New Registrations

[Soro Dagostino]

I continue to get these unidentified request for activation. Soooo, I think I'll just let them in to the forum. Unless we make the applicants provide some identity and person, how else can one decide if it is a real person, or just a bot?

[Pip Torok]

I continue to get these unidentified request for activation. Soooo, I think I'll just let them in to the forum. Unless we make the applicants provide some identity and person, how else can one decide if it is a real person, or just a bot?

I do hope you're joking, Soro!

There must be standard vetting procedures around. In an email/newsgroup era, this particular bugbear has been around for at least twenty years.

Google awaits your [re]searching ...

Pip Torok

[Cindy Ecksol]

I continue to get these unidentified request for activation. Soooo, I think I'll just let them in to the forum. Unless we make the applicants provide some identity and person, how else can one decide if it is a real person, or just a bot?

Soro, the goal here is to keep the forums open to serious participants and closed to spammers. I'd say that anyone who registers with the SL name they use in CDS can be given full access. Reject all others -- these forums can be read by anyone, but we only want citizens to post, right? If not, then expand the criteria to say "Any SL name" can be given access. That's easy enough to check.

If you reject someone because the name they provide is not on the citizen list (or not an SL name if we want any SL person to participate) then sooner or later they'll come around asking why they can't get on the forums and you can explain it to them. Better yet, take a look at Aliasi's "How to register and get approved: a step by step guide" at http://forums.slcds.info/viewtopic.php? ... 815#p14725 and update it to make your criteria clear. Anyone who registers and doesn't meet your criteria can be summarily deleted.

Another alternative for sorting out bots and spammers from real people is to put everyone who registers on "moderation" until they've made their first post. That means that the first time someone tries to post, you (as moderator -- or whomever you ask to assist with this and appoint as co-moderators) would have to read the post and approve it before it goes out to the forum. If it's spam, you can delete both the post and the offender. If it's not spam, you can release the post to the forum and take the poster off moderation. This is how I manage several other forums I moderate. It's not too much trouble, and it's saved us from a whole lot of spammers. You can set this up easily: just change the options for new subscribers to "Moderated". Once you do that, you no longer have to deal with requests for authorization -- you can allow everyone to be authorized automatically. You'll only have to deal with someone the first time they post...and many will never post at all. Shouldn't be a big deal.

Cindy

[Gwyneth Llewelyn]

When I have the time, I just delete them They're usually easy to figure out, they have typical "spam email addresses". When there is a serious doubt if some of those registrations are actually from valid SL residents, I check them up on SL's search to see if they correspond to valid usernames... I might have deleted some "real" resident once or twice, but, so far, I got no complains...

So delete them all, Soro hehe

[Cindy Ecksol]

LOL! I love this! Soro says "Let them all in" and Gwyn says "Delete them all!"

What to do, what to do?

Cindy

[Callipygian]

LOL! I love this! Soro says "Let them all in" and Gwyn says "Delete them all!"

What to do, what to do?

Cindy

Since this topic is on the Agenda for discussion at this weekend's SC meeting , we'll get back to you on that Cindy

Calli

[Gwyneth Llewelyn]

If we had unlimited time, patience, and programming skills available, we could certainly create a patch to phpBB to check if a username is actually a valid Second Life user, automatically. This would still allow people to register if they happened to have a name that exists as a SL resident...

An alternative, which would be bullet-proof, would be to have an in-world booth (not unlike what we have for the voting system). Touch it, and you get registered with your avatar name on the forums, and get a password back. I actually did precisely that for WordPress sites... but that's because WordPress has a very modular approach to plugins, while phpBB isn't that flexible.

[Gwyneth Llewelyn]

Hmm. phpBB 3.X seems to have a simpler way to deal with external authentication methods. It's probably worth a try. Do we have any volunteers?

[Callipygian]

Hmm. phpBB 3.X seems to have a simpler way to deal with external authentication methods. It's probably worth a try. Do we have any volunteers?

Hi Gwyn

'Simple' *coughcough* - everything is relative, yes? I have no real understanding of anything on that page- but I think it might say that it can authenticate using an external database of names ( SL usernames in this case). That does cover SL users who use their SL username to register. Many in the past have used some shortened form (mine is just Callipygian) but easy enough to require that username match, inworld and in forums.

Since the Forums are open to non-SL users - and those are usually the ones that we can't identify - can 2 methods of authentication be in place? If so, can the second do something like send an e-mail to the e-mail address given and only authenticate if a response is received? If not, does it offer any simple/automatic way to authenticate non SL users?

Personally, I take your approach - if the email given is a long string of random letters, or contains a product name, I just delete. A few that have used names and e-mails that seem 'normal' I have sent an e-mail asking them to confirm their interest in the Forums. Of maybe a dozen e-mails I've sent over time, I've never received a reply LOL.

We'll still address this at the meeting for now, but if some automatic way like this is viable to put into place sometime soon that would be great

Calli

[Gwyneth Llewelyn]

Well, it's not exactly "authenticating with an SL name" — Linden Lab doesn't allow that, sadly (God knows for how many years we have asked them for that functionality!) — but the "safest" method could indeed be just like our current voting booths: touch an in-world object, and it sends the avatar name to the forums (for registration) and sends back (via IM) a temporary password, which you can use to log in. This would be not so easy as just going to a Web page, type your avatar name, and get authenticated, but at least it would be completely fool-proof.

The alternative is to allow Web-based registration but check if the login name is a valid SL resident's name (this is very easy to check). Unfortunately, that system, while a bit simpler for potential subscribers to this forum, can be easily subverted. I mean, I could use as login name "Rod Linden" for registration and it would be acceptable Worse: a spammer could just pick a random existing SL resident name to get access to the forums, and there would be no way to know who is behind that name.

Unfortunately, the "best" method — type your avatar's SL name and your SL password and get authenticated by LL — is simply impossible. LL doesn't provide any mechanism allowing that to happen As said, we've been asking them for that (imagine how much it would simplify things!) but LL fears serious security issues (imagine a "fake" website created just to catch SL passwords that way!) and thus never implemented a mechanism allowing it to happen.

When I asked for "volunteers" is just that we are lucky to have some very good programmers living in the CDS Timo, for example hehehe

[Moonrise Azalee]

phpbb has mods to deal with spambots. There are also enhanced drag n drop Image cAptcha's to help. I run phpbb, mybb and SMF forum and each has different ways of handling things via different mods.

A manual way is http://stopforumspam.com ... simply enter the IP , email or username of the requesting user into the Search window and it will tell you if it's spam. Before I had my mods that is the method I used.
Also, I 'think' phpbb has permission settings.. so anyone with less than a certain amount of posts, you can opt to have their posts moderated, so their post won't appear until you okay it.

However there is a REAL problem with spambots outside of them simply posting irritating advertisement... many are created to check/scan for email addresses. Therfore, they will scan member lists for any available email addresses and then spam them, or even more annoying, take that email address and send out mail from that address or register on other sites with that address. Nasty things!