Ban List

Discussion in 'Site Feedback' started by WillNever, Aug 5, 2010.

  1. WillNever Valued Senior Member

    The ban list is populated 90% by spammers. Why didn't you just delete their accounts or give admins the ability to do so? It seems pointless to continually ban the morons.
  2. Guest Guest Advertisement

    to hide all adverts.
  3. James R Just this guy, you know? Staff Member

    Keeping the names on file means they can't repeat with the same name.
  4. Guest Guest Advertisement

    to hide all adverts.
  5. Randwolf Ignorance killed the cat Valued Senior Member

    Does "keeping their names on file" require that they show on the ban list? If so, I can probably help you with that...
  6. Guest Guest Advertisement

    to hide all adverts.
  7. James R Just this guy, you know? Staff Member

    I'd be happy for them not to show on the ban list.
  8. Randwolf Ignorance killed the cat Valued Senior Member

    OK, I need to know who to talk tech with. Is this software hosted on Unix or Windows? (i.e. php / asp)

    Never-mind, look at the url address, duh...

    So, php / unix. Do you / anyone have access to the source? Someone who knows SQL? This should be an easy thing to do.

    For example, code all spammers with xxx-... preceding a ban message - filter out all ban messages starting with xxx-... (Left(banmsg,3="xxx"), or whatever, I can give you the exact code with more details)

    Do this when you execute the query for the ban list. Pretty easy, eh?
  9. James R Just this guy, you know? Staff Member


    You need to talk to Plazma Inferno!
  10. Randwolf Ignorance killed the cat Valued Senior Member



    Please let me know if I can be of further help, James...
  11. phlogistician Banned Banned

    It also means a bunch of decent handles are being Bogarted, and we should clear out users with a zero post count for the same reason.
  12. James R Just this guy, you know? Staff Member


    Not so sure about that. Consider, for example, the last few spammers banned:

    Buy Viagra 9 L
    ppt to dvd
    London escorts latin
    Cheap Auto Insurance
  13. Stryder Keeper of "good" ideas. Valued Senior Member

    It's possible to create a VBulletin "plug-in", this however requires a little swatting up on the how to apply the hooks and utilise the internal functions correctly, the alternative is just by accessing the RAW SQL Database with a script that runs through a CRON function. (Or triggered by a pseudo-cron event)

    The problem is that every user which is created by the software is given a "Unique Identifying Number", this numbers are iterated with each new user, so to just go in there and delete all the users that were spammers would cause gaps to appear in the Unique number list.

    Now that might not seem an issue to some, however if a piece of code was written to iterate for instance the Members list and iterates by each Unique Identifying number, when it gets to a "Gap" it's possible the code would break.

    So we are kind of stuck keeping the Users listed, however this does serve a purpose, for instance it can be cross check with other sites online to identify if a user is a spammer and where they've been banned, it's also a way to log the IP's of the users. (Although I still suggest that these IP's are only good for about 6 months after their last use as most prolific spammers are complained to the Internet bodies and usually lose their IP ranges in that time)

    As for any coding convictions for the site, I'm pretty sure that the site is just being maintained, currently there doesn't seem to be any real plan for evolution of the site in any form, which is saddening in a way. The only way to evolve the site currently would seem slightly mutinous by requiring a new site to be developed parallel to this one and then once it's functional and fully developed the "Keys to the car" can be handed over to the Sciforums owners to replace the current site. (I'd suggest the current one could then be placed into a non-posting archive state)

    I had been looking at the implementation of Open-ID for the use within the community, mainly because one of the main thoughts I had on the subject is not everyone is going to want to signup to yet another site or another iteration of the same site all over again, their information could be applied through an Open-ID source which would allow for future interations of the site and developed sub-sites to utilise this "Low security" method of identifying each user. Spammers will of course find a home grown site far more difficult to manipulate compared to mass marketed software.

    I've consistently asked if anyone was interested in developing a parallel implementation however I've yet to see any interest raised on the subject. I'd need some people on board that are familiar with project management and community development and would have to utilise the scivillage domains during development until the software becomes stable enough to be offered to the Sciforums owners as a replacement. (I'd suggest an Open-Source or GPL method of development)
  14. atheist Registered Member

    i had a spam accident when i make a thread because sciforums lagged out so i try to repost to and now i see 2, can a moderator please delete. leaving that up will only make me look like a noob (i pwn noobs btw lol).
  15. Stryder Keeper of "good" ideas. Valued Senior Member

    I should ban you, you dirty spammer...

    J/king, you posted at 10:30ish GMT, the forum has a bug that occurs at about that time which means you aren't the only one that ends up with duplicate posts or threads. It needs fixing before it breaks the site completely

    Please Register or Log in to view the hidden image!

