(old)Puppy Linux Discussion Forum

Its been an hour now and I still haven't received my password in my email when I tried to register to contact B.K.

The registration for the forum at about the same time, was instantaneous.

Does not look like ..

I am bot Posted on 8 Feb 2014, 13:29 by gungsukma
Barry should use REAL CAPTCHA.

Comments disabled Posted on 7 Feb 2014, 22:10 by admin
Comments are disabled again, hopefully temporarily.

I am bot Posted on 7 Feb 2014, 12:09 by x6255
Barry should use REAL CAPTCHA.

I am bot Posted on 7 Feb 2014, 12:10 by x5565
Barry should use REAL CAPTCHA.

Smeagol I guess ..

Yes, I disabled registration again.

That "person" used a "disposable" email address to send more pornographic comments.

I see, the Contact Me page also needs registration. I didn't think that was disabled though.

efia, the author of pe_pplog, might be running out of enthusiasm, modifying pe_pplog to fix my security problem.

In which case, I might borrow a "Perl 101" book from the library, and have a go myself. I have ideas how to fix the problem, just lack Perl coding ability.

Good luck. Too bad there's no way to trace it back to the source.

That "person" used a "disposable" email address to send more pornographic comments.

Good luck. Too bad there's no way to trace it back to the source.

Isn't that also a 'nice' part of the 'Net-Security' everyone is asking and looking for, like anonymous surfing, anonymous access (to what the web provides) etc.pp.?

I think, the web should be closed/locked permanently for such tools and also persons!

I added some fixes to the registration process and uploaded it on github.
Alas, if he really wants to be destructive there are ways around this. Even if he just registers via valid email addresses and then spams.

Anyway, if anyone feels like having a look, the code is here: https://github.com/efiabruni/tree/comment_registration

I think, the web should be closed/locked permanently for such tools ...

I have friends who are activists, these "tools" are important, we are lucky to have them!

Hi efiabruni ,

My understanding is almost zero, but I wonder:

* would it be possible to place all comments in a holding directory so that BarryK could review them and then delete them or transfer them if, as and when he may have time to review them?

and/or.

* could BarryK appoint say, six or ten trusted moderators from various time zones to delete any "unpleasant" comments?

My regards and thanks for supporting BarryK

Would it be better to have text-only comments? Barry could still put pictures in his original posts.

Yes, there are various extra steps.

If one of the legitimate email providers is used, they can be notified. That provider can also be blacklisted.

Possibly we could have a whitelist, only allow certain email providers that have a rigorous registration process.

Or, BB-code can be disabled in comments. Which is what I might do if the fellow persists.

Efia did originally suggest to me that a good method would be for me to approve each registration. At the time, I didn't like the idea, because it would mean more work for me. But rethinking it, it might be a good solution.
Perhaps instead of sending the password to the new registrant, the email could be sent to me, with the username and email address, and I can forward it if I approve -- or request further identification from them if I am suspicious.

...perhaps that could be an optional extra security precaution.

It might at least limit the damage if someone who had just registered were allowed to post only one time until a moderator cleared him to post more than that. If the moderator still wasn't sure, he could adjust the count so the new member could post x more times without further control. It's easier to remove just one offensive post than a whole bunch of them scattered all over the website.

BarryK wrote:... Possibly we could have a whitelist, only allow certain email providers that have a rigorous registration process...

There are blacklists of email accounts [& IP addresses] used for spamming, e.g. ... http://www.stopforumspam.com/
They are mostly gmail accounts, i.e. gmail's rigorous registration via mobile [cell] phone can be defeated.

That "person" used a "disposable" email address to send more pornographic comments.

Looks like is he using the forum now, to do such things.

User treeair did sent pornographic picture to me by pm.

Treeair's account has been disabled.

Thanks.

But now comes in mind:

- I did not sent the image and/or pm to you (I immediately removed it), so you could not proof.

How to do next time?

I'm just asking because without something to proof (image, pm etc.) everyone could just say user x has done y - and he might be banned, even if it would not be the truth.

RSH wrote:

That "person" used a "disposable" email address to send more pornographic comments.

Looks like is he using the forum now, to do such things.

User treeair did sent pornographic picture to me by pm.

I got one also, have not deleted it yet.

I wonder if the forum has in place any information capturing, such as the fellow's IP address?

RSH wrote:User treeair did sent pornographic picture to me by pm.

Unfortunately, I received one, too.

Regards...