Banned From Forum !!!

[rgt247V2]

Hi

  I have just had to re register with this forum because I had used a gmail email account.

I was rgt247 on here but when I logged in today I had a message saying I was banned because I used a gmail email.

Is there any way to become rgt247 again ?

Why was there no notice of this change ?

How many more people has this affected ?? Or was I unlucky ?

In the registration process it says gmail emails are fine ?

So say I am upset is the understament of the year !!!!!!!!!!!!!!   

[Lance]

This is odd - I'll check what is going on.

[Lance]

You should be fine to return to your original username now - an incorrect ban on gmail had been put in place. Sorry for the inconvenience.

[rgt247]

Cheers Lance 

Now working fine !!! Logged in as rgt247 fine now !

Here is pic of the message I got while trying to log in.



[attachment deleted by admin]

[Simon]

At least we know the full ban works!   

  for your trouble, Rich. 

[rgt247]

Thanks Simon.. 

The ban works fine....

My account seems to be back to normal....

[Rik]

Sorry about that Rich, I put the ban on before having to dash out - not a good practice. Mea culpa. 

(Unfortunately, ban is the only term SMF knows...)

[talos]

Whats wrong with Gmail then ?

[Lance]

There is currently a number of attacks being made against forums, and a common factor is the person/bot registers with a gmail address!

[zappaDPJ]

Earlier in the year Gmail's CAPTCHA system was cracked by spammers which means bots can be used to automatically sign up for gmail.com e-mail addresses. The same thing happened to Windows Live Mail. The result is that the spammers are then able to use bots to register with forums using the e-mail addresses and fill them with spam. The ultimate aim is to boost search engine rankings. google XRumer and you'll get a better explanation.

Unfortunately this has lead to many forum administrators banning any attempt to register a new account with these e-mail addresses. I'm also fairly sure that the addresses are now throttled in some way which means they tend to have slow or in some cases no delivery to the destination address.

[talos]

Thanks for the info, I had no idea.

[g7pkf]

Rik you naughty boy.

ok ban GMAIL but give users a bit of notice so they can "change" there email account.

naughty naughty boy 

[Lance]

Existing users with gmail aren't shouldn't be affected 

[somanyholes]

captcha has been dead for a while now..... Human or bot,it was bound to fail

http://blogs.zdnet.com/security/?p=1835

[Rik]

Time to start banning Indian IP addresses.

[g7pkf]

you could even be really nasty and lock it to idnet only.

just like there website publishing.

wish they would open that up i have a 1Gb internet connection at my disposal at our company datacentre in london.

And guess who looks after it 

[Rik]

We wouldn't do that, Dean, as people often join to get a 'feel' for IDNet before joining. Limiting to the UK might be something we have to consider eventually, but I hope it doesn't come to that.

Can I share a bit of your connection, pretty please. 

[g7pkf]

we do colo in there with 10Mb internet (up and down with unlimited usage) thrown in to the deal.

and as standard allow 5Amps draw.

cost is open to negotiation.

10Mb internet on its own is £250 month

[zappaDPJ]

As things stand at the moment it is still possible to allow forum registrations via free mail address and still block spam attempts. The three procedures I use are these.

1/ Install reCAPTCHA http://recaptcha.net/ Although some people claim otherwise, I've yet to see proof that this more robust CAPTCHA has been cracked in terms of bot registrations.

2/ Set a question and answer that does not rely on general knowledge. Bot registration software is quite adept at cracking general knowledge questions by brute force as of course are human farmers where the question has an obvious general knowledge answer. 'Which ISP do these forums belong to' is probably a more robust question that the one currently set. Bots will fail to crack it and human farmers are likely to answer 'idnetters'.

3/ Steps 2 and 3 should stop all spam registrations but if they fail at a later date administrator activation on new registrations is always there as a backup.

[Rik]

We constantly review the registration process, Zappa, and try to find a balance between access and security. Our primary concern is to allow IDNet customers to join and post immediately, and the email address should not be a limitation for them.

Admin activation would be a last resort for us, as it's dependent on a member of staff being available whenever someone has a problem and wants to join.

[Simon]

To be fair, it's actually very rare for spammers to register, or even try to register here.  As Rik said, we don't want to lock down so firmly, that it inhibits genuine new members from joining and posting.

[zappaDPJ]

Well I've not seen a single spam post here so those procedures are certainly working 

Some of the forums I administrate are continually bombarded by bots attempting to register. I've yet to determine why this is although I suspect it may be lead by the forum software used rather than the rankings or content type. vBulletin seems to be particularly high on the list at the moment.

[Rik]

It's certainly been the case in the past that some forum software was prone to spammers. We've tried to be proactive in how we deal with things, though we've been caught once or twice, though never for very long.

[Simon]

We used to use PhpBB on Pals, and that was a nightmare for attracting bots.  I used to spend more time dealing with them than I did on the forum, and it got to the stage where we were forced to use admin approval for registations.  Switching to SMF rectified the situation over night.

[Rik]

Did I mention we were thinking of a move to PhpBB, Simon? 

[Simon]

You wouldn't be the only one moving! 

[Rik]

 

How was it for you? 

[Simon]

Bowel, rather than earth!

[Rik]

[Simon]