LES User signup changes effective immediately

mikhomikho AdministratorOG
edited June 2021 in General

Due to a recent spam attack, the user registration has changed to "Approval", meaning it could take some time to get approved and able to post.

If you signed up to this community and your account/application hasn't been accepted, write something useful in the signup note instead of what you entered before.

Anything looking like a copy/pasted answer or if it looks spammy enough, your application has been denied.

@Mason and I have to clean up the mess it created.

“Technology is best when it brings people together.” – Matt Mullenweg

Comments

  • Better than the spammy OGF

  • @mikho said:
    If you signed up to this community and your account/application hasn't been accepted, write something useful in the signup note instead of what you entered before.

    Would a provisional user have the opportunity to revise their signup note?
    This would allow a user who initially neglected it but then sees this thread to keep their desired username, and reduce the amount of account deletions administrators have to do.

    ServerFactory aff best VPS; HostBrr aff best storage.

  • mikhomikho AdministratorOG

    @yoursunny said:

    @mikho said:
    If you signed up to this community and your account/application hasn't been accepted, write something useful in the signup note instead of what you entered before.

    Would a provisional user have the opportunity to revise their signup note?
    This would allow a user who initially neglected it but then sees this thread to keep their desired username, and reduce the amount of account deletions administrators have to do.

    No.
    When we go thru the applicants the only option is to accept or delete.
    What you are asking for would require additional work load for everyone.

    That is why this post is readable by everyone, even not signed in users.

    Thanked by (1)vimalware

    “Technology is best when it brings people together.” – Matt Mullenweg

  • @mikho said:

    @yoursunny said:

    @mikho said:
    If you signed up to this community and your account/application hasn't been accepted, write something useful in the signup note instead of what you entered before.

    Would a provisional user have the opportunity to revise their signup note?
    This would allow a user who initially neglected it but then sees this thread to keep their desired username, and reduce the amount of account deletions administrators have to do.

    No.
    When we go thru the applicants the only option is to accept or delete.
    What you are asking for would require additional work load for everyone.

    No, I mean they could revise their signup note before it's being reviewed, not after.
    As soon as the account is deleted, they can obviously re-signup with the same username.

    If the app cannot support that, consider including some emphasis and a link to this thread next to the signup note box.

    ServerFactory aff best VPS; HostBrr aff best storage.

  • mikhomikho AdministratorOG

    @yoursunny said:

    @mikho said:

    @yoursunny said:

    @mikho said:
    If you signed up to this community and your account/application hasn't been accepted, write something useful in the signup note instead of what you entered before.

    Would a provisional user have the opportunity to revise their signup note?
    This would allow a user who initially neglected it but then sees this thread to keep their desired username, and reduce the amount of account deletions administrators have to do.

    No.
    When we go thru the applicants the only option is to accept or delete.
    What you are asking for would require additional work load for everyone.

    No, I mean they could revise their signup note before it's being reviewed, not after.
    As soon as the account is deleted, they can obviously re-signup with the same username.

    If the app cannot support that, consider including some emphasis and a link to this thread next to the signup note box.

    Why revise?

    We don’t care about spelling or grammar errors. I am one of the worst in both areas ;)
    If you can’t be bothered to enter somewhat ”correct” information the first time, what say that it will be updated by the user while waiting for approval?

    If an applicant enters

    I like | I want | I care

    and there are 50 other accounts with the same text as the reason why they want to join, is it really there we should put our effort?

    the rule post will be updated (soon) and the discussion will be done in a separate thread, it will also have a small FAQ on things that are not rules but general, nice information to have.

    “Technology is best when it brings people together.” – Matt Mullenweg

  • mikhomikho AdministratorOG

    as a side note, there have been ~40 new applications since I started this thread.
    If an applicant has any issues, open a ticket at https://support.lowendspirit.com

    “Technology is best when it brings people together.” – Matt Mullenweg

  • cybertechcybertech OGBenchmark King
    edited June 2021

    how about an email validation link + captcha for new sign ups, it helps half the problem maybe.

    Thanked by (2)Wolveix yoursunny

    I bench YABS 24/7/365 unless it's a leap year.

  • FAT32FAT32 OG
    edited June 2021

    @cybertech said:
    how about an email validation link + captcha for new sign ups, it helps half the problem maybe.

    Email validation + Captcha is not really sufficient imo. I think we already have email validation on LES?

