Took 2 days and 2 email addresses to open account

[greyday02]

Those stupid capchas or whatever they are are worthless! Why don't you use 2 stage verification and just send random codes to account email each time someone logs in. My doctor uses it and they have far more reason to guard security. If you want to prevent spam have a limit of 10 posts per day per account. It would be far less aggravating.

[Arthmoor]

I agree that captchas are next to worthless, but 2FA isn't any better for defending against spam when the package we're using may as well not have actual spam defense.

Setting a post limit per day won't help either. Bots generally don't post floods, they post one or two messages at a time and hand off to the next bot to continue.

As far as email accounts, there's a thread posted with information about certain ISPs who block all email coming from a site without regard to the legitimacy of it. Such as AT&T and t-online.de. Both of whom literally expect you to PAY them to get off of those lists. That's a scummy practice no matter how you slice it and most hobby level sites like this one aren't going to be able to afford the absurd amounts they want.

[jbrianj]

The only "good" way to prevent spam is to require a form of verification with added costs, such as phone(SMS) verification. But since Arthmoor does not make any money running this site, that is not an option. Authenticators don't work since bots can easily use an API to add 1000's of TOTP tokens to a database per second.

You could also do it like Gibberlings3 do on their forums: Require manual intervention to enable account. It's not perfect, but it does work better than CAPTCHA.

Edited February 14, 2023 by jbrianj

[Arthmoor]

Unfortunately we get far too many accounts registering to be able to spend the time manually activating them all. Even then, all the bots will do is wait for that to happen.

The bottom line is that it's an issue with the IPS package in general. It has no proactive spam defense. It's purely reactionary and doesn't filter based on content even when you do report a spammer to them. What they need to do is incorporate support for something like Akismet into the package so people can get an API key for that and use that service to defend the site. Akismet is wildly effective at preventing spam and is free to sites like ours that aren't commercially based. But so far IPS has expressed zero interest into adding support for it despite it being ludicrously simple to do so. So simple that I was able to do it as a sometimes PHP coder for our tracker and an old MUD forum I still maintain.

[greyday02]

Is there any way to contact the admins outside of a publicly viewed forum? I would like to recycle my first failed attempt to create an account. I never did succeed with that username/email address and had to use an entirely different one. Can it be erased?

[JohnnyBravo65]

Who the fck created these questions?

How should I know what is the X character that leads the Z guild in the Y game?

I am not from US to know who the hell was the 40th president.

This is ballocks! 

[Arthmoor]

Apparently not bollocks enough to prevent you from answering