VGMusic

[Thomash]

Recently I've received a handful of email from siteadmin@vgmusic.com notifying me the new reply in the topic I've been involved. But in fact these topics ain't receiving any new posts. Just like that:

Hello Thomash,

You are receiving this notification because you are watching the topic,
"Midi Sequencing - Multiple Instruments To A Channel?" at "VGMusic". This
topic has received a reply since your last visit. You can use the following
link to view the replies made, no more notifications will be sent until you
visit the topic.

If you want to view the newest post made since your last visit, click the
following link:
viewtopic.php?f=8&t=12969&p=118506&e=118506

If you want to view the topic, click the following link:
viewtopic.php?f=8&t=12969

If you want to view the forum, click the following link:
viewforum.php?f=8

If you no longer wish to watch this topic you can either click the
"Unsubscribe topic" link found at the bottom of the topic above, or by
clicking the following link:


viewtopic.php?uid=318&f=8&t=12969&unwatch=topic

--
Thanks, VGMusic.com forum staff

Can somebody look into this if it's a faux or phishing spam? Thx.

[Powerlord]

It's because we've been seeing more spambots recently (that are complicated enough to figure out how to solve or bypass the CAPTCHA for creating new accounts), and we're deleting the posts prior to you seeing them.

[CBlockDis]

It's because we've been seeing more spambots recently (that are complicated enough to figure out how to solve or bypass the CAPTCHA for creating new accounts), and we're deleting the posts prior to you seeing them.

Is that what those weird multilanguage posts were at like 5am EST?

[Powerlord]

It's because we've been seeing more spambots recently (that are complicated enough to figure out how to solve or bypass the CAPTCHA for creating new accounts), and we're deleting the posts prior to you seeing them.

Is that what those weird multilanguage posts were at like 5am EST?

Quite possibly.

When I'm at my computer, I usually catch them if they post to the BRCS or News boards immediately, then ban and move all their posts to the Quarantine board (which is what we do rather than delete them usually).

Having said that, today I've had a headache and spent 14-15 hours asleep, which is why the guy whose posts you flagged wasn't handled until right now. Likely, one of the European admins would have caught them, but it's the middle of the night over there.

[CBlockDis]

It's because we've been seeing more spambots recently (that are complicated enough to figure out how to solve or bypass the CAPTCHA for creating new accounts), and we're deleting the posts prior to you seeing them.

Is that what those weird multilanguage posts were at like 5am EST?

Quite possibly.

When I'm at my computer, I usually catch them if they post to the BRCS or News boards immediately, then ban and move all their posts to the Quarantine board (which is what we do rather than delete them usually).

Having said that, today I've had a headache and spent 14-15 hours asleep, which is why the guy whose posts you flagged wasn't handled until right now. Likely, one of the European admins would have caught them, but it's the middle of the night over there.

Haha... it's fine. I figured while I was on and ...seemingly nobody else was(because of the superbowl probably) I'd just flag them as they showed up. Figured it would make life easier on you. I was fighting a losing battle though, that bot was posting 3 times as fast as I was flagging them. :p I ended up giving up because I lost track of which ones I flagged.

[Blitz Lunar]

i've just been going to administrate user, deleting the account and nominating to delete all their posts too. it's quicker and less hassle than moving all their posts the quarantine.

[AI The Original]

Is there something like an e-mail verification on this site?

When a new person signs up for a new account, the site will sends an e-mail to the specified address and the user has to click the link in the e-mail address to activate their account.

Spambots don't usually have a valid e-mail address and if they did, it would be easier to catch.

EDIT: It looks like site does have e-mail verification. However, the CAPTCHA looks pretty easy to circumvent using today's technology. I'm looking at the wikipedia article on CAPTCHA and there things you can do to make it more difficult.

Crunching the letters together
Adding a strikethrough in the letters
Color

[Bregalad]

In fact those Captchas are much easier to solve for a computer than for a human !!
Spambots can pass them with no problems, but I often have a major trouble read what is written in them even though I have absolutely no vision problems. I sure don't know how people with vision problems do to pas them !

[Powerlord]

EDIT: It looks like site does have e-mail verification. However, the CAPTCHA looks pretty easy to circumvent using today's technology. I'm looking at the wikipedia article on CAPTCHA and there things you can do to make it more difficult.

We were using a more complicated one, but it wasn't really helping, so I switched to using Google's reCAPTCHA, just in case it was a flaw with the built-in CAPTCHA modules that allowed them to be bypassed.

Attached is what they looked like before.

