Forum access

The spam merchants are on the doorstep.

What can be done to restrict access?

Would it be possible to moderate all new accounts?

With exceptions that still moderated users would be allowed to post normally from RISC OS browsers, and also allowed to start and post in their own thread in community support.

That would cut out spam from most of the fora, without a serious impact on users, if moderation was slow.

RISC OS browsers? Cuts out people using Firefox on a PC (as you must admit that we’re lagging a little in that respect), not to mention mobile devices (I’ve writing this on an Android phone). Also liable to fail if a user has diddled the UA string for shonky websites.

Might be easier to say that new users will initially get their posts moderated, and if they seem okay and logical, that can be dropped after a couple of posts.
It is, unfortunately, a growing problem. On my ARMwiki, I’ve disabled all edit access until user has mailed me. Not ideal and not very wiki, but I don’t have time to be a full-time admin and spam is annoying. It’s a sort of pollution.

I guess we’re now into Web3.0.

Web1.0 – everything is open and beautiful. [Web for geeks.]
Web2.0 – everything can have a price tag. [Ooh shiny!]
Web3.0 – everything that is open can make me money. [Jaded monotony.]

<sigh>

Would it be possible to moderate all new accounts?

Are you offering to be a moderator? ROOL could do without inventing even more work for ourselves. Mind you, deleting spams and spammers’ accounts is also work I could do without…

Perhaps you could have a pool of moderators, and whomever logs in, gets requests. It would only need the moderation of the first 5 posts, before approval.

The RO browser / Own thread in community support, would mitigate the possible problems caused by a delay in moderation.

An unapproved person could still ask for help.
Genuine RISC OS users would be allowed.

If we get to the stage that spammers start using RISC OS to get around this, then that would be a cause for celebration I think.

Perhaps you could have a pool of moderators, and whomever logs in, gets requests. It would only need the moderation of the first 5 posts, before approval.

The question is how many people are willing to spend time checking posts on a regular basis?

The RO browser / Own thread in community support, would mitigate the possible problems caused by a delay in moderation.

Too easy to modify the agent strings and pretend to be a RO browser. Reading the details of such blocks discussed here means the use of them is trivial to bypass.

An unapproved person could still ask for help.

I am asking for help and I’m not a spammer, I would like to sell you these few things if you help me…

Genuine RISC OS users would be allowed.

As above on the agent spoofing

If we get to the stage that spammers start using RISC OS to get around this, then that would be a cause for celebration I think.

The question is how many people are willing to spend time checking posts on a regular basis?

More a case of can you get enough people to do it on an irregular basis, to provide reasonable continuity?

I wouldn’t mind if when I logged in it asked me to check a posting or two. Especially if the page was well thought out.

Too easy to modify the agent strings and pretend to be a RO browser. Reading the details of such blocks discussed here means the use of them is trivial to bypass.

Not trivial compared to the end result. If they are actually reading a site to find this out, they would also know that isn’t a site that would respond to pyjama adverts. There is also the issue of finding out valid strings, and you could also add geographic checks.

I am asking for help and I’m not a spammer, I would like to sell you these few things if you help me…

I think it would be better to risk spam in the community support forum, than make people wait to be approved. Moderatators could still be asked to moderate all the allowed exception posts. (And such spam would be removed.)

How difficult would it be to add a “report abuse” button next to topics/posts so that ANYONE with enough credibility on the forums could censor the spammers ? I saw this implemented in other forums I go to.

I saw this implemented in other forums I go to.

Speaking as a “Global Moderator” on another forum I inhabit, when a person “Report spam”s a message, a link is emailed to me. If the post is still live (there are other moderators, we all get the notification), then I read the message and if it is spam I can delete either the message or the entire topic. If the user has posted something unpleasant, or spambombed, I then need to note down the user ID and PM the forum admin to delete the user’s account (I can look up user info but don’t have privs to delete anybody).

The solution that seemed to be working (for now!) is to harden security. Run the latest versions of stuff, drop in captchas and the like (this site has an interesting one where you solve a problem in one textinput but leave a second textinput empty). Because moderating, although it can only take say 2 minutes to deal with; 2 minutes times 30 spams is… pushing an hour.

