LES User signup changes effective immediately
Due to a recent spam attack, the user registration has changed to "Approval", meaning it could take some time to get approved and able to post.
If you signed up to this community and your account/application hasn't been accepted, write something useful in the signup note instead of what you entered before.
Anything looking like a copy/pasted answer or if it looks spammy enough, your application has been denied.
@Mason and I have to clean up the mess it created.
This discussion has been closed.
Comments
Better than the spammy OGF
Would a provisional user have the opportunity to revise their signup note?
This would allow a user who initially neglected it but then sees this thread to keep their desired username, and reduce the amount of account deletions administrators have to do.
No.
When we go thru the applicants the only option is to accept or delete.
What you are asking for would require additional work load for everyone.
That is why this post is readable by everyone, even not signed in users.
https://clients.mrvm.net
No, I mean they could revise their signup note before it's being reviewed, not after.
As soon as the account is deleted, they can obviously re-signup with the same username.
If the app cannot support that, consider including some emphasis and a link to this thread next to the signup note box.
Why revise?
We don’t care about spelling or grammar errors. I am one of the worst in both areas
If you can’t be bothered to enter somewhat ”correct” information the first time, what say that it will be updated by the user while waiting for approval?
If an applicant enters
and there are 50 other accounts with the same text as the reason why they want to join, is it really there we should put our effort?
the rule post will be updated (soon) and the discussion will be done in a separate thread, it will also have a small FAQ on things that are not rules but general, nice information to have.
https://clients.mrvm.net
as a side note, there have been ~40 new applications since I started this thread.
If an applicant has any issues, open a ticket at https://support.lowendspirit.com
https://clients.mrvm.net
how about an email validation link + captcha for new sign ups, it helps half the problem maybe.
I bench YABS 24/7/365 unless it's a leap year.
Email validation + Captcha is not really sufficient imo. I think we already have email validation on LES?
The best way to prevent is just to make it manual approval. I remember there's once there's some spammers created a lot of accounts on OGF just to bash me. In addition to that it can also be invite-based, if someone repeatedly invited lots of spammers then the inviter account will also be banned.
"Humanity is f*cked up" - Jay
It looks like they can post to the activity feed and their profile before validating the email.
that's where the spam goes, not as threads or posts, luckily.
https://clients.mrvm.net
Added> @yoursunny said:
added this message
To help people understand that they actually have to enter something valid in the fields.
The best alternative there is, instead of letting them update their answers.
https://clients.mrvm.net
good job Sir
https://microlxc.net/index.php?p=deploy
Email validation is good and added captcha is nice one sir
█ VisualWebTechnologies.com - Your Hosting, Our Responsibility!
█View Offers ( cPanel/DirectAdmin & Reseller Hosting Offers )
Speaking of which: https://www.theregister.com/2021/06/16/alibaba_tabao_scraped_data_leak/
"Alibaba suffers billion-item data leak of usernames and mobile numbers"
It only gets worse😅 Data leaks, Spam, Abuse...
Ympker's Shared/Reseller Hosting Comparison Chart, Ympker's VPN LTD Comparison, Uptime.is, Ympker's GitHub.
So if a user just say: "because the deals dude!" or "because shit and giggles" , will he/she get denied?
This is not a good way to handle this, imho. Legit users could still use VPN and create different accounts with believable inputs and later use that for spam.
If bots is the issue, CF blocking bots and the recaptcha with some modest difficulty should be enough.
There are certain patterns that we are actively blocking. Some phrases, as the ones you mentioned is not blocked (probably shouldn’t give this away).
As posted earlier in this thread, captcha is already in place but still we had a couple of thousand signups before it was stopped.
What we had to stop was the automated bot signups. If a user wants to use a VPN and signup for a second or third account, go ahead.
If spam is posted, it will be delt with when it happens.
https://clients.mrvm.net
If it looks like a human typed it, then they'll get approved (both of your examples, I'd approve). Very primitive and certainly open to abuse like you mentioned, however, the current protections were not preventing the bots from signing up -- both CF blocking bots and recaptcha enabled. The bot accounts are even verifying their email addresses as well (coming from a slew of different domains).
There's no conceivable way that I can think of to prevent users from signing up that intend on spamming, but put in some sort of legitimate text/reason for signing up. But these one-offs can be quickly caught and dealt with. The issue we were having is that hundreds of accounts would sign up within an hour window and start posting links in the activity feed to random places, making cleanup quite time consuming.
I'm open to hearing alternatives, but for now this is our best defense and has been working well since it took effect. If we notice that the bot accounts move on to a different target, we'll open back up registration to simple email verification rather than admin approval.
Edit: Looks like @mikho beat me to a response
Humble janitor of LES
Proud papa of YABS
I thought user reg had always been moderated.
That'z because, when I registered, @Goldfish deleted my account even before it was approved.
♻ Amitz day is October 21.
♻ Join Nigh sect by adopting my avatar. Let us spread the joys of the end.