[Powerlord]

Since that still hasn't fixed the problem, I've added a new required profile field that should only appear at new user registration. It asks if you're a real person.

I know Admins can see it in the profile editor, but none of you should be able to.

[Thomash]

We were using a more complicated one, but it wasn't really helping, so I switched to using Google's reCAPTCHA, just in case it was a flaw with the built-in CAPTCHA modules that allowed them to be bypassed.

Attached is what they looked like before.

This CAPTCHA is hilarious to human eye, I guess it's "5RYE3", right?

[CBlockDis]

Is there something like an e-mail verification on this site?

When a new person signs up for a new account, the site will sends an e-mail to the specified address and the user has to click the link in the e-mail address to activate their account.

Spambots don't usually have a valid e-mail address and if they did, it would be easier to catch.

EDIT: It looks like site does have e-mail verification. However, the CAPTCHA looks pretty easy to circumvent using today's technology. I'm looking at the wikipedia article on CAPTCHA and there things you can do to make it more difficult.

Crunching the letters together
Adding a strikethrough in the letters
Color

You seriously need to read up on spambots. They are much more effective these days. Email verifications don't cut it anymore, hence the use of captcha in conjunction with email verification, which still isn't fool proof. Captcha however... does severely decrease the number of successful bogus accounts made. The most effective method I've seen for avoiding spambots was some gaming site that required you to register using email accounts that weren't free. Like... hotmail, yahoo, gmail, etc... those were blocked from using to register.

[Thomash]

The most effective method I've seen for avoiding spambots was some gaming site that required you to register using email accounts that weren't free. Like... hotmail, yahoo, gmail, etc... those were blocked from using to register.

I would say no to block free email account registration. It is possible that some faithful user doesn't have non-free email account for various reasons like their ISP doesn't provide one (especially for the non-contract-bound type ISP) or they're abroad using other's or public internet service.

But I do admit that it actually has far less impact to Vgmusic considering this shrinking community. Another possible solution is back to prime, i.e. approval by staff personally. Like, require applicant to fill the question in the account registration form about "how much do you understand game music or MIDI" and you got the idea.

[AI The Original]

You seriously need to read up on spambots. They are much more effective these days. Email verifications don't cut it anymore, hence the use of captcha in conjunction with email verification, which still isn't fool proof. Captcha however... does severely decrease the number of successful bogus accounts made. The most effective method I've seen for avoiding spambots was some gaming site that required you to register using email accounts that weren't free. Like... hotmail, yahoo, gmail, etc... those were blocked from using to register.

Dear CBlockDis,

I know well about spambots. Technology is improving to allow spambots to be smarter than they were. No matter how well the filter is, there are always ways to circumvent it. Banning the use of free e-mail accounts will not stop spambots that use their own domain name for e-mail accounts, but it will kick out many people who want to use the VGM Forums. Plus, there are cases when some person will do the verification.

Another method that might work is the inclusion of a security question. It asks the new user a question that requires thinking. Then the forum control can check the answer. Unless a human operator registers the account or the question is cliched and easy to answer, the answer will probably be wrong.

[CBlockDis]

You seriously need to read up on spambots. They are much more effective these days. Email verifications don't cut it anymore, hence the use of captcha in conjunction with email verification, which still isn't fool proof. Captcha however... does severely decrease the number of successful bogus accounts made. The most effective method I've seen for avoiding spambots was some gaming site that required you to register using email accounts that weren't free. Like... hotmail, yahoo, gmail, etc... those were blocked from using to register.

Dear CBlockDis,

I know well about spambots. Technology is improving to allow spambots to be smarter than they were. No matter how well the filter is, there are always ways to circumvent it. Banning the use of free e-mail accounts will not stop spambots that use their own domain name for e-mail accounts, but it will kick out many people who want to use the VGM Forums. Plus, there are cases when some person will do the verification.

Another method that might work is the inclusion of a security question. It asks the new user a question that requires thinking. Then the forum control can check the answer. Unless a human operator registers the account or the question is cliched and easy to answer, the answer will probably be wrong.

I wasn't suggesting using the no free email servers method. I was just pointing out that it's a highly effective method to avoid spambots from getting into the forums(on other forums, not this one).

Also, your comment about email verification, to me, was a bit of an outdated suggestion. Sorry to have expressed my opinion so crudely, that's just how I joke/talk. I joke around a lot, it just happens that the majority of people that don't know me, don't get that.

Also, there is account approval too, but that would result in delayed accounts on the forums, and would most likely have a negative impact as well.

Pity there is no way to trace the origin of the spambots so we can destroy that person's life.