Ok, what is up with this? We have over 1000 more users than we have threads, and, taking into account all the nonregistration threads, I'd say we have one maybe two thousand members who bothered to write up a character registration. That means 6000 Or more that haven't. What's up with that? I'm confused.

Y'know, this is spooky. Because I've been thinking about this for about three or four days now, haha.

I always thought that there was some degree of the population of Althanas that was unregistered always used it as a place to read and spelunk in rather than write for. Nothing wrong with that of course, but it seemed like a reasonable explanation at the time. But I bet if you got a mod or admin to sit around and watch the traffick of althanas for about a week, he or she could tell you more about the amount of people that come back to read based on their activity and watching their IP address.

Its not an exact science, but it could tell you whether or not there really is a recurring audience for some of the writers here.

We actually have a lot of bots registered. You can't post anything until you register, after all.

Y'know, this is spooky. Because I've been thinking about this for about three or four days now, haha.

I always thought that there was some degree of the population of Althanas that was unregistered always used it as a place to read and spelunk in rather than write for. Nothing wrong with that of course, but it seemed like a reasonable explanation at the time. But I bet if you got a mod or admin to sit around and watch the traffick of althanas for about a week, he or she could tell you more about the amount of people that come back to read based on their activity and watching their IP address.

Its not an exact science, but it could tell you whether or not there really is a recurring audience for some of the writers here.

Yeah, I suppose, but 3/4ths of the population due to some rough estimating? Also, if they are just going to read, Why bother becoming a member?

Also, Karuka? What do you mean by bots?

Bots are automated spam machines basically. They're essentially autonomous software, that trolls message boards, registers a username, and post advertisements. They are annoying.

What's spooky is clicking through the "Members List" and going through literally pages of usernames that have 0 posts, 0 exp, no avatar, etc.

I don't think it's just a bot thing though, I think there are also a lot of people who register a name and then never use it, never come back, or whatever.

Yeah, I suppose, but 3/4ths of the population due to some rough estimating? Also, if they are just going to read, Why bother becoming a member?

I was referring to the people who never registed, Edward. But you do have a point.

just checked. 1350 registration threads Including the character update threads.

I've registered on a couple of different RP sites that I never got around to profiling or posting on. Call us the fickle site-hopping hobos. We're only REALLY a problem when we start taking usernames the real RPers want . . .

You guys are about 20 years too late for any sort of new insight on this situation.

Member purge!

Might not be a bad Idea. Just be careful with it, as I'm sure there are some people who created a useename and just haven't had the time to use it.

Leave it to max to start a revolution. :rolleyes:

Many new amateur writers register a character, since they feel attracted to the concept of this forum. But maybe because they are not dedicated enough, or actually don't "find the time" to actually come up with ideas, at-least at the top of their heads they just leave it alone, for the "future" when they may have time. but they just end up forgetting.
Some other don't get many people to get to quest with them, probably because some of their plots are seen as more than old clichés and their writing style is poor. Noobies are neglected. :O

But, the great majority are bots (http://www.althanas.com/world/showthread.php?p=102611#post102611).


We're only REALLY a problem when we start taking usernames the real RPers want . . .


Holy bejeisus. You don't know how pissed I was when I found out that "Poseidon" was already taken, and that it didn't even have ONE single post, I might have gone for Neptune but that's the zomby-guy's profile. So now I had to add the little annoying ~ thingis.

"Poseidon" (that fucker) (http://www.althanas.com/world/member.php?u=2505)- Tell me if that isn't messed-up.

Sometimes It seems like all we get nowadays are bots.

It might seem like it, but there are always still new members trickling in who take the time to create a registration thread. They certainly are not arriving by the thousands, or even the hundreds...or even the dozens at that, but they are there.

I've always liked the idea of a member purge, just to clean out some of the clutter, but the idea is dangerous. I wouldn't really want anyone to automate the process, because one slip of the keystroke can be all it takes programming wise to suddenly purge all of us and not only piss off a lot of people, but also make a big mess.

I think if someone were to go through one by one and delete usernames that meet a certain criteria, say:

1) Has been registered for longer than 30 days.
2) Has 0 total posts.
3) Has no avatar.