  16. Randwolf Ignorance killed the cat Valued Senior Member

    Raw SQL is what I'm talking about. It would literally be a change to one line of code. An addition of approximately 10 words: WHERE db.field (does not contain), with "does not contain" being determined by which route you want use for filtering. (e.g. "xxx" not in db.ReasonForBanning, regex expressions, whatever.) The only additional change would be procedural to the staff by passing on simple instructions to mods, admin, etc - i.e. always include the word "spam" in your description, preface your description with "xxx", or whatever the case may be. This would satisfy the Functional Requirements as I understand them...

    There would be no change to the actual data, no loss of data, no change to any other code than that which displays the "ban list". While not necessarily perfect, this method would be extremely noninvasive and offer a high ROI. What's the downside? Let's assume a moderator forgets to preface the comment field with "xxx" as an example to illustrate:

    Oh, darn, one of the spammers shows on your ban list. Could be edited at a later date if anyone cares, but 90+% suppression is reasonable to expect for less than 15 minutes of coding. Reasonable ROI, don't you think?

    The whole point of modifying the "raw" SQL would be the ease of implementation without any learning curve associated with "swatting up" on where to grab the hooks or anything else to do specifically with VBulletin Plug-ins. Any programmer fresh out of school could write / amend the SQL as I have described, literally within 15 - 30 minutes. Does this make any sense to you, or am I missing a key part of the puzzle somewhere?

    Note: Not sure what you're going on about with the CRON stuff, why does this query need to repeat at intervals, without human intervention? I'm suggesting modifying the code that is contained within or redirects to "http://", and only that code. Please expound on this for me, or help clarify...

    There is no problem here - again, we would only be modifying a single line of code. This would be for display purposes only. There is no data deletion, hence no "gaps" in your data record numbers. Just won't happen. Nothing whatsoever changes within your data. If you disagree that there is not even a possibility of this happening we somehow have a failure to communicate...

    No you're not - I know better. If the powers that be want this done, it's trivial. As I mentioned before, 15 minutes. (Once you locate that particular line of SQL.)

    Great, scope creep. Always happens with every project. That's why we define the functional requirements prior to starting the project. Is this on the critical path, or is it a "nice to have"?

    OK, assuming this is required, we simply keep an identical copy of the existing .php page and run it on the side, whereas the users link to the modified version. Is this what you were referring to CRON for? Does this "ban list" run on its own at preset intervals? (http: //

    This is the actual problem, as I suspected in the first place, which is fine. This particular "evolution" would be extremely easy however.

    So we go from a ten word change in one line of code to a complete system migration? I'm sorry, you lost me there. This sort of thing is always nice to dream about, but talk about ""scope creep". Man...

    Great idea, and your security would no doubt be greatly fortified. On the other hand, again we are talking about additional major enhancements, turning this project from a minor task to a full blown rewrite.

    Ummm... Whenever I see this topic I mention Project Management and coding skills. It rarely seems to come up though, and I no longer code for a living. The exception would be if someone that is coordinating on a marketing project runs into a difficulty. I usually utilize MS Project. (I find it adequate for most tasks, but I have utilized other P.M. software as well - as Project Manager and as a resource)

    For coding, let's see...
    How about HTML, .asp, .php, Java, JavaScript, SQL, MSSQL, VB, DataFlex, (C and C++ - which I detest, but whatever), FORTRAN, COBOL, etc. I have coded in all of these, and more. A lot of the web stuff, but plenty of the other as well, I go back kind of a while, even made the transition from procedural to object-oriented. (That may sound odd, but it was a bitch after so many years of doing things the "old" way...)

    Please Register or Log in to view the hidden image!

    As to your other point, obviously you always run parallel systems if you're doing a complete rewrite, but this thread started on a much, much simpler premise: Can we stop the spammers from showing on the ban list?

    The answer is yes - easily. Securing the access rights - not so easy. This is the usual course of events.

    Let me know, although I expect everyone's hands are tied here...
  17. Stryder Keeper of "good" ideas. Valued Senior Member

    The current Vbulletin software uses a pseudo-cron system, whereby user actions trigger events closest to the Time period listed. Cron actions are utilised mostly for the Temporary Ban's for counting down when a person is re-emitted to the site, it's also used for daily site maintenance like adjusting the registered post/thread counts. The main reason CRON events are used is to try and limited the overall site operation overhead. Obviously there are still on-posting events triggered on a per user basis, however if everything was done on a per-user basis the site would slow to a crawl or hit it's user maximum. (There use to be a limitation in regards to the Apache and MySQL where the users were limited to approximate 50 consecutive accesses, sometimes Apache might have a greater number than the SQL database which would cause a SQL error stating that a persons response was "queued" or they would have to try again later.)

    Obviously though as server environment have become larger in regards to resources, the overall software hasn't necessarily been scaled to adapt to the changes. This means there is still CRON events that could be handled on a per-user created event basis.

