- This topic is empty.
-
Posts
-
I just banned a new user request, even though the justification text was borderline (“I want to join this forum so I can respond.”), and realized I probably haven’t mentioned the way I discovered it was an illegitimate request – so I thought I should share here. Most of you might be aware of this simple check, but it is good to have it recorded. I simply clicked on the “send email” (not exact wording) option in the Admin Control section and looked at the email address. It was a business email (something like “webelectronics.com”). In such a case, I don’t dig further; I automatically ban the user.
Sometimes, if I am concerned about the justification text, I copy the email and do a search for it through Google and Facebook. I have spotted a couple of anti-Mormons over the years by doing that.
If anyone else wants to post suggestions about how to spot bad apple user requests, go for it.
Please do. I have begun not responding when new people request just because I did let one in, a few minutes later we were running on a thread on banning the individual. I am a bit gun shy. Any lessons would help. Old Timer wrote:
I simply clicked on the “send email” (not exact wording) option in the Admin Control section and looked at the email address. It was a business email (something like “webelectronics.com”). In such a case, I don’t dig further; I automatically ban the user.
What if someone uses their work e-mail address to register with the site?
nibbler wrote:
Old Timer wrote:
I simply clicked on the “send email” (not exact wording) option in the Admin Control section and looked at the email address. It was a business email (something like “webelectronics.com”). In such a case, I don’t dig further; I automatically ban the user.
What if someone uses their work e-mail address to register with the site?
Yeah, I kind of had that question too. Two of our high councilors actually do that. But they are also very recognizable businesses, and I know that’s where they work.
On the other hand, if it was webelectronics.com that address doesn’t check out – it’s an unowned domain.
Other than checking their justification and looking at the email to see if it does sound legit I do an IP check. There are some people who use IP maskers so you can’t actually tell where they’re from but most people don’t do that.
and there is only so much time we can put into researching these things. They should be smart enough to be using a legit address and valid IP address, from a quick check does it pass the sniff test.
And they should be smart enough to give a justification that isn’t lame.
Quote:“I want to join this forum so I can respond.”
Lame.
They can try again if they really want to participate in our mission.
Heber13 wrote:
Don’t Be Lame! So it is written – so shall it be!
I’d approve someone with that justification text, or at least that justification text wouldn’t raise a flag in my vetting process. It’s lame but I can envision someone thinking, “Yeah, yeah. This is just to prove I’m not a bot. I’ll just put something generic in here.” Quote:I want to join this forum so I can respond.
Is still relevant to the activities that happen here, it’s a forum and people respond to things.
My process:
I look at the e-mail first.
- I’ll google the e-mail address. Sometimes you find a person on the other end, sometimes you get results at some site like stopforumspam.
- Many times the e-mail test test yields nothing so I look at the IP address. IP addresses also show up at stopforumspam. IPs from non-English speaking countries get an automatic red flag. That doesn’t mean insta-rejection, I’m not a xenophobe (as far as I know) but if someone requests an account from India and has a yahoo e-mail address with lots of numbers… it doesn’t look good for them.
- Justification text usually doesn’t factor much into my decision, unless it’s “ljkhfdglsidb8ulkjfgbnl” or “I’m gonna spam you so hard it will make Hawaaii salivate.”
I used to over-worry that I’d accidentally allow a reprobate through but I’m reminded:: I got through
I usually fall back on the first post because:
1) We get one, maybe two request per week.
2) Just a guess but I’d say that for every 10 accounts that are created only one or two people go on to create a first post.
It would be a whole other story if I had 50 requests and 5 first posts waiting for me every day.
Concerns:
What damage can a person that has an activated account but isn’t approved to post do? Can they PM or e-mail other members (fill people’s inboxes with spam or stalk people)? You probably don’t need an account to do this but could they make a DDoS attack worse by having some limited access?
I’m thinking of the old NOM board that died. From memory I think it went like:
1) Page loads started timing out. IIRC the site owner said that there was a “nothing to see here” DDoS attack, I don’t remember well.
2) A few features on the site stopped working.
3) The e-mail subsystem eventually broke, which meant no new members because the activation process involved confirmation e-mails.
4) I sent one of the mods at the old NOM board a PM saying, “You’re on phpbb, right? The mods can do [this process] to approve people waiting in the wings for account activation without the need to rely on e-mail.”