That would be good. Someone registers a name and doesn't use it at all within 30 days? They can always register it again. 0 posts is 0 posts, and if you aren't doing anything with the username then why keep it? I included the avatar bit because I feel that someone who takes the time to assign a picture to their username, no matter how unrelated or bizarre said picture might be, shows that they at least care a little bit.

That all said, will it ever happen? Probably not. Going through and purging in a manner like that would be a major time investment, and it's not really fair to expect the site staff to take time out of their days to do something like that.

Afterall, the abundance of neglected usernames doesn't really negatively influence the site so much as to make a purge a necessary action.

Could you at leasr purge the bots?

The most difficult part about that is that sometimes it's very hard to tell what's a bot and what isn't before it posts. I know... I've killed over 200 bots myself on another site. I'd make the criteria 6 months, not 30 days, though.

Why are there so many bots anyways? I can't remember, but isn't there an option like those distorded numbers and letters, to avoid auto created acounts?

There should be.

Why are there so many bots anyways? I can't remember, but isn't there an option like those distorded numbers and letters, to avoid auto created acounts?

There should be.

I mentioned this before, and it is indeed the reason why they keep coming.

Wrong. I run a site that uses Captchas (those disordered or funky letters and numbers) and we still get at least three spam bots a day. On a site as well-known or popular as this one, that number is probably higher. It doesn't stop the bots... it just slows the stupider ones down.

Any little bit helps, right now the current stance is "ignore them" but it doesn't take a whole lot of effort to make a difference.

http://ask.slashdot.org/article.pl?sid=06/04/07/2059226

Don't use phpbb, vbulletin or whichever other forum software everyone uses. Don't name your registration page "register.php" or something similarly easy to guess. Don't give your username and password fields name and id attributes of "username" and "password". Etc, etc. There is no security in obscurity, but there sure as hell is lots of convenience and freedom from automated harassment.

The rewards for writing scripts that can handle the subscription process for all the big software packages are simply too large. Yes, these software packages will now start up the arms race, same as has happened with weblogs and email and referer spammers (does anyone else have the feeling we've won that last one, btw?). You can try and follow along and update your forum software every other day. But it's much more convenient to simply duck under the radar. Chances are no spammer is going to bother figuring out how to register at your custom-built/modified forum.


Or would you like another question ?

Keep this as simple as possible. "What color is the sky?" is about the level you are looking for. A bot won't be able to answer these unless it is specifically programmed to. Need I say you should serve a random question?

For bonus points on this one, make the questions something to do with the topic of the forums. If the forums were about widgets, you could ask something (really basic) like "What is the most common color of widget?". Or make come of the questions about the TOS. You know, the thing everyone checks the box saying "I agree to abide by the TOS". This may alienate some people, though, which you may or may not want. Also remember to consider non-native English speakers.

But why stop there? Be even more proactive! Set up a honeypot. Disallow a certain directory with robots.txt, and ban all IPs that find their way there. Include an invisible link to the disallowed location and see what falls in the trap. Remember that blacklist you started earlier? Add (and share) these IPs!


You seem to already be using a CAPTCHA [wikipedia.org], but you could switch to a different one. Everytime you switch, the bot-writer has to update his code. This is annoying for him but is no big deal for your users, since they are humans and can pass whatever simple visual test you give them. You might also consider making small changes to the HTML of those "make new account" pages. It's likely that that bot is making many assumptions about how your page is organized. Changing the names of forms (or having random names), or changing subtle things about the layout (things that a human wouldn't even notice, but which would break an HTML parsing program that was expecting your page to be organized in a certain way) are also good ways to slow down the bots. Make the HTML obfuscated. Include bogus hidden forms, for instance.

It goes on, but it's not hard to stop them. If the admins really cared enough and decided to put forth some effort, they could implement any number of measures. Otherwise, like I said, it's a moot point and an issue that's been around for 20 years.

People who don't understand spyware often complete the Catchpas normally, and then the spyware relays it to a database where all of the possible catchpas are stored and therefore used by bots to bypass the system.

I brought it up with Serilliant, and he said we used a catchpa until it proved ineffective.

