Page 1 of 1

no email verification?

PostPosted: 27 Apr 2005, 04:18
by nomaded
I have to say, I'm a bit surprised there wasn't an email verification step for registering to this forum. It's a bit refreshing, but in other ways a bit worrisome. Yes, needing to enter a real email address is a pain, and needing to go thru an extra step to create an account is a pain, but I think it's useful to keep spammers at bay.

Also, I think it would be useful to require all participants to need a (verified) account. That way if someone needs a bit of extra help, 1) we know it is the same user, through the whole conversation/thread, and 2) we could (potentially) email them or private message them as needed.

Just my 1 and a half cents.

Re: no email verification?

PostPosted: 27 Apr 2005, 07:25
by TorbenGB
nomaded wrote:no email verification step for registering

I deliberately skipped that in order to make the entry to this forum as easy as possible. (You might also notice that the main wiki website doesn't require any registration at all.)

Your points are valid though, and we should consider to add verification in order to increase the "membership quality" and decrease the spam risk.
- Membership quality: I expect the members here to be so interested in the FW topics that they'll be serious enough as it is.
- Spam risk: This being such a new site, we can hope it'll be a while before spammers detect it.
I think we should let things be for a while, at least for starters, and see how it develops. What do you think?

Re: no email verification?

PostPosted: 27 Apr 2005, 07:54
by nomaded
TorbenGB wrote:I think we should let things be for a while, at least for starters, and see how it develops. What do you think?


Well, I agree that making sign-up easy would help promote users from the Official Forum to migrate over here. But, I think a simple email verification is fairly painless. And considering how the Official Forums is evolving, I don't think it would take much to get people over here.

Spammers can be fairly quick to take advantage of an "open" site. And I believe that it's easier to grant access than it is to take away access.

So, personally, I would stick some sort of email verification (possibly also image verification - "type in what it says in the box"), for both the forums and the wiki. It shouldn't be difficult to get an account, but it shouldn't be so easy that a simple bot script could generate thousands of account requests in a few minutes.

"Just because you're paranoid, doesn't they're not out to get you."

Re: no email verification?

PostPosted: 27 Apr 2005, 08:00
by TorbenGB
nomaded wrote:a simple email verification is fairly painless. ... possibly also image verification - "type in what it says in the box"

Just to let you know: we can enforce both email and image verification. I'd still like a few more users' comments before I turn it on, though.

Re: no email verification?

PostPosted: 27 Apr 2005, 08:15
by nomaded
TorbenGB wrote:I'd still like a few more users' comments before I turn it on, though.


*nod* understandable.

Was just trying to clarify my opinion on the subject.

Re: no email verification?

PostPosted: 28 Apr 2005, 00:57
by Guest
TorbenGB wrote:
nomaded wrote:a simple email verification is fairly painless. ... possibly also image verification - "type in what it says in the box"

Just to let you know: we can enforce both email and image verification. I'd still like a few more users' comments before I turn it on, though.

I would also agree with the double opt-in, less so with the image verification (but that is only because I often have troubles decoding them :wink: )

cheers
eve

PostPosted: 28 Apr 2005, 01:25
by eve
Grrrr...that was me, sorry

eve

PostPosted: 28 Apr 2005, 08:41
by mboeing
I think even with opt-in it would be fairly easy to get access. I do not think that a process requiring email/image verification would drive away potential users.

Spam is a fact of live these days & we should deal with it.

Cheers,
/Markus.

PostPosted: 28 Apr 2005, 08:55
by TorbenGB
Three votes for, none against. I will enable the verification now, including the image verification because we might as well use that extra security while we're at it. This is open for discussion though, so keep any comments coming.

Re: no email verification?

PostPosted: 29 Apr 2005, 05:41
by The00Dustin
nomaded wrote:Also, I think it would be useful to require all participants to need a (verified) account. That way if someone needs a bit of extra help, 1) we know it is the same user, through the whole conversation/thread, and 2) we could (potentially) email them or private message them as needed.


