About a week ago, I received a question on www.AnalogAlley.com regarding someone in LA who wanted to have their M70 fitted with one of my light kits but needed someone to install it for pay. I suggested he ask this on our forum since I know we have some members in SoCal area and who might be better able to help being local and all. He responded quickly and said that he actually tried to register a week before but couldn't get past the "hard" questions. I suggested he try again and just refresh the questions until an easy one popped up that he could answer. I see we have such a topic asked a few days ago so I presume he was able to successfully register an account. Bear with me here, and keep this in the back of your brain for the moment.
So I'm going back and thinking about a previous topic regarding "tough" registration questions becoming a hurdle to registration.
Anyhow, a few days ago, I see on my other website www.wikiboombox.com (in case some of you don't know that I also run that website) that some new comments were added to some pages since the last time I logged in to check. Most visitors don't know that comments aren't public until they are reviewed and either approved or rejected. In any case, a couple were approved and the rest were rejected because they weren't real comments but rather, idiotic spam links.
Fast forward to today, Google sends me a message telling me that our site was hacked and sent me a sample of the page (our Faq's page) and that results would be accompanied with a warning message that the site may contain hacked content. In researching this issue, I looked at the side/side comparison of what google sees and what the public sees. To me, the content looked the same. So I then reviewed the page source code and found hundreds of embedded spam links. Dammit! Ok, what I figured out was that probably the same idiot who left those other stupid spam comments also defaced that page as well, but how!? Ok a bit more sherlock and I figured out that they added the links via my sites "suggest a question" feature for adding Faq's question. As in the other example, any submissions would have to be approved before they would be made public so nobody can see the links anyhow, but the page itself keeps a record of the "invisible until approved" submissions. By using my admin control panel, I was able to reject and remove all of the spam links... you know, the viagra, bitcoin, muscle enhancer, cheep insurance, etc type spams so ubiquitous nowadays. Anyhow the solution to prevent further such abuses are that I disabled the "suggest question" feature of the faq's page, and I also changed the site permissions to now require visitors be registered in order to leave comments. It's too bad since it requires visitors to login in order to do this, but then again, it takes far too much time to constantly police these bad actors who have nothing better to do in their lives than to program malicious robots to go and deface others websites in order to try to gain some click for pay pennies at someone else's time expense. Imagine trying to delete hundreds of these links one at a time (takes quite a bit of time due to server latency). Anyhow, those links while actually innocuous because they can't be seen since they haven't been approved, yet google analyzes the pages and when they see these links (which are obvious spam, even to google) consider the site hacked because they actually compare the current page to previous versions of the page in their archives which did not have those spam links. After the corrections, I notifed google of the fixes and changes but their review will take a few weeks and until then, if our Faq's page shows up in a google search (not likely someone will google our faq's page) will have a warning about potential hacked content but only on the Faq's page.
I recall going back to the beginning when I first launched the website, that I got a bunch of people complaining about registration was too hard (actually it worked fine but the user never waited for the server to respond which takes about 2-3 seconds) before clicking register again. This resulted in a username already taken response but in reality, it is taken but only because the first click attempt was already successful. I had users register a dozen different usernames (all successful) before seeking assistance thinking none worked. Then there is the "passcode". It is clearly given in the registration Faq's and is done to prevent spambot registrations. To this day, I still get requests for the "passcode". Then there is the constant barrage of spam emails. You guys don't get them of course but the admin usually does. We need to weed through these all the time. If I get a slew of them, then I need to review our action recorder and note the IP's. Those that sent spam will have their IP #'s added to our hosting services blocked IP feature so they can't access our website anymore, at least not using the same IP address.
The point of all this is that going back to the "hard questions" comments that pop up periodically, all I can say is that the general public doesn't understand how much time it takes to run a website and these hurdles are put into place to restore some sanity into the administration of a site. I don't personally know how much time Bobby invests in boomboxery but challenge questions on website submissions and registrations are common in order to ensure that the submission is performed by an actual human. How intelligent that human hurdle is I guess will depend upon how hard the challenge is, lol. Robots can submit entries in a rapid-fire machine gun speed that a webmaster could literally spend all of his time policing and removing these entries and never win. After all, who is faster, a tireless computer automated to run these malicious scripts or you and your fingers and mouse? I had hoped at one time to allow wiki entries by anonymous users on our website in order to build up the database, but the fear of constantly policing defacing villains deterred me. Now, even comments and suggestions features needed to be disabled because a single abuse episode could result in a weeks long process to restore a google indexing issue (not to mention the countless hours lost to these spam abusers.) Bad people and actors exists in every walk of life, unfortunately this is a sad truth of life that I am reminded of every day. As long as I'm able, I'll continue to fight them until I no longer have the mental energy to continue. Anyhow, may these miscreants rot in helll.
