| 1 person marked this as a favorite. |
We don't talk about specific tactics here because Spammers can read, but suffice to say there has been much more move/counter move going on than is immediately apparent. New tactics are in development even as we speak. This has, and will continue to be, a priority for the dev and community teams.
Move/counter-move. It always has been thus, and always will be.
Glad the employees have presence here on the forums, and glad the issue is being looked at. (Now, about those up times ...)
| 2 people marked this as a favorite. |
Things along this line are one of the many different tactics we have worked with and may still be doing so. We don't talk about specific tactics here because Spammers can read, but suffice to say there has been much more move/counter move going on than is immediately apparent. New tactics are in development even as we speak. This has, and will continue to be, a priority for the dev and community teams.I have an anxiety disorder and I get anxiety over the most random and asinine things. For example, there is a website I haven't used in months because their login system doesn't work with password managers and the idea of having to actually wrangle with it irrationally distresses me and keeps me away. I actually use a password manager specifically because that removes some of the hurdles in account creation and login for me. I have trouble logging into things outside my browser (eg, downloading apps to the iphone, etc) for the same reason that it's not handled by my password manager.
I also tend to avoid making new accounts because when I do that, I feel like I am creating clutter, and I'm always anxious about being surrounded by clutter and having to dig into said clutter to find something I need. (both physically and in a more abstract space, like digital clutter)
So yeah, if people find account creation and logging in to be a barrier, I can empathize.
Having issues with anxiety myself, I can understand how this could be an issue for you and why changing it up could be a problem.
I probably have already seen this suggested somewhere, but have we considered turning off non-English characters in thread titles? It probably won't help, but it might slow them down long enough to get some of the other precautions in place?
Is one of the counter-moves running a trace of their proxy path to get a physical location so that you can send in a highly-trained unit of Krav Maga paratrooper Mounties (that's right, run that through your mind's eye) to dispatch them with great haste and efficacy?
Because if not, it totally should be.
Senior Software Developer
|
| 7 people marked this as a favorite. |
If I could mail them a crate of mosquitoes, I would in a heartbeat. But since I can't, I'm going to have to satisfy myself with a slanderous mambo which I like to call the spam laser.
| 3 people marked this as a favorite. |
I got Mosquitoes if you want Mosquitoes:-)
I might go with Hornets myself, but you're the guy with the plan, crate and laser, so who am i to complain:-D
| 5 people marked this as a favorite. |
Hornets can kill, with mosquitoes the suffering just goes on and on and on.....
Customer Service Manager
|
| 1 person marked this as a favorite. |
We have a significant amount of customers who only purchase occasionally from us, or sometimes just once for a gift or a paizo.com exclusive they can't get at a FLGS. Our community and customer base is much, much larger than the number of people that post on paizo.com and as Gary said earlier, implementing any number of things that makes account creation or log-in (which is already too much of a barrier for some folks) harder is something we need to be extremely cautious about. I'm reminded of this every Gen Con when a large chunk of the people visiting our booth have never visited or heard of paizo.com.My only comment here, other than being glad that you guys are working on it, is that in 2015 I find it incredulous that account creation and/or logging in is a barrier for some users. Everything I do on the internet in some way requires you to do this sort of thing. In this day and age, that's like saying that tying your shoes is too much effort -- but then, we wouldn't have velcro shoes I guess.
Not saying it isn't true, mind you, just amazed where the bar is.
There is a vast portion of the population (including in the USA) who are completely unconnected to the digital world and for whom it is not just inconvenient but incredibly difficult to get access to the internet. I've posted about this before if you are curious: http://paizo.com/threads/rzs2q43n?Direct-PDF-Downloads#17.
| 1 person marked this as a favorite. |
There is a vast portion of the population (including in the USA) who are completely unconnected to the digital world and for whom it is not just inconvenient but incredibly difficult to get access to the internet. I've posted about this before if you are curious: http://paizo.com/threads/rzs2q43n?Direct-PDF-Downloads#17.We have a significant amount of customers who only purchase occasionally from us, or sometimes just once for a gift or a paizo.com exclusive they can't get at a FLGS. Our community and customer base is much, much larger than the number of people that post on paizo.com and as Gary said earlier, implementing any number of things that makes account creation or log-in (which is already too much of a barrier for some folks) harder is something we need to be extremely cautious about. I'm reminded of this every Gen Con when a large chunk of the people visiting our booth have never visited or heard of paizo.com.My only comment here, other than being glad that you guys are working on it, is that in 2015 I find it incredulous that account creation and/or logging in is a barrier for some users. Everything I do on the internet in some way requires you to do this sort of thing. In this day and age, that's like saying that tying your shoes is too much effort -- but then, we wouldn't have velcro shoes I guess.
