Jump to content


Photo

Hard registration questions, hacked content, malevolent players


  • Please log in to reply
9 replies to this topic

#1 Superduper

Superduper
  • Boomus Fidelis
  • 6,078 posts
  • LocationSomewhere over the rainbow, USA

Posted 20 April 2017 - 10:51 PM

About a week ago, I received a question on www.AnalogAlley.com regarding someone in LA who wanted to have their M70 fitted with one of my light kits but needed someone to install it for pay.  I suggested he ask this on our forum since I know we have some members in SoCal area and who might be better able to help being local and all.  He responded quickly and said that he actually tried to register a week before but couldn't get past the "hard" questions.  I suggested he try again and just refresh the questions until an easy one popped up that he could answer.  I see we have such a topic asked a few days ago so I presume he was able to successfully register an account.  Bear with me here, and keep this in the back of your brain for the moment.  

 

So I'm going back and thinking about a previous topic regarding "tough" registration questions becoming a hurdle to registration.  

 

Anyhow, a few days ago, I see on my other website www.wikiboombox.com (in case some of you don't know that I also run that website) that some new comments were added to some pages since the last time I logged in to check.  Most visitors don't know that comments aren't public until they are reviewed and either approved or rejected.  In any case, a couple were approved and the rest were rejected because they weren't real comments but rather, idiotic spam links.  

 

Fast forward to today, Google sends me a message telling me that our site was hacked and sent me a sample of the page (our Faq's page) and that results would be accompanied with a warning message that the site may contain hacked content.  In researching this issue, I looked at the side/side comparison of what google sees and what the public sees.  To me, the content looked the same.  So I then reviewed the page source code and found hundreds of embedded spam links.  Dammit!  Ok, what I figured out was that probably the same idiot who left those other stupid spam comments also defaced that page as well, but how!?  Ok a bit more sherlock and I figured out that they added the links via my sites "suggest a question" feature for adding Faq's question.  As in the other example, any submissions would have to be approved before they would be made public so nobody can see the links anyhow, but the page itself keeps a record of the "invisible until approved" submissions.  By using my admin control panel, I was able to reject and remove all of the spam links... you know, the viagra, bitcoin, muscle enhancer, cheep insurance, etc type spams so ubiquitous nowadays.  Anyhow the solution to prevent further such abuses are that I disabled the "suggest question" feature of the faq's page, and I also changed the site permissions to now require visitors be registered in order to leave comments.  It's too bad since it requires visitors to login in order to do this, but then again, it takes far too much time to constantly police these bad actors who have nothing better to do in their lives than to program malicious robots to go and deface others websites in order to try to gain some click for pay pennies at someone else's time expense.  Imagine trying to delete hundreds of these links one at a time (takes quite a bit of time due to server latency).  Anyhow, those links while actually innocuous because they can't be seen since they haven't been approved, yet google analyzes the pages and when they see these links (which are obvious spam, even to google) consider the site hacked because they actually compare the current page to previous versions of the page in their archives which did not have those spam links.   After the corrections, I notifed google of the fixes and changes but their review will take a few weeks and until then, if our Faq's page shows up in a google search (not likely someone will google our faq's page) will have a warning about potential hacked content but only on the Faq's page.

 

I recall going back to the beginning when I first launched the website, that I got a bunch of people complaining about registration was too hard (actually it worked fine but the user never waited for the server to respond which takes about 2-3 seconds) before clicking register again.  This resulted in a username already taken response but in reality, it is taken but only because the first click attempt was already successful.  I had users register a dozen different usernames (all successful) before seeking assistance thinking none worked.  Then there is the "passcode".  It is clearly given in the registration Faq's and is done to prevent spambot registrations.  To this day, I still get requests for the "passcode".  Then there is the constant barrage of spam emails.  You guys don't get them of course but the admin usually does.  We need to weed through these all the time.  If I get a slew of them, then I need to review our action recorder and note the IP's.  Those that sent spam will have their IP #'s added to our hosting services blocked IP feature so they can't access our website anymore, at least not using the same IP address.

 

The point of all this is that going back to the "hard questions" comments that pop up periodically, all I can say is that the general public doesn't understand how much time it takes to run a website and these hurdles are put into place to restore some sanity into the administration of a site.  I don't personally know how much time Bobby invests in Boomboxery but challenge questions on website submissions and registrations are common in order to ensure that the submission is performed by an actual human.  How intelligent that human hurdle is I guess will depend upon how hard the challenge is, lol.  Robots can submit entries in a rapid-fire machine gun speed that a webmaster could literally spend all of his time policing and removing these entries and never win.  After all, who is faster, a tireless computer automated to run these malicious scripts or you and your fingers and mouse?  I had hoped at one time to allow wiki entries by anonymous users on our website in order to build up the database, but the fear of constantly policing defacing villains deterred me.  Now, even comments and suggestions features needed to be disabled because a single abuse episode could result in a weeks long process to restore a google indexing issue (not to mention the countless hours lost to these spam abusers.)  Bad people and actors exists in every walk of life, unfortunately this is a sad truth of life that I am reminded of every day.  As long as I'm able, I'll continue to fight them until I no longer have the mental energy to continue.  Anyhow, may these miscreants rot in helll.