So I'm going back and thinking about a previous topic regarding "tough" registration questions becoming a hurdle to registration.
Anyhow, a few days ago, I see on my other website www.wikiboombox.com (in case some of you don't know that I also run that website) that some new comments were added to some pages since the last time I logged in to check. Most visitors don't know that comments aren't public until they are reviewed and either approved or rejected. In any case, a couple were approved and the rest were rejected because they weren't real comments but rather, idiotic spam links.
Fast forward to today, Google sends me a message telling me that our site was hacked and sent me a sample of the page (our Faq's page) and that results would be accompanied with a warning message that the site may contain hacked content. In researching this issue, I looked at the side/side comparison of what google sees and what the public sees. To me, the content looked the same. So I then reviewed the page source code and found hundreds of embedded spam links. Dammit! Ok, what I figured out was that probably the same idiot who left those other stupid spam comments also defaced that page as well, but how!? Ok a bit more sherlock and I figured out that they added the links via my sites "suggest a question" feature for adding Faq's question. As in the other example, any submissions would have to be approved before they would be made public so nobody can see the links anyhow, but the page itself keeps a record of the "invisible until approved" submissions. By using my admin control panel, I was able to reject and remove all of the spam links... you know, the viagra, bitcoin, muscle enhancer, cheep insurance, etc type spams so ubiquitous nowadays. Anyhow the solution to prevent further such abuses are that I disabled the "suggest question" feature of the faq's page, and I also changed the site permissions to now require visitors be registered in order to leave comments. It's too bad since it requires visitors to login in order to do this, but then again, it takes far too much time to constantly police these bad actors who have nothing better to do in their lives than to program malicious robots to go and deface others websites in order to try to gain some click for pay pennies at someone else's time expense. Imagine trying to delete hundreds of these links one at a time (takes quite a bit of time due to server latency). Anyhow, those links while actually innocuous because they can't be seen since they haven't been approved, yet google analyzes the pages and when they see these links (which are obvious spam, even to google) consider the site hacked because they actually compare the current page to previous versions of the page in their archives which did not have those spam links. After the corrections, I notifed google of the fixes and changes but their review will take a few weeks and until then, if our Faq's page shows up in a google search (not likely someone will google our faq's page) will have a warning about potential hacked content but only on the Faq's page.
I recall going back to the beginning when I first launched the website, that I got a bunch of people complaining about registration was too hard (actually it worked fine but the user never waited for the server to respond which takes about 2-3 seconds) before clicking register again. This resulted in a username already taken response but in reality, it is taken but only because the first click attempt was already successful. I had users register a dozen different usernames (all successful) before seeking assistance thinking none worked. Then there is the "passcode". It is clearly given in the registration Faq's and is done to prevent spambot registrations. To this day, I still get requests for the "passcode". Then there is the constant barrage of spam emails. You guys don't get them of course but the admin usually does. We need to weed through these all the time. If I get a slew of them, then I need to review our action recorder and note the IP's. Those that sent spam will have their IP #'s added to our hosting services blocked IP feature so they can't access our website anymore, at least not using the same IP address.
The point of all this is that going back to the "hard questions" comments that pop up periodically, all I can say is that the general public doesn't understand how much time it takes to run a website and these hurdles are put into place to restore some sanity into the administration of a site. I don't personally know how much time Bobby invests in boomboxery but challenge questions on website submissions and registrations are common in order to ensure that the submission is performed by an actual human. How intelligent that human hurdle is I guess will depend upon how hard the challenge is, lol. Robots can submit entries in a rapid-fire machine gun speed that a webmaster could literally spend all of his time policing and removing these entries and never win. After all, who is faster, a tireless computer automated to run these malicious scripts or you and your fingers and mouse? I had hoped at one time to allow wiki entries by anonymous users on our website in order to build up the database, but the fear of constantly policing defacing villains deterred me. Now, even comments and suggestions features needed to be disabled because a single abuse episode could result in a weeks long process to restore a google indexing issue (not to mention the countless hours lost to these spam abusers.) Bad people and actors exists in every walk of life, unfortunately this is a sad truth of life that I am reminded of every day. As long as I'm able, I'll continue to fight them until I no longer have the mental energy to continue. Anyhow, may these miscreants rot in helll.
