Upgrade coming

edited March 2015 in General
Just a heads up, probably this evening (NZDT), if not, then in the weekend I'll be doing a point release upgrade of the forum software in order to keep to the philosophy that a little bit of work frequently is better than a lot rarely. Also, there's a security update out. You probably won't notice anything, but when if I cock up, things may be haywire for a few minutes.

http://vanillaforums.org/discussion/29555/vanilla-2-1-9-released

Maybe they'll also fix the issue where the editor swallows a URL if it's the last thing entered. But it's not on the changelog, so I doubt it.
«13456710

Comments

  • edited March 2015
    Thanks again for all your work in doing this Eythian
  • No worries :)

    That seemed to be happy, sing out if you notice anything newly weird.
  • Thanks eythian!

    Craig
  • eythian said:

    No worries :)

    That seemed to be happy, sing out if you notice anything newly weird.

    OK, but my coworkers might look at me funny if I just start singing in my office.
  • I just made some changes to the configuration that makes things slightly more sensible. You probably won't notice anything (except that extra 'emusers.org' bit is gone from the path), but if you do, let me know. Most likely it'll be internal links that did work no longer working. It'll be fixable, and shouldn't even be happening now.

    Now we just need @xtrev to move the DNS over and it'll be a perfectly normal setup, not one that almost literally goes half way around the world and back again for every request.

    Cheers, your local servermonkey :)
  • edited March 2015

    It looks the same to me. Well done!


    One topic from March 17th somehow floated to the top. The one about what to do with an old turntable. people had posted in other topics past the 17th, though. Not sure if anything else is out of order, or if that one even was.

  • I have a few unsubstantiated theories on what causes this:
    * someone editing a comment
    * someone adding a comment and then deleting it
    * a spammer (or real person, potentially) creating an account and leaving a comment, which will end up in the moderation queue and invisible on the topic.

    These are just guesses though, I'm not really sure.
  • @xtrev changed the DNS, so things should be a little smoother and quicker around these parts now, especially if you're somewhere near civilisation and not in a remote part of the world like the Americas or Europe. Hopefully you don't notice a change, aside from good things.
  • edited April 2015
    @eythian, I have a spam question. Spam levels continue to rise. The applications queue and the spam queue are not a problem, no matter how long they get they take a couple of minutes to clear because it's easy to see if anyone entered a human sentence in the application form.

    But the substantial numbers that make it through to Noob category take a lot more work. Even if I don't run a check on the IPs (I tend to do so if it is a plausible email address and not if it is a disposable email address) there are five steps to deleting a single user, and it can easily take half an hour to clear the latest batch.

    Is there anyway to force all new registrants to the applicants queue? It would make life a LOT easier. (I still do not understand the current setup, it seems like Noobs, who have not confirmed an email address, get further into the system than applicants).

    (If in fact registrants do go first to the applicants queue and then become Noobs then what I mean is I want them stuck in the applicants queue until reviewed. But I don;t think it is that way round because Noobs have not confirmed their email).
  • edited April 2015
    It also appears that if I am traveling for a day or two, like this weekend, and the Noobs are not eradicated promptly from the user list, then they have a chance to start posting like mad - there was a lot of spam in the moderation queue this morning.

    I think we need to rethink the Noob category, but the the interface around user categories is far from transparent to me. To my mind everyone who fills out the registration form should go through an initial approval based on whether they can make an English sentence, before they get into the users list, but I am not sure how to achieve that. The current setup is too much work.
  • edited April 2015
    @eythian, one more thought, if the above should not be possible I wonder if it would be worth the $8/year to get the Cleantalk plugin? I would be willing to contribute for that. I find that the Cleantalk site identifies significantly more of the spammers than stopforumspam does - it's only a handful that it does not identify. I have not looked into the ins and outs of their plugin; just a thought.
  • EIGHT DOLLARS A YEAR??!?!?!?  SIXTY SEVEN CENTS A MONTH??!?!? OVER TWO PENNIES A DAY???!?!? ARE YOU INSANE??!?!?
  • edited April 2015
    Lol. I am certainly spending more than two-pennies-a-day-worth of my time on spam clearing, and in terms of the cost of my time I am not even a lawyer.
  • Yeah, I'm not sure how best to resolve it. I did a bit of tuning to settings but it made bugger all difference. Maybe this weekend I'll have to do some research.

    We could lock down the noob users to a category, that would possibly be enough to slow bots down anyway.
  • edited April 2015
    I've also been wondering how aggressive to be in cleaning up the user list. I was just prompted to think about this again reading about sleeper spammers, who visit a site once to set up an account and then come back years later to spam once their account is no longer under scrutiny. We do have a number of users whose first and last visit was months or years ago on the same date. Spammers or folk who joined on impulse and then forgot about it? Who knows. I do notice that some of our Noob users have IPs that do not show up in any spam databases and do not start posting spam but have email addresses that look very spammy.

