The Arms Race

Discuss recent changes, make suggestions, etc.

The Arms Race

Postby crfriend » Fri Nov 04, 2011 11:13 pm

One might as well call a spade a spade, because that's what forum moderators and administrators are in when it comes to those who would pollute various spaces with endless commercial (and worse) advertising and junk. The advertisers have won in the realm of broadcast media -- including broadcast media that folks pay to subscribe to -- and they won in USENET and destroyed that global community. The next target, it seems, is on-line spots like this little "cyber hamlet".

The astute have, no doubt, noticed the marked uptick in "new users" with strange "noms de plume", and the very astute will have noticed that those self-same new users have also summarily disappeared from the community. With a nod to Buckaroo Banzai and the Adventures Across the Eighth Dimension, "Spammers! Pure and simple!"

It looks like not only has the "captcha" we use to keep this vermin down been compromised, but also the "secret sauce" that I put in to try to keep it down to a dull roar. It worked for a while, but that gain has been lost (That's the problem with Arms Races).

In short, the admin and mod staff have been busily at work trying to keep the miscreants out. I'd like very much to honour my partners in this -- Milfmog and Uncle Al -- for their assistance; without a presence "where the sun never sets" we'd be doomed.

To crib one from RMA -- "skirt on"!
Retrocomputing -- It's not just a job, it's an adventure!
User avatar
crfriend
Master Barista
 
Posts: 10468
Joined: Fri Nov 19, 2004 9:52 pm
Location: New England (U.S.)

Re: The Arms Race

Postby r.m.anderson » Sat Nov 05, 2011 3:03 am

crfriend & Milfmog & Uncle Al

Thanks for all that you do to keep the forum what it is for all to enjoy !

I can't take all the credit for my sign off line:

[To crib one from RMA -- "skirt on"!]

It was an adaptation from a fellow member; 'Chris Webb', who signs off on another forum "Kilt-On" !

I try to sign off each post with a bit of humour appropriate to the topic of the post.

"Skirted-Kilted-Thanks"
rma
"Kilt-On" -or- as the case may be "Skirt-On" !
WHY ?
Isn't wearing a kilt enough?
Well a skirt will do in a pinch!
Make mine short and don't you dare think of pinching there !
User avatar
r.m.anderson
Member Extraordinaire
 
Posts: 1874
Joined: Sun Nov 07, 2004 6:25 pm
Location: Bloomington MN

Re: The Arms Race

Postby couyalair » Sat Nov 05, 2011 8:48 am

Keep up the good work !

Advertizing is a real pain in somewhere. However I think it is now being seen as counterproductive. In both France and Spain, the main state tv channels are now free of ads for most of the day. I hope the trend will continue.

With thanks, Martin
User avatar
couyalair
Member Extraordinaire
 
Posts: 957
Joined: Thu Aug 26, 2010 5:55 pm
Location: Malaga or Grenoble

Re: The Arms Race

Postby crfriend » Sat Nov 05, 2011 12:18 pm

couyalair wrote:Advertizing is a real pain in somewhere. However I think it is now being seen as counterproductive [...]

Much of that depends on whether the adverts are relevant to what one is interested in. For instance, I would not be averse at all to having kilt or men's skirt manufacturers post the occasional announcement of new products or promotions here on SkirtCafe because that's decidedly on-topic for the community. However, everything the moderation team (The "Mod Squad"?) has seen has been completely and utterly off-topic for the community so it gets stepped on.

The problem with most advertisers is that they "carpet-bomb" places which are not interested in the wares they're pushing. This is especially pernicious where the advertiser pays nothing for the activity, as is the case with spam; in this case, the cost is shifted to the receiver who is expending his resources to receive something that he's not even remotely interested in.

I'm really beginning to dread the upcoming election in the USA. With an almost infinite amount of money available for advertising campaigns -- thanks to the Supreme Court ruling that a corporation is equivalent to an individual citizen -- the carpet-bombing is going to be especially severe starting in about three or four months' time. I can hardly wait...

In both France and Spain, the main state tv channels are now free of ads for most of the day. I hope the trend will continue.

Amen!
Retrocomputing -- It's not just a job, it's an adventure!
User avatar
crfriend
Master Barista
 
Posts: 10468
Joined: Fri Nov 19, 2004 9:52 pm
Location: New England (U.S.)

