um wtf?
- Thread starter Julian Barton
- Start date
J
Jak Angelescu
Guest
It’s Korean and one time my friend translated it and it said something about “The lion club” and the color red was mentioned somewhere in there 
the spam sucks, yes. But I just trust the people behind SGS will get it sorted out in the best way possible. As long as it’s not affecting my ability to watch the lessons and use the interface it’s not a huge deal for me. Maybe they will do the captcha thing eventually.
the spam sucks, yes. But I just trust the people behind SGS will get it sorted out in the best way possible. As long as it’s not affecting my ability to watch the lessons and use the interface it’s not a huge deal for me. Maybe they will do the captcha thing eventually.
As a hacker and a coder might I suggest a few things:
One a recaptcha sign up
two max forum posts per 10 minutes (maybe like 10 posts and 15 replies as no human should be doing that)
three try finding anyone who has excessive posts and removing those users (obviously looking at their posts to see if they are real or fake)
Four maybe as well give some incentive to people who pen test the site (like a little icon next to their name for finding an exploit) would help the devs a bit
One a recaptcha sign up
two max forum posts per 10 minutes (maybe like 10 posts and 15 replies as no human should be doing that)
three try finding anyone who has excessive posts and removing those users (obviously looking at their posts to see if they are real or fake)
Four maybe as well give some incentive to people who pen test the site (like a little icon next to their name for finding an exploit) would help the devs a bit
It’s been a long time since I registered so I don’t remember if it’s in place, but a confirmation mail in order to activate one’s account should also work. And anyone who hasn’t activated his account can’t post comments/make forum posts. Of course, there is the option to resend the activation e-mail for real users, but it should, in theory, prevent spam accounts, because there is a need for a valid email in order to activate said account. And yes, I am a software developer (*humblebrags in C#*).
I’m afraid simple mail activation isn’t much for people that really want to spam some forums. It’ll help for sure, but only for some time. Then next spam script that is a little bit more intelligent will spam forum if find it (spam bots can be really annoingly inteligent).
But when security done with few things simultaniusly it would be enough for bigger span time.
1) Recaptha on registration
2) Mail activation, no posting without activated account
3) Maybe even simple recaptcha on topic creation (only that with checkbox required)
4) As you are using WordPress and BBpress forums (one installed with ultimate member I think), you can easily throttle user interactions in wpadmin panel – throttle posts posting to 1-2 minutes.
5) I don’t remember now, but inside bb Akismet is built in by default, so needs just to activate it; this could help a little
6) Another way is to redirect every POST request to /register/ page that doesn’t have referrer from syngates.com
7) You can blacklist ip’s of spambots that already tried to spam here
The easiest and 5 minute way to deal with some of spam bots is to create honeypot for them. Silly ones won’t deal with empty hidden input field that should be empty. It’s really simple to check, as spambot will put something in there (it analyzes code so it “sees” it there) but it will be visually hidden from humans. Especially if it has label or something with “required” word around it. So just create empty hidden field and then check it. If it is empty it’s human if not it’s barely spam bot
Oh and there is plugin – Spam Destroyer that adds honeypot that I wrote above to forum forms
Maybe you and your team find in that message something that help you to deal with spam @syn
But when security done with few things simultaniusly it would be enough for bigger span time.
1) Recaptha on registration
2) Mail activation, no posting without activated account
3) Maybe even simple recaptcha on topic creation (only that with checkbox required)
4) As you are using WordPress and BBpress forums (one installed with ultimate member I think), you can easily throttle user interactions in wpadmin panel – throttle posts posting to 1-2 minutes.
5) I don’t remember now, but inside bb Akismet is built in by default, so needs just to activate it; this could help a little
6) Another way is to redirect every POST request to /register/ page that doesn’t have referrer from syngates.com
7) You can blacklist ip’s of spambots that already tried to spam here
The easiest and 5 minute way to deal with some of spam bots is to create honeypot for them. Silly ones won’t deal with empty hidden input field that should be empty. It’s really simple to check, as spambot will put something in there (it analyzes code so it “sees” it there) but it will be visually hidden from humans. Especially if it has label or something with “required” word around it. So just create empty hidden field and then check it. If it is empty it’s human if not it’s barely spam bot
Oh and there is plugin – Spam Destroyer that adds honeypot that I wrote above to forum forms
Maybe you and your team find in that message something that help you to deal with spam @syn
The only problem with ReCaptcha for all you nerds on here (I am too don’t worry) is you know as well as I do that a hacker can easily bypass thousands of ReCaptchas per seconds with new code especially userscripts. This is still a good idea but it is not perfect. I would say that the site should definitely install them but also use a text code verification or something. 2 step is always better for bots.
Similar threads
