A sudden surge in membership registrations has raised a red flag for us at the website and we are currently limiting membership to those who respond to an email we send out.  Perhaps the surge is not a security issue, but rather a cause to celebrate, and our policy is needlessly limiting. 

Please weigh in with your opinion on this policy.

Background:
For the past three weeks, the Focus Fusion Society has experienced a sudden spike in Membership registrations.  Many of these new applicants seem normal enough - but on the other hand, quite a few have names like (no actual names used here):  xyz at siteoptima dot com or usernames like “fashion jewelry” or “acai free” or what have you.

This surge came just after I read that captchas on websites have been compromised.  Evil forces have figured out how to leverage simple men to do their bidding - Guys, in particular, are easy marks for things like the ESPN porn scam http://tinyurl.com/lojj99

On the one hand, it’s brilliant!  Computers have now outsourced captcha decoding to humans.

On the other hand, our membership suddenly doubled in a few weeks - except I didn’t activate them.

Anyway, I became a bit paranoid with the sudden surge in membership requests.  So, I set up an automated response that tells new applicants to reply with a sentence or two about why they are interested in fusion.  I then activate them manually. 

So now, I have 550+ people not activated (they didn’t respond), and am manually activating about 10 to 20 people a day.  Most of the respondents do say something legitimate sounding about fusion.  But others say things like:  “wow, I well I thought I would add some links of my own - everybodys doing it!”

The Issue:
The question is - are we being too paranoid?  Why not just activate all?  Perhaps our policy is creating an unnecessary hurdle to many otherwise legitimate members. 

And doesn’t it look good to have a lot of people as members - this would be us padding our rolls. 

Our policy for posting is that you have to have a legitimate topic to discuss.  We’ve had people in the past who are clearly trying to leave links - they post something inane and have a bunch of links to a commercial site in their signature.  We have quickly deleted such posts and on a few occasions, blocked the member from the site.  Hence the fellow above who wants to add links would be thwarted. 

Would it be less work to control things after people have joined - e.g., manual verification takes time for both parties.  Why not just accept all and then delete the bad apples as they present themselves? 

Is there something else about this situation I should be paranoid about?  Any other security concerns I’m not seeing?

Perhaps I’m mistaking our growing success and outreach for a problem. 

Your opinion on this topic is appreciated.  We all have a role in making this forum a useful space.

Ah.  One of our new wave of sign ons has this to say:

Sorry for the inconvenience - we’ve been flooded with some bogus membership
applications and are trying to clean it up!

Yes,, I would imagine you are being flooded.

Not sure if you are aware of this or not but your site has been added to an internet marketers list being sold by ht2p warriorforum dot com [whoops!  Almost rewarded them with a live link there!] which essentially means that people are spamming your site in order to get a backlink to their own websites.

How does this work? Part of the google algorithm for how it ranks a website is based on backlinks, links from your site to another. In your members profiles you allow links to be added. This is how your site is being abused and why you have a large number of bogus memberships. They sign up for a membership and then add spam links in the profile.

I’d advise that you go through all of your recent memberships and take a close look at each profile… and sometimes the links can be in places that you’d least expect. Clever little trick, some profiles don’t allow links or they “nofollow” them in order to avoid the problems you are currently having, but, whoever designed the page overlooked the fact that you can add html code directly into certain fields like ‘nickname’ so the nickname in the profile is the link but nobody would ever think to check that.

good luck, and yes, what you are doing is truly badass and it’s unfortunate that your industry doesn’t have the same influence that the oil industry has. With the proper resources and financing the world could be a much better and cleaner place.

Now, lets think about this.  Everyone’s out there, trying to get a linkback to their sites.  Desperate for attention.  As are we, of course.  We’re all in this boat.  So…they’re signing up for a membership account to pepper with links.  Now - what human looks at other people’s membership profiles?  Not enough to get any real attention, I’d think.

Robots might scan them and tally them.

How effective is this strategy? 

I certainly want our legitimate members to be able to share things (links) about themselves to their hearts content.  I don’t want to install a freeze on linkbacks from our forum.

