeah… no.
OOOH! CHICKEN FIGHT, EVERYONE!!!
Mike C, it appears you are suffering from “small weiner” syndrome.
when i think of spam i think of the monty pyton skit….spam,spam,spam,spam…..spamity spam, LOL
Fried spam sandwich with mustard and cheese, to go, please.
That is, in fact, the origin of the term. I’ve been doing Internet stuff so long that I know (but was not part of) the group of people who jokingly coined the term spam and were amused to see it become part of popular culture.
My Dad was raised in Austin, MN, where the Hormel “packin’ plant” is, so we had a lot of spam when I was a kid. I love it! Spam sandwiches, Spam and eggs for breakfast, roast spam, spam chunks in scrambled eggs, the list goes on and on…
Decent Apocalypse grub; nothing more, but a LOT less. Next you’re gonna spout POTTED MEAT haut cuisine?
EYEBALLS! PECKERS!!! Slingblade NAILED it!
Raven cuisine. Trust the Raven if you wanna eat low on the hog!
Changing platforms is a good first step in solving this problem. I never liked phpbb from an administrative standpoint.
So if we’ve already created a forum ID we’re good, or do we need to do it again and go through the admin approval thing?
The picto-graph thingee I recommended continues to perform very well.
A couple of sites I frequent (VBB) have a thing that kicks any registration that takes under 7 seconds to complete. Has been working very well…
That’s… I gotta check that out..
Go with PHP BB
Comments are closed.