Forum Update: July 2023

[Jon Matcho]

We recently had a wave of spammers that slipped through the anti-spammer registration system. Several spam accounts were created, seemingly manually as required to join the forum, and made several off-topic posts. These posts have since been deleted and the accounts banned and flagged as spammers. The registration process has also been made a bit more thorough by requiring another set of human input fields when signing up.

Using this moment as an opportunity to enhance forum security in general, signing into the forum now requires using the email address associated with your account (instead of logging in using your display name). This reduces the possibility for a bad actor to "attack" an account to gain access. While this has not happened, it's best to stay a step ahead when it comes to securing member information.

Thank you,

Jon

 

[zolotiyeruki]

Thank you for your efforts in keeping the forum running, Jon!

[Marc Zeitlin]

Now if you would only require people to provide their real name and address in order to join and post, that would decrease spam to zero, as it is on the COZY list.

[Jon Matcho]

Two things I don't understand (or at least am amused by):

1. Folks' aversion to giving their full name here (and other places on the Internet), but freely do so on data-mining sites such as Facebook.
2. Marc Zeitlin. I've put this point forward more than once to you -- that you could easily be tricked into allowing a spammer onto your list. Should I put a bounty out to prove you wrong?

[Marc Zeitlin]

1 hour ago, Jon Matcho said:

1. Marc Zeitlin. I've put this point forward more than once to you -- that you could easily be tricked into allowing a spammer onto your list. Should I put a bounty out to prove you wrong?

So the guy that's had multiple (like, 10's to 100's) of spammers infiltrate and piss all over this forum, due to NOT requiring real information or manual addition of members, is telling the guy that's been running the COZY mailing list for 28 years that you COULD trick me into allowing a spammer on my list, even though it's never happened ONCE in the 28 years of the list's existence?

I just want to understand correctly - is this what you're attempting to say?

The facts seem to show otherwise - at least, that it's not "easy".

[Jon Matcho]

1 hour ago, Marc Zeitlin said:

So the guy that's had multiple (like, 10's to 100's) of spammers infiltrate and piss all over this forum, ...

There has been a few times since 2003 that spammers managed to get past the automated verification system and make fake posts. When it happens, members report the content, and it's quickly removed and the spam accounts are banned.

1 hour ago, Marc Zeitlin said:

...due to NOT requiring real information or manual addition of members, ...

You clearly have no idea how many accounts are attempting to get created here every day by scammers/bots. Considering the Canard Zone has over 4,500 valid member accounts (sure, some folks are anonymous, do not post, have passed away, etc.), spam prevention has been successful by Internet standards. There is not a single piece of spam or phishing content present on the Canard Zone.

If your point is that the COZY mailing list is great and the pinnacle of communication and collaboration technology, we'll just agree to disagree on that point.

1 hour ago, Marc Zeitlin said:

...you COULD trick me into allowing a spammer on my list, even though it's never happened ONCE in the 28 years of the list's existence?

I just want to understand correctly - is this what you're attempting to say?

Yes, that's what I have said to you over the years when you feel compelled to repeatedly bring this topic up. A spammer could absolutely trick you into allowing them to join and subsequently spamming your membership. It's not worth it for spammers when compared to other avenues, and it's not worth the academic argument to me either.

Did you ever think that providing one's full name, physical address, and phone number is NOT a feature? Some folks are more private than others and there's absolutely nothing wrong with that.

[Marc Zeitlin]

So what happened to the latest "anti-spam" protection? Doesn't seem to be working...

[Jon Matcho]

1 hour ago, Marc Zeitlin said:

So what happened to the latest "anti-spam" protection? Doesn't seem to be working...

For those that missed it, a spammer got through the registration process this morning. The spam account has been flagged, banned, and all spam content has been deleted (was visible for only ~30 minutes). We're once again back to a zero spam state on the forum.

Taking a cue from @Marc Zeitlin I actually added a manual review step to personally review each new registration request since the last spammer flare-up. The spammer in this case filled out all the right information to indicate they were a human, etc. Having rejected several obvious spammers since the last event, this user fit the bill as legitimate (at least based on my standards from this morning). I manually approved the user, got some coffee, and came back to a flood of nonsense posts.

The platform provider is experiencing the same issues with their entire client base, which includes many recognizable corporate entities. They're working on improvements for their September release which will help some: https://invisioncommunity.com/news/invision-community/new-spam-prevention-features-r1284/

Looking forward I am going to add additional required fields and a question or two in order to validate genuine interest in canard aircraft building. At this point I am still not going to require phone numbers and physical addresses (although these are optional). I am also considering having a new member's first post requiring approval before allowing that member to become an official member, as is the case for the Canard Zone sponsored email lists on groups.io. To do this, I could use a few volunteers that would be moderators here.

Any thoughts and feedback are welcome. Thank you all!