Does anybody know how the forum operates? I notice it is dated 2006 below (which is an ETERNITY for on-line stuff) and clicking on “Beast” takes me to a domain parking page.
You might be interested in looking at “Altered Beast”? Perhaps hang it off /forumtest for a while to see if it works/is liked ?
https://github.com/courtenay/altered_beast/

More a case of can you get enough people to do it on an irregular basis, to provide reasonable continuity?
I wouldn’t mind if when I logged in it asked me to check a posting or two. Especially if the page was well thought out.

OK. So that’s Rick, Jess and myself effectively volunteering by chipping in on the “someone ought to…” comments.

Other “volunteers” speak up and let the ROOL guys know they can work on code instead.

NB. For those selecting: Being told I don’t need to do anything never offends. :)

Yeah, count me in.

I’m up for it too.

I don’t post a lot, but I read a lot!

I can lend a hand too, though I don’t connect very often

I too read regularly, but post little.

Right, lots of volunteers for moderation, which is great! All we need now is someone to help be the ROOL webmaster – ideally someone with lots of UNIX and Ruby on Rails skills. Andrew H seems to have a lot of other stuff going on and is finding it ever harder to put time into the ROOL site. Which means any changes to the forums (or anything at all) are likely to stall until we have someone with those skills available to implement them.

ummm… I have quite a bit of UNIX and Linux skills, my RoR skills aren’t so great, but I can easily set up a QA/UAT environment to test everything etc. first…

Or migrate off ruby ;-) [that wasn’t a serious suggestion]

Or migrate off ruby

I don’t care what the site runs. The trick, of course, is migrating all of the content and data…

I need to develop a theme for drupal that is “Risc OS” i.e. netsurf compatible anyway.
Migration isn’t hard….just depends how time consuming on where/how the data is stored.
I’ll do a RISC OS theme, then set-up the forum etc. and take it from there.
If anyone else wants to get it done in the mean time I don’t mind at all, in fact that would be great. As it’s something I’ve been meaning to do for awhile – so the work is useful for me anyway.

Migration isn’t hard….just depends how time consuming on where/how the data is stored

He, he. The site does tend to say (at the bottom of the page) what OSS the various bits are using. Beast, Typo, Collaboa, Instiki, etc. So migration involves figuring out what the database format is for each of these and creating some sort of export/import scripts to migrate all of the data across. We migrated the documentation (wiki) across in the past from one wiki to another and there was a large amount of work fixing-up the hundreds (probably thousands) of wiki pages due to differences in Textile dialect.

There’s also quite a lot of custom stuff – e.g. the Ruby behind the downloads pages which generates the page given a directory of files, some icon PNGs and some descriptions in Yaml format. Then there’s lots of things like the Bounty page(s) which has a whole thing there integrating with PayPal to track how much is donated into each pot (plus some auto-redistribution for if we retire a bounty).

It’s probably a much bigger job than you’d first imagine. And just when you get it all working, some of the OSS projects you built it all upon will cease development…

Well if there was to be a migration, migrating the forums first and then performing a migration a step at a time would be my suggestion.
The custom stuff isn’t exceptionally hard, as I said it’s probably just time consuming – always the killer!

The main issue with ruby is the number of developers against say php.
Drupal is my personal favourite, it has a lot of modules… e.g.
http://drupal.org/project/donate

The main issue with any software is you have to maintain it regularly…otherwise you end up with a big pain all in one go.
And regular maintenance needs time….but at least products like drupal, joomla, mambo etc. have some big backers (drupal especially) so they are unlikely to go away soon.
Also they are php based so the likely-hood of getting someone to update it is vastly increased.

Just my opinion, I could be wrong etc. etc. ;-)

Newly-registered user “merryflip” is spamming the forum:

https://www.riscosopen.org/forum/forums/5/topics/1301

Perhaps we should contact support@xflip.com or sales@xflip.com just to confirm they don’t do a RISC OS version.

Clobbered.

Another candidate for clobbering: aaronasxx

For example:
https://www.riscosopen.org/forum/forums/2/topics/1357

(Is there a proper way to report spammers?)

Another candidate for clobbering: aaronasxx

Preferably in person, with a large mallet. And then stab ‘em with a katana. Finally, finish ’em off with a rocket-launched chainsaw.
[note: we’re running on rule-of-cool here, it doesn’t have to make sense]