    ETA the more I read about this the more I wonder if the user list should be purged of users who only visited once (first post and last post is same date) more than X months ago. Does that seem reasonable? What is a reasonable time frame for visiting the site and/or posting something intelligible after registering?

    ETA2 there are definitely some old accounts that are already members from a year or two back that only visited once and look like spam accounts. I was able to verify that one of them was a spammer and removed it. Will take a more careful look at the others when I get time. Don't want to delete anyone who doesn't deserve it, but don't want a bunch of spammer time bombs in the member list either.
  • Checking out the Vanilla forums I saw this plugin suggested: http://vanillaforums.org/addon/addregistrationquestion-plugin

    I am assuming it allows you to add a simple question to the process - captchas suck, but questions like "I am a dog, what am I?" are easy for humans but difficult for spambots. That really helped some people.

    As for old accounts, looking at the user list I have to imagine that most of them can be deleted. Even if they were "legitimate" at one point, they no longer serve a purpose. Meaning, a number of users from eMu may have signed up 7 years ago out of frustration but then never posted or did anything here again. Why keep the account? Even if they want to come join in now, they'd be better off creating a new account.

    My only worry is that the user list does not show number of posts. That would make it much easier to delete all of the accounts that joined and last visited the same month but never posted.
  • And this might be helpful for the user page: http://vanillaforums.org/addon/memberslistenh-plugin
  • edited April 2015
    I don't mind gradually going through the old accounts. I'll be conservative if it looks like someone who might come back. You are right, there is a cluster of folk who joined for a day in 2009. There are others that look like spammers. I'll take out the ones who came once in the past and never returned. If they ever want to come back rejoining is probably easier than remembering who they were five years ago anyway.

    Not sure how useful the member list plugin would be - our list is not huge. My main bugbear with the members list is how laborious it is to delete the chaff.
  • @thom, btw you can see the number of posts for old users by clicking on their user name in the users list.
  • GP - many thanks for all your work on this aspect. Until recently I had not realised that we get lots of spammers, rather than just the occasional one or two. You are right about your time cost - recently my father was charged more for a solicitor to write a short letter than my last university paid me for a day for much of my work, when I was on an hourly paid contract!!
  • Maybe this is too much running commentary, but I don't own this board any more than anyone else and want to keep this transparent. I have blocked all applicants from two disposable email sites (websites where you can generate an email address that is only temporary for the purposes of signing up for sites without giving your real email address) that have been used regularly by spammers (mailcatch and trash-mail). The first one I banned a few days ago and it has already caught 15 attempts. Funnily enough emails from @spambog.ru also tend to be spam :-).

    I guess there is a very small chance that a legit user might use such a site (they sell themselves to the public as an anti-spam measure, ironically, so that you can sign up for sites without getting junk mail back from those sites) but at the moment we are getting a lot of users signing up with them and they are all spammers. My view is that while I could imagine a somewhat legit use for disposable email if, say, a site is making me give my email just to download some info and I never intend to go back, if folk want to join a discussion community they should be signing up with a stable email address for some accountability. 

    If anyone disagrees/thinks I am being too harsh towards disposable email please let me know, but it is helping reduce the spam flow/save work.

    I found several past spammers lurking in our members list (by checking their user names against their activity on other boards and catching them posting spam elsewhere - the member list does not allow IP checks for anyone who joined before the board was updated) and even one who had posted several sensible-seeming comments here that had a marketing link appended to them (and who was spamming other sites) and apparently did not get apprehended or deleted at the time. I'm cleaning it up gradually, so our number of "members" is actually shrinking!
  • Totally fine by me GP. Naively, I didn't even know that  such temporary email addresses existed - it is a bit like my wife using an old, redundant email address when shops ask for email details!
  • Prof, so what you are saying is, the eMusers club is growing ever-more exclusive!  Thanks for your dogged efforts to ferret out the evildoers.
  • Yes, I'm thinking I should get a cape and an alter ego.
  • GP you should probably think about getting a trusty sidekick too
  • Would also point out that you already have an alter ego, as do we all
  • Ironically, I am half way through reading Don Quixote at the moment.
  • Spammers.  Windmills.  Same thing.

    Craig
  • Last I saw you were only 42%! ;)

    And thanks for all your windmill tilting - I'm still poking around the interface.
  • Calling it half feels encouraging :-).
Sign In or Register to comment.