Re: The Arms Race

Postby kingfish » Sun Nov 06, 2011 11:16 pm

crfriend wrote:In short, the admin and mod staff have been busily at work trying to keep the miscreants out. I'd like very much to honour my partners in this -- Milfmog and Uncle Al -- for their assistance; without a presence "where the sun never sets" we'd be doomed.


And the three of you have been doing an outstanding job. :salut:
And you have my sincere thanks for it.
John
kingfish
Member Extraordinaire
 
Posts: 235
Joined: Wed Oct 22, 2003 1:49 pm
Location: Metrowest Suburbs of Boston

Re: The Arms Race

Postby skirted_in_SF » Mon Nov 07, 2011 3:57 am

Carl,
You might be interested in this story on ExtremeTech (PC Magazine/Ziff-Davis) about what is happening to captchas.
http://www.extremetech.com/computing/10 ... ng-captcha
Stuart Gallion
No reason to hide my full name 8)
Back in my skirts in San Francisco
skirted_in_SF
Member Extraordinaire
 
Posts: 1081
Joined: Tue Feb 16, 2010 1:56 am
Location: San Francisco, CA USA

Re: The Arms Race

Postby crfriend » Mon Nov 07, 2011 12:12 pm

Thatnks for that, Stuart. The basic article was interesting enough; I want to read the actual paper, however, and that may take a while.

I'm probably not going to make any changes to the software that generates the captcha that SkirtCafe uses as I'd rather let that just follow the course that the phpBB developers go go down. From my experience, getting out of sync with what the main developer team is doing quickly gets to the point where one is expending almost as much effort to keep one's own changes in as the developers are doing to drive the whole thing forward.

The other problem with captchas, and why I don't particularly like them, is that there are some folks who cannot, for one reason or other, solve them. We had a very nice chap try to register a week or so ago, couldn't make it work, and we went through quite a lot of effort to resolve it before he just gave up. I found that very sad, because from the e-mail that went back and forth he seemed that he'd make a wonderful member of the community.

However, all is not for naught. One of the most basic fundamentals of secuirty is to have layers -- "security in depth"" -- such that if one layer gets cracked other layers will pick up the slack, and that's what we've got here. The net result is that the mods and admins are getting a bit higher of a workload until other workarounds can be immplemented. I'll admit that some of those tactics are a wee bit ham-fisted (like black-holing all of China, for instance), but some of them are more precise like determing the pattern of e-mail addresses that the 'bots are using and putting countermeasures on those. (Most of the latest batch of robo-registrations use G-mail addresses, indicating that Google have clearly let down their guard when it comes to mail accounts and, despite their mantra of "do no evil" are, in fact, abetting the spammers by tolerating their (ab)use of G-mail's resources.)
Retrocomputing -- It's not just a job, it's an adventure!
User avatar
crfriend
Master Barista
 
Posts: 10468
Joined: Fri Nov 19, 2004 9:52 pm
Location: New England (U.S.)

Re: The Arms Race

Postby skirted_in_SF » Tue Nov 08, 2011 4:25 am

I hope you don't cut off everyone who uses GMail. Since that would shut me off. :)
I prefer GMail for my personal accounts due to its simple interface. You log in and there is your mail. I also have some Yahoo accounts (default provider for AT&T, my DSL provider) and I hate all the cr@p you have to wade through to get to your mailbox. Not to mention all the flash ads, some of which are for obviously bogus services.
Stuart Gallion
No reason to hide my full name 8)
Back in my skirts in San Francisco
skirted_in_SF
Member Extraordinaire
 
Posts: 1081
Joined: Tue Feb 16, 2010 1:56 am
Location: San Francisco, CA USA

Re: The Arms Race

Postby crfriend » Tue Nov 08, 2011 11:36 am

skirted_in_SF wrote:I hope you don't cut off everyone who uses GMail. Since that would shut me off. :)

I'm not quite that dumb. ;)

What I did do, and since it's unlikely that bot-writers are reading this, is to temporarily disallow the use of the "+" delimiter for new-registration e-mail addresses at gmail.com and also to disallow the use of more than four "." characters in the user portion of gmail.com addresses. Both of those patterns have shown up prominently in bot registrations recently. Once this particular threat passes (or becomes passe) I'll pull the rules out.
Retrocomputing -- It's not just a job, it's an adventure!
User avatar
crfriend
Master Barista
 
Posts: 10468
Joined: Fri Nov 19, 2004 9:52 pm
Location: New England (U.S.)

