i was under the impression that currently, you could not post without javascript. But you can? 

Why is javascript such a bogeyman anyways? Lots of sites break without it. 

http://forum.textdrive.com/viewtopic.php?id=1605
http://thresholdstate.com/threshold/3730/comment-spam-and-a-disheartening-realisation 

wouldn't it make sense to at least set the "noindex" flag for func? no wonder it's an easy target if it appears in google results so often... 

interesting read that second article, someone had sat down and actually thought the problem through to logical conclusions.
The question is ultimately ensuring the posters intentions... but that makes only moderation or buddylists useful.
Sigh.
It was good while it lasted, the internet and open forums and such. 

is really really good. and shows how all these systems are really really flawed.

also:
http://37signals.com/svn/archives2/introducing_the_troll_cap.php 

Accessibility mistake #4 (first one on that page) http://www.digital-web.com/articles/seven_accessibility_mistakes_part_2/


Sharing problems with the visitor

You want to protect your site from comment spam, e-mail spoofing, and content theft. But why should visitors bear the burden, and have to enter things they see � or cannot see � in images to submit an inquiry, when it really does nothing for their personal protection? Anything computer generated is hackable by a computer given enough time and dedication�even supposedly hack-proof CAPTCHAs.

Why should your visitors have to go through a multi-step sign-up process to ask you a question? It�s your problem when you get spammed�not theirs. Yes, it does frustrate the occasional prankster and gives you a chance to point out help devices such as your FAQ section, but it also means the visitors who really need to contact you have to go through a lot more steps than they should have to. How many times have you hung up the telephone in frustration after listening to all the options of an automated system?

very, very, true. Of course this is a site for the community, so it's as much our problem as yours, but still what he tries to say remains true.

/me thinks of map-center.com 

...If you don't use a shit browser like IE that supports lots of bizzare MS extensions to Javascript (ok, maybe I am just guessing, but IE is the only browser I know that lets sites add themselves to your bookmarks). Also, I guess if you visit lots of "free" hardcore porn sites and warez sites then you are asking for it. But I haven't had any problem in years (pretty much since I started using Opera, actually.)

The only problem I have these days is with the few remaining popup tricks people have, and Flash.

Flash is great when used well. I think Google video uses Flash to stream video data, and it seems a lot less of a pain in the arse than QT, RM or WMV. Flash animations are often fun, as are games. However, Flash ads, menus and sites built purely using flash for no reason other than to look cool (usually advertising some game or film) are not ok. They suck cock and are usually a PITA to navigate.

There are also sites which use Flash for just little things. Take the site www.kotaku.com for example. I really like the site, and visit it at least once a day, but they use flash for the fucking titles of news posts just so that they can use the font of their choice. It is hardly even noticeable... unless you are using a shit PC, upon which point Flash obliterates your machine until you close the window. If you disable flash, the titles are shown in a regular sans-serif font in the same colour. Big fucking deal?

Mind you, if you don't need javascript, don't use it either. 

The whole idea behind javascript was that it wouldn't impact the user experience at all -- javascript is already required, the javascript would work behind the scenes to make the submit form look normal to humans and look like nonsense to bots. I really don't want to do a CAPTCHA or any other thing that requires extra human involvement. Javascript seemed like the ideal hurdle since I don't think most bots will run the javascript they find on a page.

I understand that it's anti-accesibility to require javascript, but the whole point of the move is to make posting inaccessible to certain visitors -- bots.

But I also want to expand moderation powers a bit, becuase of course javascript is only going to be a temporary obstacle. 

I know you're not very keen on it but I've used a free service in the past thats very easy to get up and running. You don't need to piss about with getting graphics libraries and wotnot installed. They create the captcha images for you.

Website is: http://captchas.net/

You need an account, but its free, you just email them for it. You need to download a php class from there as well and they have an example of how to link it in here: http://captchas.net/sample/php/

You could have it up and running in 20 minutes, tops. If you want any pointers, well you know where I am.