Not saying it isn't true, mind you, just amazed where the bar is.
An interesting post. This is the one time I can honestly say that my privilege comes into play here -- my father was a computer technologist when I was growing up and I learned about computers so long ago that they don't seem like some mystery machine.
I can understand, as I said, the reasoning why. It is just hard to believe, doubly hard for people that want to do business with your web site.
Spam is annoying, but its the TLS change that has completely wrecked my ability to do anything here during the work day.
At some point it's important to accept that skeleton keys locks are too easy to pick to allow their continued manufacture.
|
| 1 person marked this as a favorite. |
Spam is annoying, but its the TLS change that has completely wrecked my ability to do anything here during the work day.
-Skeld
Why not bring up the lack of modern security standards-compliant browsers as a risk to the company? I've seen some departments move fairly quick on things if they're phrased the right way.
I assume this mornings down time is why the boards have noticeably spam free on my end?
| 2 people marked this as a favorite. |
Guys, come one. CAPTCHAs?
What year is this, 1999?
CAPTCHAs in the past decade have blocked more humans than bots, and spammers probably have programs to decript the CAPTCHAs anyway.
|
Why not bring up the lack of modern security standards-compliant browsers as a risk to the company? I've seen some departments move fairly quick on things if they're phrased the right way.Spam is annoying, but its the TLS change that has completely wrecked my ability to do anything here during the work day.
-Skeld
I have some pull at my company, but our IT stays up to date. However, I'm a subcontractor, and where I work (which is a huge, government organization), they are notoriously slow to make changes (because the changes affect so many people and systems and some of those systems are legacy for various reasons). My browser is compliant, but something upstream of me isn't and it's nothing I can change. :)
-Skeld
I have some pull at my company, but our IT stays up to date. However, I'm a subcontractor, and where I work (which is a huge, government organization), they are notoriously slow to make changes (because the changes affect so many people and systems and some of those systems are legacy for various reasons). My browser is compliant, but something upstream of me isn't and it's nothing I can change.
That's the awesome part of the world we live in. Likely what's going on is that there's an intrusion-prevention & content filtering proxy upstream of you. It's there to a} catch malware/detect unwanted connections in and out of the network or b} keep users from accessing content management doesn't want them accessing or c} both. Thing is, it's likely decrypting SSL traffic (HTTPS) in line, and making a new SSL connection to destination servers like Paizo. Literally a man-in-the-middle attack.
Unfortunately this kind of gear is getting increasingly necessary to combat the very real digital threats out there. The two downfalls are a} it's privacy-breaking and b} if it's not kept current, it falls down and prevents legitimate use.
Time to fire up RDP on a home computer, listening on port 80 and/or 443 so you can remote home for lunch browsing. At least that'd be encrypted traffic the IPS device wouldn't be able to snag every keystroke and credit card out of.
Some questions I have:
Have spam threads been spotted outside of Paizo General Discussion? (interesting that they followed the 'general discussion' key word which on most sites indicates off-topic, and did not go to our actual off-topic. might just be a language barrier thing)
How important is flagging to the anti-spam effort? Should I concentrate on flagging every spam thread I see, or will flagging them occasionally be sufficient?
| 2 people marked this as a favorite. |
They sometimes pop up elsewhere, but the various "X General Discussion" sub-fora are most common.
Please flag. Flag as many as you have the stomach to flag. Don't spend any longer doing it than you want to, but stuff flagged as Spam (yay, new flag option!) is easier to remove for the wielders of the banhammer. Mix it up, make a game of it (I believe the fastest flag is currently 3 seconds, and faster than that will be hard), whatever helps you flag a couple more. But whatever you do, don't treat flagging as a duty: you don't have to flag everything you see.