5) There was a
largeinflux of members because it had been severalmonths since anyone over there had been able to create a new account. 6) A few days later the site died for forever.
So it got me thinking. Did the mods approve a few bad apples when processing the backlog. Did those bad apples use their access to attack the site? Who knows? The site perma-died because the site owner lost interest in maintaining the site, not because the attackers did any permanent damage. Plus I don’t know whether their site owner ever patched their software.
I also don’t know old NOM’s moderation process. I don’t know whether they had the approve the first post process… but that’s the concern: nibbler approves a new account, new account never posts but uses their (limited) credentials to somehow exploit a vulnerability that exists in the phpbb software, even if the time between account creation and attack is years.
Text wall over.
I try not to ban or delete any request that might be legit – and I only check when something fishy-smelling hits my nose. Otherwise, I approve and figure we can deal with it. I would much rather be too lenient (“grace-full”) than too strict, but there are a few simple ways to check for obvious non-fits.
Also, I only delete those with business email addresses if I find those addresses are fishy AND the justification text also is fishy.
First of all…. MISQUOTE!
Roy wrote:
Heber13 wrote:
Don’t Be Lame! So it is written – so shall it be!
I never said that!! (but wish I did…sounds like a pharaoh spoke it or something
You’re funny, Roy.
Secondly….
I want to raise the bar of members of this forum.
Church leaders wrote:Please understand this: the bar that is the standard for missionary service is being raised. The day of the “repent and go” missionary is over. You know what I’m talking about, don’t you, my young brothers? Some young men have the mistaken idea that they can be involved in sinful behavior and then repent when they’re 18 1/2 so they can go on their mission at 19. While it is true that you can repent of sins, you may or you may not qualify to serve.
Consequently, if we are “raising the bar” for your sons to serve as missionaries, that means we are also “raising the bar” for you. If we expect more of them, that means we expect more of you.
..of course, daughters are excluded from this…because just the boys need to hear that message.
Therefore…don’t be lame with justification text to enter this forum.It is the new standard that will bless the lives of millions of new account requesters in this forum, as we flood the earth with our message, like a stone cut out of the mountain rolling downhill where gravity gets the sucker moving pretty fast…and it cannot be stopped. I would also like to start separating our forum into 3 groups, where only the ones that donate money to the site and work hours to moderate it get exalted to the highest degree of the forum kingdom with secret access to the moderator threads to participate secretly. This elite and exclusive group in the forum has all the blessings of admitting and denying new members based on if we like them or not and their email address, and we get to set the rules on what is acceptable and what is lame.
Also…the most worthy among the exclusive group are allowed to have multiple login names, because one is not enough. We can spread more gospel message by mutliplying our login accounts…and it will look like there are more members so it makes us look cooler and statistics go up. It used to work for login accounts thousands of years ago in biblical times, so we should try to restore that and emulate that practice.
What do you all say…let’s make this site exclusive! It’s much more fun for those who are already on the inside!
:silent: And…teach others “Don’t be Lame”
ok…I’m done. Got carried away there a bit.
Sorry…but Roy started it.
….ok…sorry…nibbler has the right idea. And you all do a bang up job at moderating, and that stuff is important. Carry on…ignore me today…I’m in a silly Monty Python kinda mood.
FWIW, I used to delete the requests from people who’s justification text didn’t include anything related to Mormonism or something else that clued in they had actually spent time reading the forums. “I just want to respond to something…” is exactly what a bot or spammer will type in because they can’t spend the time to understand the forum’s topic and still be economically efficient at spamming. That was how I did it. But that isn’t the only way or best way.
If there aren’t many registrations to deal with, then it probably doesn’t matter too much. The second line of defense is that no posts go public from a new user until a moderator approves at least 1 post. After that, they are free to do whatever registered users can do.
I don’t think I can prevent newly registered users from sending Private Messages because they also have to be able to use that system to interact with Administrators and Moderators. That group is currently set to limit them to 5 recipients in a single PM, so that would make it VERY tedious to spam the whole list of members.
Uncle Brian – Great to see you. How is the family? and How are you? Thanks for dropping in. Love your face. Heber – Laughing my guts out here. “Don’t be Lame” will never be the same again.
:clap: :clap:
- You must be logged in to reply to this topic.