Forum under attack by fakers

Post Reply New Topic

It's like I keep saying: Cloudflare is garbage.

It's ENTIRE FREAKING FUNCTION is to provide security against such things, and stability to the forums.

It cant even stop the most obvious, most simplistic, most dimwitted of bots.

What does it do instead? Tries to stop actual USERS.

Doesnt matter that Bot #29674 over there just posted 89 pages of utter gibberish, drowning the forum over there. Doesnt matter that all of the subject lines are hyper-obvious nonsense that anyone could spot. That's not important: What's important is that longtime member Bob over there, making a totally normal single post in a totally normal amount of time.... COULD BE A SUPERVILLAIN IN DISGUISE *captcha'd*

I mean, really. It's completely ridiculous.

Even dumber? It's captchas are glitchy. Glitchy as all hell. It's actually possible to get through them by getting the answer UTTERLY WRONG. I dont even want to know how this is possible. For a, *ahem*, "security" service.

Normally, I refuse to use or at all interact with sites that use that pathetic "service", as this has happened on *all* of them. This one is the only exception, because it's the only decent autism site with a fairly large population that I've been able to find (believe me, if I ever find another, I'm out of here if Cloudflare is still here), but there are days... lots of them... where I think myself a damn fool for letting there be an exception at all.

Get rid of bloody Derpflare. It's A: not accomplishing anything, B: slowing down the forum, and C: screwing with users. It's doing literally the direct opposite of what someone is paying it to do. This brings up the question of why it's being paid for at all.


There, a bit of a rant, but this idiocy angers me.

I agree that Cloudflare is garbage, since in most cases, you can't even quote someone, yet those spambots are able to post 89 pages of spam. Every other forum I'm on doesn't use that crappy thing, and they don't have the constant problems with spam like this does.

Wow, it seems that the forum is under constant attack now. It used to be just a certain time (usually late night where I am) to just almost constant bombardment.

How about the entire population of WP has authority to delete for a month. With apologies to friendlies. I'm serious.

Only members? Experienced members? Freedom to delete anybody posting more than a page but membership less than a week?

How about "Due to recent hackers, we regret that anything longer than one page will be automatically deleted." Not forever.

Block any msg longer than a page?

Sorry to be so stupid about these things.

Unfortunately it wouldn't solve the basic problem, which is the accessibility of the website to spammers. Nearly all the spam seems to come from India. We don't seem to have any members there although possibly there are one or two. Whether it is possible or feasible to block all incoming messages or new accounts arising from India, I don't know. India held and possibly still holds the international record as the country sending out the most spam to other countries. Another
option might be to reconfigure the way members open accounts, though I don't know how major that would be to do; apparently some forums have a hidden field that somehow detects and weeds out spammers before they can spam. Now wouldn't that be wonderful

Can one of the Computer People get permission (from Alex?) to block India for 6 months?

What's a honeypot (here's where I get unmasked as a total moron.)

I don't know either so I am the other moron...

It's just a field that's hidden to sight of normal viewers, it still shows up in the background code as an input field-- like the typing field I'm using to type right now. A bot will fill out all inputs most of the time, just to make sure they don't get a reset (you know: *you forgot yada-yada, please refill in the line). A lot of bots will fill in the honeypot we know humans can't see. So all we need to do is check on the server when the form is sent to see if it has information. If it does then there's no post. It's called a honeypot because just like Winnie the Pooh, the bot got caught with it's hand stuck in the honey pot.

@Aristophanes - sorry, I didn't see your post there already and I suppose Google won't hurt?

Googled it (you'd think I was born yesterday:

http://www.novanetworksecurity.com/?gcl ... oCIsnw_wcB

Thanks for explaining that. It does seem the simplest solution if the change would be compatible with however WP is set up and functions, matters about which I am totally ignorant.

For not-IT-morons (that rules me out) I was reading this link about the feasibility of blocking whole countries though personally I understood only about 3% of it..

http://www.sitepoint.com/how-to-block-e ... g-website/

Here's a technical link that describes how to make one very easily with PHP (I'm 90% certain that's the backend language we're using). Ask Alex or someone with code knowledge/access if there's a honeypot, if there's not give them that link.