 

 

 



#2 Fatdog

Fatdog
  • Administrators
  • 9,807 posts
  • LocationMiddle Tennessee, U.S.A.

Posted 20 April 2017 - 11:55 PM

I can certainly sympathize with you, Norm.  Even with the "hard" question(s) required for Boomboxery, there are still a few who are able to join, only to start posting rubbish, nonsensical content.  Then there are those who actually succeed in creating accounts, but never activate them.

 

Maintenance on any website can be time consuming for sure.  Luckily, I have coded some "helper" functions specifically for Boomboxery that I execute occasionally.  It speeds things up and helps alleviate some of the headache.



#3 blu_fuz

blu_fuz
  • Moderators
  • 9,965 posts
  • LocationWI

Posted 21 April 2017 - 07:15 AM

I must be smart. Not only was I invited here, BUT I also got all these hard questions right.

 

 

Sorry to hear you are trying to sift through all the BS to clean up your sites. Some people just have nothing better to do I guess....



#4 Fatdog

Fatdog
  • Administrators
  • 9,807 posts
  • LocationMiddle Tennessee, U.S.A.

Posted 21 April 2017 - 09:08 AM

I must be smart. Not only was I invited here, BUT I also got all these hard questions right.

a7e.jpg



#5 im_alan_partridge

im_alan_partridge
  • Members
  • 2,863 posts
  • LocationLondon, England.

Posted 21 April 2017 - 12:49 PM

I don't recall those questions being her when I first registered but I have seen them since.

 

Norm (and Bobby), I feel your pain, you must need the patience of a saint to run a website. It really does seem that with every year that goes by the Internet is just getting more and more malicious.



#6 Superduper

Superduper
  • Boomus Fidelis
  • 6,078 posts
  • LocationSomewhere over the rainbow, USA

Posted 21 April 2017 - 05:32 PM

There are some crime shows that I watch on ION television, the forensic files, etc.and these are supposed to be real life cases recreated or dramatized for TV.  The indifference that some of these criminals show when they perpetrate crime is so disturbing.  Sometimes, killing people just for a little bit of money.  In my life, my background, my culture, my faith, teaches us as much as possible to be good people.  It just bothers me so much when someone, some organization, deliberately creates a program and sends it out into the web in search of websites to hack and deface for the sole purpose of installing links that might garner then a penny or so for each click.  All the while, these bots crawl the web wreaking damage.  I mean, how long do they think that these links will persist before discovery and then correction?  And in the course of creating these robots, the general damage that they cause at the expense of others....  it's like someone breaking a car window to steal 2-quarters sitting on a dash.  Theft of the quarters is in and of itself a crime, but the indifference to the collateral damage imparted in perpetrating the crime is the biggest sin of all.  How can one not care about doing harm to others for minimal profit?  

Anyhow, I was just beefing about these immoral and indifferent cretins out of frustration since it happens all the time and seems like it's a never ending battle.  The biggest irony of all is that my e-commerce site analogalley doesn't suffer nearly as much problems as the wiki site which is there simply for the benefit of the world audience.  I don't make any money on that site at all but I do know that it gets a lot of traffic, far more than my e-commerce site so the information we have displayed there is obviously being put to good use.  If the hit counter at the old s80s site is to be believed, I think we probably get as many hits in a day as they get in a year (or several years).

 

But also I just wanted folks to know what is involved in running a website, especially a not for profit one, and to appreciate what they have.  So yeah, Thanks Bobby for doing this, without profit motives.  And if anyone grumbles about any minor details, tell 'em Norm says just stuff it, lol.



#7 hopey

hopey
  • Members
  • 131 posts
  • LocationMelb AU

Posted 21 April 2017 - 05:39 PM

The internet is broken, and no one to fix it.

#8 docs

docs
  • Members
  • 1,415 posts
  • LocationUnited Kingdom

Posted 22 April 2017 - 01:14 AM

Wherever money can be made, crims are gonna do whatever it takes to get it, whatever it takes.
I blame those companies for promoting click link payments because without that shiat, websites would no longer be a target.

#9 restocat

restocat
  • Members
  • 825 posts
  • LocationNew Mexico, USA

Posted 02 June 2017 - 09:49 AM

The internet allows wise men to be interrupted by fools.

Perhaps I need more covfefe in the morning before I post, but what I am trying to say is: Let us know if we can help in any way.

#10 Vintage Man

Vintage Man
  • Members
  • 398 posts
  • LocationOSHAWA ONTARIO CANADA

Posted 03 June 2017 - 04:00 AM

I know that a great collector and friend out in PA Ernie Marody has tried to join but mentioned the same thing about hard questions. So has not been able to join as of yet. What can these hard questions be that you can't just Google the answer with your Android phone?