people unable to regester on forums

[DGMurdockIII]

Every time people try to register at the forums they get this message "No route found for "GET /ucp.php" someone on IRC what having this problem

[Jean-Baptiste Kempf]

Yes, because they are blacklisted for SPAM.

[Delarno]

This is a nice way for the system to tell them, "get lost spammers".

[nonzyro]

Yes, people like me who've never spammed the forums and have to use TOR just to login. I came here to post a suggestion regarding this antiquated system of IP-Blacklisting because spammers can use the methods I did to circumvent it. Now, after seeing the attitude of of Mr Kempf, it's hard for me to resist the urge to turn this into a flamewar that would spill out way beyond this forum. But I am still a being of reason, so I'll remain calm.

Please consider this an RFC for the site:

0. Change your attitude towards users having problems registering due to *your* system.
1. Do not blacklist IP or IP ranges, it's stupid and annoys people with dynamic IPs (which is an ISP thing common in my country). It does not prevent spammers, it mildly mitigates the problem but causes a bigger one.
2. Implement a simple content parser. How hard is it to auto-delete a post with certain pattern matches?
3. Place new account on probation. This is a tried and proven system for most forums because spammers simply cannot be bothered making 10 legitimate posts and spam bots aren't capable.
4. Flag all posts containing hyperlinks for users with under 50 posts.
5. Place a "proof-of-human" test on the registration page. Something simple like a random question. AI is still under-developed and is easily tricked in natural language by having more than one subject and object in a sentence.
6. Finally, *if* you guys absolutely *must* stick with your dated system of IP-banning, here's a protip: disable it for login. If I've already registered, then I'm a) not a spammer, or b) have already thwarted your system and will therefore likely just use the same means to post spam (though I doubt that the global spam conspiracy has such a small-minded agenda as to go to all the trouble spamming this site).
7. How about giving users a special form where they can request their IP be removed from the blacklist? Just a thought.

I doubt I'll receive a positive response and I am almost sure this post will be deleted and I'll get banned for being outspoken. However, I will post it all the same, in the vain hopes that these issues will be addressed, because VideoLan has gone right down in my estimates in the space of a few hours, which is sad given that I held you guys in such high esteem until earlier today.

[Jean-Baptiste Kempf]

0. Sorry, but no.

We lack contributors and people answering on the forum are rare.

Even now, with an extremely aggressive system, we ban more than 100 posts per day.

So unless you want to maintain this forum for free on your leisure time, this will not change.

1. DNSBL are used everywhere, including in most important mails servers. It does block a lot of spam that we are seeing in the logs.
2. Insanely difficult to do, especially in multimedia. And does not solve the re-posting spam we are seeing a lot.
3. was done in the past and was a complete failure, notably because most spams are manual.
4. phpBB does not do that nicely, and it forces a lot of work to validate those posts.
5. Already done, and see 4. for phpBB
6. Nope. See 3 about manual spam.
7. But it's not only IP that are blacklisted, it's a LOT of other behaviours, like incorrect HTTP requests, incorrect User-agent and so on.

Seriously, do you really think we do that because it's fun? We do it because there are no other solutions so far.

We spend our days doing stuff for free for our users, and then we get posts that are borderline insulting like yours... And almost never a thank you.
Then, don't wonder why noone answers the forum. When I see posts like yours, I just want to shutdown this forum...

[nonzyro]

Seriously, do you really think we do that because it's fun? We do it because there are no other solutions so far.

We spend our days doing stuff for free for our users, and then we get posts that are borderline insulting like yours... And almost never a thank you.
Then, don't wonder why noone answers the forum. When I see posts like yours, I just want to shutdown this forum...

Firstly, thank you for your reply.

You're right, I'm sorry. I'd had a bad day and practically had to "hack 'n slash" my way into the forums. Then, when I posted a question about a bud, my post got wiped (that's probably for using TBB). Anyway, this was a bug I've been trying to draw attention to for nearly a month, but it just felt like I was completely cut off, like there was no communication channel. The responses I got on twitter were terrible, as if my posts had not been read properly.
"As if my posts had not been read properly," it echoed in my mind when I read your post. I may very well have taken your earlier comment in this thread out of context. Maybe your team is over-worked. Maybe you do skim over a tweet because you don't have time to read it. Maybe the reason you were terse earlier, was because you were agitated and tired of hearing about it.