    As for why I look at the subject of one problem which can be a simple fix equating a complete re-write. Well there is more problems than just that one involving the spam list, like for instance the dual posting and downtime problem that occurs at 10:30 GMT everyday. (incidentally I think the Spamlist was written by Plasma from Raw SQL anyhow, which might be the reason for the absence of filters)

    There is also the fact that this forum has operated for 10 years with the software of different versions and builds, and the migration to a later version didn't necessarily go completely smoothly leaving a few buggy areas.

    What it does all equate to currently though is that most if not all of us at Sciforums as a website and domain and a community, have our hands tied in regards to development changes involving the site, even if they are only very small fixes.
  18. Syzygys As a mother, I am telling you Valued Senior Member

    You have 27 posts, you ARE a noobie! And you are posting offtopic in this thread, just to show your newbieness....
  19. Randwolf Ignorance killed the cat Valued Senior Member

    Thank you for the respectful answer Stryder - starting to make sense now. Lovely little mess the powers that be have managed to back you into. It's an absolute necessity to stay ahead of the curve.

    Since that's not the case here, you and I both know what's coming - eventually. I don't envy you.

    Unless, of course, someone has a war chest prepared, or this site makes a lot more money than I thought. Any insight as to when this forced migration is scheduled? As in what year? Decade?
  20. Stryder Keeper of "good" ideas. Valued Senior Member

    Well to force one requires grouping together a band of mutinous scallywags, that can put aside their tourettes laden parrots and binge grog drinking long enough to construct either a new improve vessel (or life raft) capable of carrying us.

    Or simply, somehow out of the rabble that post here we've got to organise an Open-Source/GPL reinvention of the community gated here, whereby we have greater access to development.

    It's then up to the community as to whether we pass over the work for use as sciforums or continue under a different community moniker entirely.
  21. Randwolf Ignorance killed the cat Valued Senior Member

    Ah, yeah. Let me know how that works out...

    You're serious, aren't you? We have to rewrite this? For no money as well, right?

    This should be an absolutely delightful project to try and manage. I have no doubt the skills are present, but that just brings us in a circle to your first point.

    Hmmm... This certainly blows away the "puzzle" threads that have been circulating about lately.

    By the way, I like the "tourettes laden parrots" thing...
  22. Stryder Keeper of "good" ideas. Valued Senior Member

    I'll express my point/position:
    I'm classed here as a "Super-Moderator" which basically means I have the capacity to moderate all forums, I don't have "Administration" privileges for alterations to the site structure or software. As a volunteer, I'm not paid to act as a moderator and technically I don't have the job description of programmer.

    The current state of the site and community eats away at my very fibre of being. This site has existed for 10 years and over that time there have been various heated debates and arguments that have occurred about the site, it's management and what the community would like to see ventured into. Alas for myself, the other volunteers and I believe Plazma himself, we can't do much without the say so of the actual site owners.

    I mean we could request changes, suggest changes etc. However this site isn't their main point of interest and it to be honest it appears to have been left to stagnate. Where other communities evolve and change with the times, this one has only rarely adapted. (Like for instance the implementation of Latex)

    It actually generates a rather interesting challenge however considering we don't have access to the Domain record or the server, which is why if a development team was to be assembled we'd be left with a Parallel implementation under a different domain name. This in turn generates a problem with those previous posters that are "Neophobia", as they don't necessarily want to join a new site, they don't necessarily want to fill out all that user information all over again and go through the various email checks again.

    This is one of the reasons why I'd been looking at something similar to Open-ID, it would allow the creation of a user account with information that can be shared with sites that are then applied as apart of the community in the future. This means more than one site type could be developed with a single login.

    Obviously with the recent concerns about privacy, the component that deals with the Cross insite ID would require having the capacity to lock down the privacy and only store as much information as the user allows rather than asking for more than is necessary. (The only information needed from human interaction would be a User identity and an email address.)

    Such occurrences like Blizzards attempt to get people to post under their real name which caused criticism can be negated because that information could be stored but withheld from public output, heck it could be withheld from the operators of the website and only appear in automated inclusion.

    (Of course automated inclusion can have it's drawbacks, I'm pretty sure there was a story where a person received a rather lude email from an online bank which turned out to have had information populated via an automated form where by another protagonist user had purposely written their name wrongly as "Pete Ofile" and included their email address to purposely offend them. Thereby the bank looked at fault, even though it was actually someone playing a rather cruel prank.)

    anyhow I really shouldn't let myself tangent into thoughts of development, and consider the first hurdle being the missive statement. Similar to how MS use to have "Where do you want to go today?".
  23. phlogistician Banned Banned

    I also saw many decent handles wasting in there. My point stands. Why ban when you can just delete. What's the point keeping banned accounts anyway?

Share This Page