Thanks for helping out!
| 1 person marked this as a favorite. |
Is one of the counter-moves running a trace of their proxy path to get a physical location so that you can send in a highly-trained unit of Krav Maga paratrooper Mounties
Er, if they're using open proxies (and they're probably changing them up because they get IP banned), you probably can't trace their path that easily.
Or worse, you hit some poor innocent user who was hijacked into a zombie machine.
| 1 person marked this as a favorite. |
Is one of the counter-moves running a trace of their proxy path to get a physical location so that you can send in a highly-trained unit of Krav Maga paratrooper MountiesEr, if they're using open proxies (and they're probably changing them up because they get IP banned), you probably can't trace their path that easily.
Or worse, you hit some poor innocent user who was hijacked into a zombie machine.
This exact reason is why we don't just machine gun ban IPs. The vast majority are bot-net victim machines and we end up blocking not just innocent users, but in some cases entire ISPs. It's a tool we use, but more carefully that you might initially think.
| 11 people marked this as a favorite. |
This exact reason is why we don't just machine gun ban IPs. The vast majority are bot-net victim machines and we end up blocking not just innocent users, but in some cases entire ISPs. It's a tool we use, but more carefully that you might initially think.
I'd just like to take this opportunity to say a few things about the Paizo security people.
* They seem to know what they're doing
* They have a very good reason to keep their mouths shut about what exactly that is
* Despite the community's frustration from time to time, they do a very good job, and
* They're probably more frustrated than we are, and they're keeping their mouths shut about THAT, too.
So, this is basically just a "well done," which is the sort of thing that security people rarely get. It's one of those thankless jobs that the better you are, the more invisibly you are treated.
| 1 person marked this as a favorite. |
Is one of the counter-moves running a trace of their proxy path to get a physical location so that you can send in a highly-trained unit of Krav Maga paratrooper MountiesEr, if they're using open proxies (and they're probably changing them up because they get IP banned), you probably can't trace their path that easily.
Or worse, you hit some poor innocent user who was hijacked into a zombie machine.
That's the issue you had with that post?
| 1 person marked this as a favorite. |
That's the issue you had with that post?Is one of the counter-moves running a trace of their proxy path to get a physical location so that you can send in a highly-trained unit of Krav Maga paratrooper MountiesEr, if they're using open proxies (and they're probably changing them up because they get IP banned), you probably can't trace their path that easily.
Or worse, you hit some poor innocent user who was hijacked into a zombie machine.
Clearly we are okay with paratroopers around here.......Just don't screw up the net.
| 4 people marked this as a favorite. |
Those incoming anti-spam features... Is there a chance they will, completely accidentally of course, interfere with starting new paladin alignment/code/fall threads?
Oh, look, a fresh pizza lying in the middle of the thread? It must belong to PostMonsterGeneral, surely...
| 2 people marked this as a favorite. |
Those incoming anti-spam features... Is there a chance they will, completely accidentally of course, interfere with starting new paladin alignment/code/fall threads?
+ 1
| 1 person marked this as a favorite. |
Those incoming anti-spam features... Is there a chance they will, completely accidentally of course, interfere with starting new paladin alignment/code/fall threads?
Oh, look, a fresh pizza lying in the middle of the thread? It must belong to PostMonsterGeneral, surely...
The new features are actually already here and working fabulously! Unfortunately, they just target spam, not repeat threads ;)
Is that the all-the-cheese-meats-veggies pizza you're referring to? Because then yes, definitely the PMG's.
|
The new features are actually already here and working fabulously! Unfortunately, they just target spam, not repeat threads ;)
From the lack of refractory spam lately, I figured either the new features had kicked in, or a whole bunch of Koreans had decided to behave reasonably after someone asked them nicely to stop. The former seemed a little more likely, though.
|
Customer Service Manager
|
Is that the all-the-cheese-meats-veggies pizza you're referring to? Because then yes, definitely the PMG's.
Oh, look, a fresh pizza lying in the middle of the thread? It must belong to PostMonsterGeneral, surely...
His all-topping-pizzas are similar to his all-toppings-salads both in theme and tastiness factors.