Hi all,

I wanted to get all of your advice on something. We were recently hit by a spam attacker. These people have been logging into the system and taking advantage of our free community.

I don't know what other kind of lame attempts these idiots will do to clutter the Internet with useless garbage, but, it has affected us here now.

My question to you is this.... Should we lock down the website and require a little more from our members before they can use the site? For instance, we always allow anonymous users to browse the site and read the information. If I was to lock it down a bit more, users would be required to log-in before they could view the information. (accounts will always be free)

On that same note, I am considering that users must participate in the club (posts, contributions, links, images, etc) before they can use our PM system and other advanced features.

Anyway, let me know what you think about locking our site down a little bit more. I want to keep this a friendly and free place. But, I don't want to be taken advantage of by spammers if we can help it.

-- Mike

Mike, obviously everyone is going to have different opinions on this but I think a little more security would be benificial.

I agree with what you have suggested as far as logging on and some participation being required. Those of us that enjoy the site will always log on if required to.

I have changed ISP's to get rid of spam and did not think it would happen through the PM system, but the way things are going with spam blockers and the like this is probably a good way to avoid all those things.

Alan.

Mike, How hard would it be for you to set up some kind of check on registration to make sure it's actually a human who is signing up? ie something similar to what most secure sites have (such as paypal) where a picture is generated with letters and numbers and the user must copy what they see into a text box.

I do not think restricting user functionality is a good idea. New users should be able to access the PM system IMHO.

I am considering that users must participate in the club (posts, contributions, links, images, etc) before they can use our PM system and other advanced features.

I like this idea Mike.

I agree with Alfadog it shouldn't be too hard to set up some sort of automatic generation blocker by using an image so the user actually has to sign up manually. Obviously someone is always gonna be able to get around it but I don't think we should lock things down it makes it harder for users to see what's on the site before signing up.

I know that when i look at a site I sign up based upon the information i can see first. So many sites these days have bulletin boards and you end up sending your email to all of them just because you might want 1 piece of information.

I don't think we should have to go and lock everything down based on 1 attack on the PM system.

I can see both sides of the coin but eventually someone will be able to bypass the new security settings and all you've done is make it harder for legit people.

How about a 5 question multiple choice Z history test, as part of the sign up process?

The answers would be common knowledge to most z car enthusiasts, and those that didn't know the answer could do a little searching to find the answers. Something others may not bother doing unless they really wanted to join up.

Thats sounds good

Mike:

I think it is probably reasonable to expect some participation in the site prior to allowing PMs. Just make it fewer than my post count....

Steve

I think the participation factor is important.

Mike, How hard would it be for you to set up some kind of check on registration to make sure it's actually a human who is signing up? ie something similar to what most secure sites have (such as paypal) where a picture is generated with letters and numbers and the user must copy what they see into a text box.

I do not think restricting user functionality is a good idea. New users should be able to access the PM system IMHO.

Good ideas... But, I have to admit that we already have a graphic verification just like the Paypal system. It requires that a person matches up the graphic letters/numbers and re-type them into the verification field. Apparently these guys have found a way to beat that system. To me, these are incredibly talented programmers, or a bunch of dumb-asses that sit around creating bogus registrations all day. We weren't the only site that was hit. Apparently they've been doing this on all automotive sites. For some reason, they feel that it is necessary to hack into legitimate systems to spread the word about their rally. I am *STILL* trying to figure out where people get this kind of time. The money can't be that good. I guess they could have employed $1/hour people from India to do the work.

ANYWAY, enough of my bitching... I also have email verification to assure that people registering are actually human. Every member on this board is required to verify they exist through email before they can participate.

So, between image verification and email verification, they have managed to tell all of our members about some lame website. Thousands of programming hours just to send something out that will be deleted. What a waste.

I will put some lockdowns in the system soon. New members will not be able to use the PM system until they've contributed to the site in some manner. And, if these hackers find a way to post messages in the forums automatically... I have them by the balls.

-- Mike

<SNIP> I will put some lockdowns in the system soon. New members will not be able to use the PM system until they've contributed to the site in some manner. And, if these hackers find a way to post messages in the forums automatically... I have them by the balls.

-- Mike

I agree the access to the PM system should be limited to "partisipants" in the club.

What balls? IMO they have none. If they did, they'd be exercising them instead of putzing around annoying people with their spam.

I like the quiz idea, like what year was the first 240 produced, and what displacement (in liters) is a 260Z, just simple questions like that. And enable guests that are actually willing to sign up could google the info (or we can have a thread on it "hidden" somewhere). I think this would weed-out the people are aren't really interested in the club and just signing up for some odd reason, and it would eliminate non-human spammers (or at least add another road block for them to program through). To keep it interesting, we could change the quiz questions every month or so, so the programers would have to re-program all the time and eventually realize it ain't worth the hassle.

I think the PM limiting thing is good, too. Say 10 posts before you can use the PM system? No more than 15 posts I think.....

BTW- Mike, did you ban the members we have turned in on the other thread about the bogus PM's?

Dave

interesting ideas, however i have to disagree with a few points. with the z history test, some people come to this site to learn about the z, not just because they know everything about the z and want to be know it alls ....

also, with the participation factor, a lot of people come to this site to read the wealth of information that we have at the excellent site. if we were to make it so that people are REQUIRED to post, we'd be seeing a BUNCH more "use the search function, n00b" posts on this site.

also, if we require people to register on the site befoere they can read information, granted we will turn away a lot of pople, but that won't really solve anything; in order for people to PM they have to sign up anyway.

in short, i think that the system is fine the way it is. granted, we may have a few rotten apples out there that will try and abuse the system and SPAM us on our site, but i think that turning people away is more hurt than help. i'm willing to put up with the occasional spam PM if you are.