So…I guess we’ll just make membership more rigorous.

Now - what human looks at other people’s membership profiles?  Not enough to get any real attention, I’d think.

Robots might scan them and tally them.

My point here is that - this sounds like a numbers game played by robots.  Where’s the humanity?  And why are humans then even paying attention to all this number padding? 

More worrisome, is this the game we’re supposed to be playing to increase our ranking and visibility in cyberspace?  Is this what SEO is all about?  Robots tallying links that humans don’t really pay attention to? 

The validity of statistical analysis is called into question here.

Sorry, Rezwan, but robots mapping links and doing mathematical analyses on that database is SEO, and it is a huge industry which is here to stay.

I’d set the program to nofollow ALL HTML links, across the board, except for the official links that need the ‘follow’ attribute. If a link really is pertinent in the thread, it can be copied and pasted into the address bar almost by reflex.

You may or may not also want to call the promoter out over at Warrior Forum and announce the new linking policy.

Aeronaut - 29 August 2009 01:11 PM

I’d set the program to nofollow ALL HTML links, across the board, except for the official links that need the ‘follow’ attribute. If a link really is pertinent in the thread, it can be copied and pasted into the address bar almost by reflex.

Yeah, but I like being able to just click on a link.  People should not abuse the site.  I think it’s best to vet the members rather than limit them once they join.

You may or may not also want to call the promoter out over at Warrior Forum and announce the new linking policy.

Yes, I’m on this.  My communication thread as follows:

Warrior forum said:

Hello,

we have no list we sell to marketers. Please contact the owner of the list.

Thomas

I replied back to the guy that tipped us off.  He said:

The following is taken directly from the pdf they sell….

Please note: If you have obtained this packet from anyone other than me, Paul
xxxxxx, or my website (www dot pjsxxxxxxxxxbacklinks.com) or the Warrior Forum, you have
received a stolen copy. Anyone who violates the copyright on my product will be prosecuted
to the fullest extent of the law. To report any abuse, please contact me here:
http:/xxxxxxxt

and a link to his partner in crime http://axxxxxxxxx link_builder1.html

This should be all of the information you need.

  (Yes, I’m obscuring the links to keep people from going to them, of course.  A lot of x’s. 

So I told Paul to take our name off the list.  He said:

Yes, what is the name of your website? Sorry for the inconvenience.

Asked how we got on the site, he said:

I have removed you off my list, and I’m trying to get the pirated copies of my list taken off the web. I hired a seo outsourcing person to find links for me, that’s how I got your website

And I’m putting this info out here to get the anatomy of this sort of thing. 

Also, Warrior F was in denial of this, though Paul says that is the place you would get it.  Unscrupulous site.

Warrior Forum is a mixed bag. Ten years ago it was an underground legend. Today it has many upstanding members (I know many of them from another forum), but most of the visible traffic is from people who want to game the system and haven’t been google-slapped enough to realize it’s counter-productive. And almost anybody can publish a Warrior Special Offer (WSO) for only $20.00.

Sad, but true, and unlikely to change any time soon. Maybe your communications with them will keep FFS off of future linking lists…

Now there’s another surge in registrations, this time on the DPF forum. Mostly their “institution” entry contain a name, and in the “Bio” there’s sometimes a link to some ad. I think the “Bio”-thing is added later, so it isn’t evident it’s spam in the first place.

I would be happy if there are so many DPF scientists around, but I doubt it.

Henning - 01 April 2010 03:33 PM

Now there’s another surge in registrations, this time on the DPF forum. Mostly their “institution” entry contain a name, and in the “Bio” there’s sometimes a link to some ad. I think the “Bio”-thing is added later, so it isn’t evident it’s spam in the first place.

I would be happy if there are so many DPF scientists around, but I doubt it.

I’ve been seeing the same thing. A lot of profiles with just that one field filled in. But if all of the links other than to LPP were automatically no-followed, the word would eventually get around. It would also tighten our SEO up a lot.

A good technology is to add a hidden field, that cannot be seen by normal user, but will be filled by spambots.