Personally I don't have a problem with them, its a necessary evil unfortunately. 

i'd rather alienate a bunch of non-registered users (register, damn it!) than have to type in some bit of shit for every post i want to make. am i the only one who thinks that's phenomenally retarded? 

Either moderate unregistered posts, encouraging people to register. Once they're registered, they can use a Captcha to verify that they're indeed human.

Or, require a captcha once per IP/IP range, every other week or so. 

Are bots capable of posting from registered accounts? Maybe this is obvious, but if they can't post from registered accounts, and you still want to use captcha stuff, perhaps you could limit that requirement to unregistered users? Perhaps used in combination with various other methods such as IP blocking or limiting anonymous posting to X/(unit of time) that might reduce the frequency while causing a minimum of frustration.

I've gotta be honest, though: I'm not really concerned about the occasional spam message. There are already a few posts that I just ignore. However, eight in a row once every day or two kinda sucks. 

 

Are bots capable of posting from registered accounts?

Not unless bots support cookies. Hmm, that might be a good way to do block them, instead of the sneaky javascript i was planning. Problem is i don't REALLY know what bots are capable of. 

The title and the name of poster are both perfect Chinese characters, I mean, not only they are Chinese characters, but also they make sense.

i.e. the name of the poster ( if we translate it into English), is "Travelling in Hainan Province", in which Hainan is indeed a southern province of China and is one of the most famous sites.

Hmmm... 

I had to disable comments on my website after I got hit by bots posting a shit load of crap... always from *.ru domains as well; never quite got that.

I tried to set up a captca but my host doesn't have the library in place for it to work with php, yet another reason to move hosts asap!

There has to be a way of stopping these twats in their tracks without adding too much hassle to legit site visitors (does that JS solution work if they have JS disabled??) 

If the author of the bot could be arsed to put the effort in. Given that the func_ software runs one just the one site it seems unlikely that anyone's going to go to that much effort to spam a bunch of cranky mappers...

Captchas are so fucking annoying. The problem isn't that bad. 

www.BesMella.com has been getting spammed too :| 

so we just got our first spammer who actually created an account to spam with. I have this idea that I actually came up with in a dream, where we use "shibboleths" to restrict accounts only to people who are into quake or gaming or mapping or something. Something like, show a picture of a fiend and say "what is the name of this monster" or "what level does he first appear in on normal skill?" or something. 

that's the most pathetic thing you've written yet. 

What is this monster called?
"You know, this thing that.. it shoots these pink balls that follow you.. meh, i give up." 

just throwing it out there. I don't really like any system that restricts account registration, but we may need a way to block some humans if blocking bots turns out not to be enough. Some types of systems, with varying degrees of annoyance and exclusiveness:

- register, get activation key via email, go back and submit the key (needs a valid email address plus you need to be human)

- captchas (you need to be human, even if you're a human visiting a porn site with a rerouted captcha)

- shibboleths (like captchas but you have to have some insider knowledge that anyone in the community would know. could still be rerouted to a porn site, but they probably wouldn't bother for func)

- can only join with an invitation by an existing member. This sounds really exclusive, except that if people can establish a presence here as an anonymous poster, they could become known to members and then they could just ask for an invitation. (downside of that: a spammer could just look at the board for a username that always posts anonymously, and pretend to be that person in an email request)

Then there are various ways to grant delayed or restricted priviledges to new members, such as you can't use function X for a week after joining, or you can't use function X until you're modded up by an admin (we'd have two tiers of regular members.)

Anyway, I really would rather just let anyone post and anyone join, but I think eventually all weakpoints in the board will be exploited. So it may just be a matter of time. We'll see. 

"You know, this thing that.. it shoots these pink balls that follow you.. meh, i give up."
You are talking about Kinn, don't you? 

to just delete the offending posts and remove the account?