    The best way to prevent is just to make it manual approval. I remember there's once there's some spammers created a lot of accounts on OGF just to bash me. In addition to that it can also be invite-based, if someone repeatedly invited lots of spammers then the inviter account will also be banned.

  • mikhomikho AdministratorOG

    @cybertech said:
    how about an email validation link + captcha for new sign ups, it helps half the problem maybe.

    It looks like they can post to the activity feed and their profile before validating the email.
    that's where the spam goes, not as threads or posts, luckily.

    Thanked by (1)bikegremlin

    “Technology is best when it brings people together.” – Matt Mullenweg

  • mikhomikho AdministratorOG

    Added> @yoursunny said:

    @mikho said:
    If you signed up to this community and your account/application hasn't been accepted, write something useful in the signup note instead of what you entered before.

    Would a provisional user have the opportunity to revise their signup note?
    This would allow a user who initially neglected it but then sees this thread to keep their desired username, and reduce the amount of account deletions administrators have to do.

    added this message
    To help people understand that they actually have to enter something valid in the fields.
    The best alternative there is, instead of letting them update their answers.

    Thanked by (3)yoursunny webcraft Ganonk

    “Technology is best when it brings people together.” – Matt Mullenweg

  • good job Sir <3

    Thanked by (1)mikho
  • visualwebtechnovisualwebtechno Hosting ProviderOG

    Email validation is good and added captcha is nice one sir

    Thanked by (2)mikho vimalware
  • YmpkerYmpker OGContent Writer
    edited June 2021

    Speaking of which: https://www.theregister.com/2021/06/16/alibaba_tabao_scraped_data_leak/

    "Alibaba suffers billion-item data leak of usernames and mobile numbers"

    It only gets worse😅 Data leaks, Spam, Abuse...

    Thanked by (1)vimalware
  • So if a user just say: "because the deals dude!" or "because shit and giggles" , will he/she get denied?

    This is not a good way to handle this, imho. Legit users could still use VPN and create different accounts with believable inputs and later use that for spam.

    If bots is the issue, CF blocking bots and the recaptcha with some modest difficulty should be enough.

  • mikhomikho AdministratorOG

    @Hxxx said:
    So if a user just say: "because the deals dude!" or "because shit and giggles" , will he/she get denied?

    This is not a good way to handle this, imho. Legit users could still use VPN and create different accounts with believable inputs and later use that for spam.

    If bots is the issue, CF blocking bots and the recaptcha with some modest difficulty should be enough.

    There are certain patterns that we are actively blocking. Some phrases, as the ones you mentioned is not blocked (probably shouldn’t give this away).

    As posted earlier in this thread, captcha is already in place but still we had a couple of thousand signups before it was stopped.

    What we had to stop was the automated bot signups. If a user wants to use a VPN and signup for a second or third account, go ahead.

    If spam is posted, it will be delt with when it happens.

    “Technology is best when it brings people together.” – Matt Mullenweg

  • MasonMason AdministratorOG
    edited June 2021

    @Hxxx said:
    So if a user just say: "because the deals dude!" or "because shit and giggles" , will he/she get denied?

    This is not a good way to handle this, imho. Legit users could still use VPN and create different accounts with believable inputs and later use that for spam.

    If bots is the issue, CF blocking bots and the recaptcha with some modest difficulty should be enough.

    If it looks like a human typed it, then they'll get approved (both of your examples, I'd approve). Very primitive and certainly open to abuse like you mentioned, however, the current protections were not preventing the bots from signing up -- both CF blocking bots and recaptcha enabled. The bot accounts are even verifying their email addresses as well (coming from a slew of different domains).

    There's no conceivable way that I can think of to prevent users from signing up that intend on spamming, but put in some sort of legitimate text/reason for signing up. But these one-offs can be quickly caught and dealt with. The issue we were having is that hundreds of accounts would sign up within an hour window and start posting links in the activity feed to random places, making cleanup quite time consuming.

    I'm open to hearing alternatives, but for now this is our best defense and has been working well since it took effect. If we notice that the bot accounts move on to a different target, we'll open back up registration to simple email verification rather than admin approval.

    Edit: Looks like @mikho beat me to a response ;)

    Head Janitor @ LES • AboutRulesSupport

  • I thought user reg had always been moderated.

    That'z because, when I registered, @Goldfish deleted my account even before it was approved.

    ♻ Amitz day is October 21.
    ♻ Join Nigh sect by adopting my avatar. Let us spread the joys of the end.

This discussion has been closed.