And I believe the epidemic is pertaining to vBulletin, or atleast, message boards in general. We're still trying to come up with something to bypass them, but you guys don't have to worry about much of the spam getting through.

The only forums that are outside of our spam filter are the OOC ones. I've seen a few spams come up in the Intro/Outro forum, but anywhere else is caught automatically.

But on the subject of members, I would like a membership purge.

30 days, 0 posts, no avatar is good. I'd even narrow it down to fewer days, because if you're going to do something, you might as well do it quickly. I've never registered an account without the profile already made. And it's not like you can't re-register the account if it gets deleted.

But again, its an aesthetic issue. It'll be done when there's time and will enough to plow through it.

I can provide some insight into the various things brought up in this thread.

First, with regards to junk registration (bot or otherwise), it is almost entirely impossible to stop them. The major reason is that many of these so-called 'bot' registrations are not bots at all, but are real people who sign up for the forum and either post their spam themselves, or, at that point, begin using an automated script. Further, CAPTCHAs at this point are almost entirely ineffective. I have gone back and forth on various new technologies, and see practically no change in the level of junk registration.

The issue must be weighed in the context of member convenience versus bot inconvenience. If CAPTCHAs were successful in stopping spam, they would still be an annoyance to legitimate members. Seeing as CAPTCHAs are, in fact, not successful, I do not see any persuasive reason to begin using them.

Further, the new 'question' system was effective for a while until those started being defeated by bots as well. You know all the porn sites you frequent that require you to answer questions or solve CAPTCHAs? More often than not, you're helping a bot defeat a spam defense system.

Renaming pages from their default is an option, of course, but only slows bots and does not stop them. True, a great many simply try the default page first, but tend to go to the home page and sniff links if the default didn't work. Plus, renaming pages after a site is established is a surefire way not only to break links, but also confuse Google and other linkers. Again, not worth it.

I assure you that bot registration has nothing to do with the administration's "lack of care" or refusal "to put forth some effort," but the simple fact that spam is unavoidable. We have many mechanisms in place to slow the tide, but automated procedures can only do so much. This is why we have a living, breathing staff to take care of things.

As far as a membership purge, I will mention that this is on the books. vBulletin has an integrated system to prune members, but it breaks on the volume that we need. I am planning to run a direct MySQL query to dump junk users, but the inherent risk in such an act and the inconvenience of doing it repeatedly has influenced me to wait until the next version of vBulletin which will come bundled with better ways to stop bot registration.

Our current stance is absolutely not "to ignore them." We rely on complex algorithms that I have custom coded to meet the needs of Althanas. They work well, but again, any automated system can be defeated. It is the vigilance of a hard working staff which keeps the impact of spam very minimal. Our policy is and always will be that the comfort and convenience of our membership is paramount.

How's this idea, Serilliant?

Send a computer virus back to the Spambot's IP. Crash the drive once and for all!

Fwahahahaha!!!

*ahem*

What about the issue with an invisible link that only Bots can see, though? I'd like to see if that works. :)

Wow. 3 pages? Didn't think it was going to be such a big issue when I made the thread.

I do wonder about that one too, Advent, but your other idea is a bit more permanent... And Evil.

By the way, ever notice how a lot of the bots have either names that advertise thier company/product or names that stand out in some other way? I think that should be another criteria. A user named Valehu is a lot more likely to roleplay than a user named viagra-cheap.

Sadly, both usernames exist.

And then someone who really loves Pepsi will try to register the username ILovePepsi and find themselves wondering why they can't. Setting criteria for usernames would do far more to inconvenience members that it will to stop bots.

The point is, there is no silver bullet for stopping bots. You could implement every form of bot-stopping technology available today and tomorrow "EnlargeYourJunk23" will be posting all about male enchancement in the Citadel.

point taken.

Crap, posted under wrong username, Well, I guess the secret is out. I am Edward.

Everyone knew you were Edward when they saw your signature. Stalker.

What about my siggy made it so obvious?

And what do you mean by stalker? I don't see anything wrong with wanting to keep one of my characters secret?

rofl. A couple of your characters have signatures pertaining to Witchblade.