Alrighties, I have just gone through ten pages of the 'new arrivals' group. And well, I've deleted over 160 bots I think at this moment. I'm starting to get really annoyed by these bots, and I think at this moment, bots might make up 1/5 or 1/6 of our total member base. And this gives an unfair statistic of how active RPG-D actually is.

And so I'm going to fight these stupid bots by trying to delete them and adding their e-mails to our banfilters. This will stop more bots with the same e-mail registering.

But to fight these bots I also need your help! Not all bots get noticed by us staff, and it's very time intensive to start overlooking the whole member lists for bots.

So how can you help in the fight against the bots?

Well you can report weird looking new registrations. This should be done via pm, to me. You can regonize bots by weird names that really make no sense, a random string of letters and numbers, or weird names together like online, cigarettes or more adult names.

Report these new registered members to me! Do this by sending me a pm with the title 'possible bot', with the member name. When you do this, I do a search in the acp, and like this I can find out if it is a bot or not.

Some bots also come through and actually post. These posts are mostly random topics, in the wrong forum. Mostly I've seen them posting in the rant forum or the affiliation forum. These topics either contain a weird story, or a bunch of links to weird sites. It's always about a specific topic. Some bots are smarter then others and might seem to post in the right forum, like the introduction forum. You can report these topics to me via pm, try not to post about them in the Q&A forum.

I hope you will all be keeping an eye out, and help RPG-D with fighting the bot problem. If you like and you have a major bot problem on your forums too, I'd like to give out RPG-D's e-mail ban-lists.

Thank you very much for your help!

~RPG-D Staff

It's ridiculous that companies resort to this kind of spamming. Or is it viruses? Don't they realize that bots are going to turn more people away than they bring?

What are the purpose of them, anyway?

I got no clue, but I know they are damn annoying. And yeh, I have no clue what the companies think to achieve with these stupid bots registering at topsites, forums etc. etc.

I have recently solved this problem at my own board. Is there not a code you can activate for the registration form? *can't remember if IF has that*

If not, then how about email validation? Can bots get through that?

Sorry for putting in my two cents, I just empathise is all. I got really down about the amount of spam rubbish I had to clean up. :(

We already have email validation. Bots have evolved to work around that (they have email capabilities).

BTW, I want to note that Loth and I only have moderation powers within the Directory boards. I've received a number of pms to delete spam outside the directory. I don't mind so much if you are polite about it, but some of you have not been so. Yes, I am online, but I'm not just "sitting around". There's nothing I can do directly about the spam except try to see if ShinLi or one of the community moderators is online through IM.

I only joined recently, it's weird that I forgot you had email validation. :| :p


I would suggest changing the permissions masks so new members are limited to posting in only a couple of forums, but you need 15 posts to be able to make a submission, this would mean those 15 posts would have to be (for the most part) in the allowed sections and might not meet the submission criteria... so I er won't suggest that then. <_<

:p

Also, I dunno if ShinLi has said about this or not, but what about reporting the post, using the report button? I dunno how you are identifying the spam, or differentiating from genuine members, so I'll shut up now. :p

I have been having the same problem on my board for some time now. It's easier over there to identify them because we only allow people that register under their character's first and last name, but it's still incredibly annoying (and a lot of them still get past the e-mail validation).

But recently, our board developer installed Captcha and it's really helping. It's that system where you have to look at an image and type these letters/numbers when registering (like they have on MySpace, for example).

Can you do that with Invision Free? (I'm using Invision Power Board) Because if you can, then you should definitely consider it.

Most Captcha does absolutely nothing to deter bots, especially not Captcha that depends on Imagemagick or GD (which is standard for most web servers). Only the most primitive of bots can't get around it.

I personally set up a 20 second registration delay on my board. I presumed that no human can finish the entire registration page in under 20 seconds, and I reject all registrations that do. So far, I've had 0 bot registratons and no false positives; I hope the streak continues. If you can do something like this (I doubt, given IF's architecture), that would be great.

You could also try mandating a birthdate for every registrant or requiring a certain answer to a simple question (like what is 2+4?). Some bots will have some trouble with this.

Otherwise, it's back to the drawing board with the elbow grease. I don't think there's much you can do except prune them by hand.

Incorrect, actually; it depends entirely on the strength of the CAPTCHA and the seed on the random number generator the Visual Verification system is using. ImageMagick and GD are not CAPTCHA-specific libraries (they are the standard code by which gallery systems create thumbnail images on the fly, for example), and as such they can be as weak or as strong as the verification system requests they be.

This is an example of the verification system I use on my server for registration, guest posts, and guest PMs. In four weeks I have not had a single false positive or bot come through, and have been able to turn on all guest posting and turn off email verification for new members (which doesn't work at all for sophisticated bots).

It's certainly possible to keep up with bots by just watching your memberlist like a hawk and blocking the most commonly-used email domains. It's a whole lot easier to use visual verification, but it all depends on the server you're using.

Since I activated my Captcha I have had no bots. From what I can tell from my own IF, there is no Captcha option. :(

ich. they were at my board a while back, it took over a month to irradicate them, even with all staff on tap and a few friends promoted to help out. they kept posting pornography and such though, yours seem a lot tamer. i'll keep my eyes peeled.

Please remember guys this isn´t a discussion topic. If you´d like to talk about this or discuss about this subject, feel free to make your own topic in the managing your RPG.

Also Roswenth is right. Only admins and community mods are able to moderate all the forums. If you are not sure who can mod what kinda forums, just have a look in the ´The moderating team´ link above the forum statistics. You should either pm me, horse or a community mod to get rid off spam posts around the board.

Yes, imagemagick and GD are the server software suites, and precisely why the engine does not require any miscellaneous images to generate the CAPTCHA code. You could potentially make a very complex CAPTCHA, or create a private verification system with PHP, and it would be practically impossible to detect, perhaps encoding it with ionCube. Unfortunately, most people don't have the technical know-how.

The main problem with the CAPTCHA that comes with most forum software is that it's unprotected source. Most fairly sophisticated bot makers can get their hand on the application source and discover which hooking method the generator uses to create the CAPTCHA image. I'm sure you can deter some bots with it, but the persistent and difficult ones, like ones that would be attracted to a page like RPG-D (with its own domain and fairly high pagerank), would probably get around it fairly easily.

Likewise, most sophisticated bots can get around the verification questions too. There's no one way that can permanently keep bots down; and to be fair, anti-bot measures will almost always be a step behind the bots themselves.

Have you tried the four most common bot emails?

*@cashette.com
*@mail.ru
*@gawab.com
*@web.de

urhm yes. But there are also others that are quite common too with many bots registering. And please again, this is NOT a DISCUSSION TOPIC.