I have to agree on this note; all of the guest posts could get quite confusing rather quickly. Plus, it seems like I've already seen multiple "oops, I didn't know I wasn't logged on when I posted that, sorry" type messages, and another message is the only way to correct an accidental (or flawed, typoed, etc) guest posting since (I'm assuming) the poster cannot edit or delete it.

PostPosted: 18 May 2006, 07:57
by TorbenGB
For some time, we've now only allowed registrations that were verified by the administrator. So every sign-up triggers an email to me, and if I think it's legit then I click a link and the profile is enabled. I have been getting a few such mails every day now, and NONE are legit. All those phoney registrations are pure spam (in the user profile) and it's too much trouble for me to go and delete them, so we're faced with slowly being bogged down with spam registrations. :cry:

In fact only the first 33 registrations were real people (hello!) and the nfrom number 34 and up to number 229 (and counting...) is just spam.

This is not only bad news on this forum; other forums I also manage show the exact same pattern. It looks like the Internet is falling to the Dark Side.


With regrets,
TorbenGB

PostPosted: 18 May 2006, 21:00
by ivanw
Talking only about this forum, I would say that those who want to contribute are ready to go through some more demanding registration process than spammers would be.

This means that if you have some more elaborate registration process at hand, it could be an apprpriate filter.

We have 151 writing contributors and 180 readers. Spammers could not align more than three words about FW devices without talking nonsense.

Would it be possible to require some introduction message for submission? This would turn readers into writers, and it is just what we are looking for... A fill-in-the-blanck or a multiple choice test ?

What is a TS ?
:arrow: short for toaster
:arrow: an acronym for Technical Specification
:arrow: something that streams out touches
:arrow: ...

PostPosted: 19 May 2006, 08:32
by TorbenGB
> Would it be possible to require some introduction message for submission? This would turn readers into writers, and it is just what we are looking for...
> those who want to contribute are ready to go through some more demanding registration process than spammers would be.
I think it's the other way round. The attention of average web users is thin; if it's more than a little difficult then users will give up. Spammers will jump through many hoops to get their message out. The question is, how do you protect an open-for-all system from those that will put in more effort than the intended users?

There is some help in this thread http://www.phpbb.com/phpBB/viewtopic.php?p=1404100 but I don't think it will solve the problem completely. Spam is a known evil and we must either accept it or leave. As a spare-time administrator, spam itself is herding me toward the latter...

> We have 151 writing contributors and 180 readers.
How do you find this? The memberlist has 229 members (230, another spammer registered this morning) but only about 30 of those are real people. As for passive readers, it's anyone's guess but can't be accurately determined.

PostPosted: 19 May 2006, 10:17
by ivanw
Well, I realize that this is hell of a burden by itself. Just forget all I've said here as I have no experience at all about dealing with forums harassment.

As about the motivation factor that spammers are likely to have higher than the average user, well, I would rather pay attention to the bad guy rather than an unmotivated FW device owner. Speculators from eBay may give up while registering but who cares...

:mrgreen: logo_phpBB replacement

PostPosted: 19 May 2006, 20:45
by Rqyteqto
Sort of off-topic, but ivanw, were you meaning "touches" as in the contact of one body to another or "touches`s' as in "Engarde! ... (clash ....clash ... clash) ... touche`!". If the former, I am guessing a "stream of touches" would be rather erotic, if the latter, then I have the very disturbing visuallization of an automatic fencing instructor machine gone mad.

Either way, thanks for stimulating my cortex.

Oh, by the way, I am in favor of having prospective members choose either of the above "stream of touches" as an entry hazing procedure.

Frankly I am amazed anyone would bother to bother our little forum by spamming it. You have to have some sympathy for anyone with a life so meaningless they could gain some satisfaction from doing so.

PostPosted: 19 May 2006, 21:20
by TorbenGB
Rqyteqto wrote:Frankly I am amazed anyone would bother to bother our little forum by spamming it. You have to have some sympathy for anyone with a life so meaningless they could gain some satisfaction from doing so.


You have to realize that the spamming is not something that particularly hits our little website -- it's being done by spambots that hunt around the Net for anything that is in any way open to any textual submissions.

It's just our poor luck that we don't have more time (and skills?) to clean up their mess and waterproof our site.