Breakable - 02 April 2010 10:06 PM

A good technology is to add a hidden field, that cannot be seen by normal user, but will be filled by spambots.

The other side of the same coin is to add a “CAPTCHA Code” which can be seen by humans but not machines. (The server generates a random code of letters and numbers and then converts it to a bit map which is displayed and has to be copied by the user into another field (checked agaist the server’s version)  before they can continue. Easy for us - very very difficult for machines.

Phil’s Dad - 04 April 2010 03:08 AM

Breakable - 02 April 2010 10:06 PM

A good technology is to add a hidden field, that cannot be seen by normal user, but will be filled by spambots.

The other side of the same coin is to add a “CAPTCHA Code” which can be seen by humans but not machines. (The server generates a random code of letters and numbers and then converts it to a bit map which is displayed and has to be copied by the user into another field (checked agaist the server’s version)  before they can continue. Easy for us - very very difficult for machines.

This hoomon has a lot of trouble with most captchas, but they are more effective than a system that only focuses on spambots rather than misguided link seekers.

Capthas are becoming less and less effective, as methods to overcome them are being developed. The best system is RECAPTCHA which uses words from old books that are hard to read for recognition systems by themselves so by recognising the captchas you also help digitize the books. Still the captcha system has one big exploit - human factor. What the spammers usually do is setup a system on a pornography site that takes the captchas from a protected system and requests the uses to input it for example to “see the next image”. Thus a single porn user can enable sending of hundred of spam emails, and digitizes old books at the same time :D

Rezwan - 29 August 2009 03:00 AM

Now, lets think about this.  Everyone’s out there, trying to get a linkback to their sites.  Desperate for attention.  As are we, of course.  We’re all in this boat.  So…they’re signing up for a membership account to pepper with links.  Now - what human looks at other people’s membership profiles?  Not enough to get any real attention, I’d think.

Robots might scan them and tally them.

How effective is this strategy? 

I certainly want our legitimate members to be able to share things (links) about themselves to their hearts content.  I don’t want to install a freeze on linkbacks from our forum.

So…I guess we’ll just make membership more rigorous.

Desperation is an empty shell of baffles, traversed by zombies.

Real content filters by quality. Your current policy of ‘email response demonstrating knowledge’ is an excellent filter. As a newbie I felt nervous (“would i be allowed to qualify to join?”), and therefore promise to make any link i add relevant, and survivable; because if, in future, any of these become stale, then it degrades the forum’s quality.

So,
if we can have captchas AND email response AND people scrutinizing the links we add, AND modding down irrelevant or stale links, then this resource can remain cohesive and valuable in the long term.

Yes, we do have captchas.  I suspect there are a lot of people out there with a lot of time on their hands.  Big unemployment problem. 

I’ve changed DPF membership as well to require a second email telling us if they are for real.

I’m for vetting a membership simply because this is such an important site to its members and staff.  I know it takes a lot of extra work, and that essentially costs money/time which are always in short supply.  However, that’s the cost of a free-for-all Internet, unfortunately.  It, like governments everywhere, would probably be best served by a benevolent and wise dictatorship, but that’s not going to happen.  There are wolves in this world, Rezwan.  Don’t let them undo this for their own purposes, if any.  The “social consequences” are less good for those who profit from the energy or scientific status quo.  They would have reason to try to delay or interrupt a real R&D program like this if they feared the consequences.

The problem is that I don’t have time, and I’ve left a lot of people who want to sign up wait for quite a while before getting to the activation.  I’m sure that’s a big turnoff.

A compromise:  I have now set up member self-activation, but the default class is “Member2”.  Such members are still not able to post in the forums, but they can at least get started on their profiles, and they have immediate response that way. 

In order to post, they need an “upgrade”.  For that, they have to contact me, and say they want an upgrade.  Then they get “Member” status, so that’s like “1st class” : )

I suspect there’s more we can do with the registration form to weed people out - like require address and phone numbers and other such info just to register.  And an email verification where the recipient has to click to activate…  Not sure how to set that up.  If it’s something simple, we’ll attempt it.  Note to tech folks, we use expression engine for this forum if you want to research some ways of beefing up the registration process.