Let's Make Robots!

Spam avoidance

You may not remember from way back when, but since March 2010 new members have to pass a tiny little quiz before we will allow them onto LMR. The main reason for this was the onslaught of spam on the site.

And it helped a lot! The number of spammers that get through have dropped dramatically! I guess they choose to move along and pester some other poor blogger.

Admins still call it The Zanthess Quiz, after the Queen of wacky design ideas: .

But this week I got a feeling that we perhaps should update this quiz. Judging from a few spam incidents this week, I think we should simply change the questions and perhaps make it 10% harder to find the answers. Please comment below if you have any great ideas.

Remember, the questions must obey these guidelines:

  • Any new user should be able to find the answer on the indicated page. Including people who don't use English as a native language.
  • The answers should be short and unambiguous. Spelling errors should be impossible to make. 
  • Forcing new people to look up the answers helps to introduce them to the Start Here instructions and The Rules of LMR. This serves as a forced intro.

The existing Quiz reads:


"Quiz:

Welcome as a member of letsmakerobots.com. To prevent spam (or at least make sure the spammers are into robot building), please solve this quiz:

1) If you have never made a robot before, it is no problem. Just look at the top menu, "Start here", where you will also find the answer to this first question:

  • What is the "Center position" for a servo in picaxe basic? Hint: it is a number greater than 75 and less than 225.

2) There is a fantastic good tone on LMR. However, we have made some rules, they can be found on the top menu. Question number 2 is:

  • What word should I never write as the first word in any posts?

3) This is not even a question. This is just to make the spammers think that the quiz is harder than it is. You only have to answer number one and two. Welcome, friend.

If you think the answer is "325" and "Hello", please write 325hello here"


Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

...is a daily battle. anyway...there are a few tricks how to block spammers (i mean the spam bots which try to auto-register on as many pages as possible.

We want to fight the spam bots and prevent their registration right?!?!

There is 2 level solution and I want to dig out this thread again to let you know my ideas.

1. create a pool of 20 ~ 30 questions/answers

2. create a random number and lets say a few random characters which are merged together in a random pattern.

3. take this string and make a picture (like a captcha)

4. first ask at least 3 questions from the pool

5. now we go to the 2nd level if all questions answered correct we will go to another page (this page is created on the fly using the pattern from #2 (but in another order - e.g. pattern LMR12345 will create the page 12R3L45M.html) Note: this page on the fly will never be there twice so nobody can access it by typing it in the address bar.

6. Optional!!! put a count down on that page. let the user only proceed when the count down is "down" to zero and then show the captcha. If there is any attempt to proceed before the count reaches zero then put the page in a "penality round" like in sport events...lets say another 10 seconds waiting

7. ask for the pattern in the picture (this is lika any captcha check)

8. if the answer is right then proceed with the registration.

Why that complicated?

Spammers want to spread their links to as many pages as possible. by doing this manually it will take much time. So they use spam/registration bots to do this work in a much shorter time. These bots are smart and can read your website with the registration form since they all have some similar code/purpose/functions. But.....they are not smart enough to navigate to another page to proceed with the registration and solve all the things suggested above.

Ok, this will probably make some intersted people angry/upset/wondering but finally they will understand.

I also know that this procedure is kind of crazy but as far as i know it will work.

 

How about asking what version of the Start Here Robot the site is currently constructing.

Ask who the resident Polymorph guru is. (force use of the search box)

Ask, Answer the following Put the (blank) in all your videos.

I have to wonder. Is it a good idea to have quiz suggestions visible to the outside world? If there is no problem seen then I will offer my suggestions.

As long as you do not give the answers on the same page. Refer (link) to the page where the answers are to be found.

What if we had an emoticon that you had to decode? The only problem I thought of is that sad could be upset or mad could be angry. I don't know if having a list of potential emotions would be counter-productive or not. Just my .02 pesos. 

Spam burgers A+

Spam bots F

As it is now a spammer can try register a few times until the answer is right ... the big hint about how it should be formatted is on the page.

So once a dude get's it then LMR is easy prey.

What is needed is something like the captcha mentioned in the toon ;)

.. or a quiz which chooses a different set of two questions from a question pool every time that page is loaded, the larger the pool the less likely for the questions to repeat.

Sure any person could read the quiz and just start guessing. Or just search the right answers and fill them out like all  new members do. The point is to make it hard to automate and at the same time point out the two pages to new members (rules and starthere).

And unfortunately, once someone has that answer in the pocket, any automated spambot could use it to create as many new accounts as he likes.

More different Quizes would make it harder to accomplish that, but not at all impossible. It would turn into an arms race. Quiz Master vs Spammer. I choose not to run in that race.

But like any good password, we should refresh it every now and again. Starting with now.

Actually, perhaps it could even be possible to draw 3-4 questions randomly from a pre-prepared pile. Then the questions and the order that they're asked in would be different too..

maybe I don't know how automated spambots work though - It's time for me to shush.

at the risk of making more work for all concerned, perhaps it would be possible to make a few different quiz-pages. When a new user registers, one of them is chosen randomly. That might mitigate automated registration to some extent?

Having said that, I have no concept of how possible, practical or useful it would be.

The could at least stop the spambot in it's track when it start going crazy, simply blacklist the IP where so many requests/sec are coming in ...