Re: The Arms Race

Postby skirted_in_SF » Wed Nov 09, 2011 5:16 am

crfriend wrote:
skirted_in_SF wrote:I hope you don't cut off everyone who uses GMail. Since that would shut me off. :)

I'm not quite that dumb. ;)

What I did do, and since it's unlikely that bot-writers are reading this, is to temporarily disallow the use of the "+" delimiter for new-registration e-mail addresses at gmail.com and also to disallow the use of more than four "." characters in the user portion of gmail.com addresses. Both of those patterns have shown up prominently in bot registrations recently. Once this particular threat passes (or becomes passe) I'll pull the rules out.


Whew, I guess I'm in the clear then. Just a plain e-mail address for me.
I wondered who used those address tricks. Apparently the Gmail system ignores anything to the left of the + and I have seen it suggested using that trick when you have to supply an e-mail address to a site to tell if they have sold/traded it on to others.
Stuart Gallion
No reason to hide my full name 8)
Back in my skirts in San Francisco
skirted_in_SF
Member Extraordinaire
 
Posts: 1081
Joined: Tue Feb 16, 2010 1:56 am
Location: San Francisco, CA USA

Re: The Arms Race

Postby crfriend » Wed Nov 09, 2011 11:23 am

skirted_in_SF wrote:I wondered who used those address tricks. Apparently the Gmail system ignores anything to the left of the + and I have seen it suggested using that trick when you have to supply an e-mail address to a site to tell if they have sold/traded it on to others.

The "+" delimiter is a notion that many MTAs (Mail Transfer Agents) and MUAs (Mail User Agents) use to allow individual users to have more than one "inbox" and allow simple routing to those boxes. In short, the MTA honours all the stuff to the left of the "+" as the recipient's name, and the MUA then fiddles with the stuff to the right of it as the "virtual in-box" identifier. Gmail may, or may not, honour the implementation of this, but it does allow one to trace who "leaked" an e-mail address.

It's worth reiterating that the current ban on so-formeg gmail.com addresses only applies to new registrants and was configured with an automatic 7-day expiry so that my forgetting about it would not cause overt problems in the future.
Retrocomputing -- It's not just a job, it's an adventure!
User avatar
crfriend
Master Barista
 
Posts: 10468
Joined: Fri Nov 19, 2004 9:52 pm
Location: New England (U.S.)

Re: The Arms Race

Postby Grok » Wed Nov 09, 2011 5:52 pm

The human immune system comes to mind. Occasionally a new strain appears that bypasses the old defense.
Grok
Member Extraordinaire
 
Posts: 1800
Joined: Fri Aug 29, 2008 2:21 am

Re: The Arms Race

Postby ethelthefrog » Mon Nov 14, 2011 9:36 am

Thank you, Carl, and the mod team. This is a great site, and you keep it great.


Paul.
User avatar
ethelthefrog
Member Extraordinaire
 
Posts: 268
Joined: Tue Jun 08, 2010 1:31 pm
Location: Cambridge, UK

Re: The Arms Race

Postby crfriend » Sun Jan 01, 2012 2:45 am

I offer many thanks to those who have voiced support for the "Mod Squad" here at SkirtCafe. The past couple of months have been a right hassle for the folks who toil behind the scenes, and I invite Uncle Al and Milfmog to take well-deserved bows for yeomans' service to the cause.

Since the onslaught of 'bot registrations seems to show no signs of slackening, I've opted to change the tactics involved to put the human back "in the loop". This means that new registrations get to pass through carbon-based decision-makers. It also means that the workload on the mod team will (hopefully) lessen in the grand scheme of things as we can simply ignore obviously fraudulent registrations rather than manually deactivating or banning them.

The community at large should notice little, if any, change; this is a behind-the-scenes tactical shift only. As always, if anybody has any technical problems with SkirtCafe, a proper human can be reached at the slightly-obfuscated e-mail address beneath the masthead.

Happy New Year!
Retrocomputing -- It's not just a job, it's an adventure!
User avatar
crfriend
Master Barista
 
Posts: 10468
Joined: Fri Nov 19, 2004 9:52 pm
Location: New England (U.S.)

Re: The Arms Race

Postby couyalair » Sun Jan 01, 2012 4:31 pm

Many thanks; your work is well appreciated.

Only 365 days' more work for you this year!

Martin
User avatar
couyalair
Member Extraordinaire
 
Posts: 957
Joined: Thu Aug 26, 2010 5:55 pm
Location: Malaga or Grenoble

Next

Return to Changes at the Cafe

Who is online

Users browsing this forum: No registered users and 1 guest