In My Defence:

So far as my RFC was concerned, it was based on personal experience with other forums, one in particular who uses IP banning but they *don't* rely on it. This is because the moderators banned users, then those users would open new accounts using different IPs. Now they actually have a system that examines other metrics like login times, post-style (like unique spelling errors/typos), UA string, etc.
I never stopped to think about the resources it must have taken (they sell game dev products so I guess they could afford this). Sorry, I often I forget that everything in the free software world runs on the good will of others and a "I'll scratch your back, and *hope* that you scratch mine"

So far as the points you've made, yeah they're valid, but consider this:

Even now, with an extremely aggressive system, we ban more than 100 posts per day.

That's a point in itself. Clearly the system is still failing.

0. I know you guys work hard, but you *cannot*, as a public organisation, have a bad attitude towards users. No matter how annoying it gets hearing the same complaints, seeing the same posts in the wrong places, etc. There's only one human being who ever got away with a bad attitude towards the public and that's Linus and it's *only* because he makes us laugh.
1. I know. But that doesn't change the fact that it's a system that needs reform (not just here, everywhere). It's like arguing that because [re]captcha has been around for so long and is ubiquitous, we should keep using it, even though it's also outdated and made redundant by current tech/trends (image recognition, farms of people solving captchas, etc). Common way of doing != correct way way of doing it.
My personal feelings are you should have just the registration page block IPs. Think, non-registered users cannot post, only registered users can login, logged in users who violate policy get banned and cannot log in. Cut and dry if you ask me.
2. I don't know how hard this is to implement, but maybe: Limit new users to text and no embeds/uploads. Tricky part solved. Compare the text to a dictionary and if the black-listed word-count > 1, flag the post.
3. How long ago? Spamming these days is done en mass. Either by bots or by people who get paid $0.005 USD or something that stupid per post. In both cases, they'd not be able/willing to make 10 meaningful and intelligible posts. Very few people are still trying to promote/advertise their crappy site, app, scam, or pyramid scheme by themselves. Those that are will use the methods I'm using now to circumvent your system (check the IPs I've logged in under vs the IP I registered with).
4. Fair enough, as I mentioned. I've no experience coding with forum software. You could disable redirects as it would probably deter spammer in the first place. You could also blacklist known crap addresses so that posts containing hyperlinks to them were deleted automatically.
5. I never got any proof-of-human tests and when I registered it was through a *very* dubious network. Did you mean you used to use it?
6. You're missing the point here. Your system does *not* protect you here *because* the adversary has *already* obtained credentials.
*. A banned user will not be able to login. Solved.
*. A registered user will be able to login. Proof of not being a spammer until they spam. If he does spam at this point, the system has already failed you.
7.In my case, it can only be my real IP. I've tried multiple browsers, tried multiple UA strings. The only time I can use these forums is with TBB, which is hugely ironic because that's where most of your spam is probably coming from.

We lack contributors and people answering on the forum are rare.

"If you surround yourself with high walls, don't expect many visitors" -- by Akisame
I believe in paying it forward. When I post a question on any site, I usually try to answer at least three questions on that site. If the site seems in need, I'll try to answer more. But that only happens when I can access the site with my usual browser.
Maybe you could send me an email with a link, I'll reply and you can white-list my current true IP. I can't guarantee I'll be much help, but I can answer some questions. Which leads me to...

So unless you want to maintain this forum for free on your leisure time, this will not change.

I can't maintain them, but I'd be more than willing to login once a day and go through your list of queued posts and hit approve or delete. It may not be much, but it would take the additional strain off you guys. That is, of course, assuming I can access the site.

So to wrap this up, again, I'm sorry for letting my agitation show in that previous post. Again, thank you for taking the time to read my post.

[Jean-Baptiste Kempf]

0. I know you guys work hard, but you *cannot*, as a public organisation, have a bad attitude towards users. No matter how annoying it gets hearing the same complaints, seeing the same posts in the wrong places, etc. There's only one human being who ever got away with a bad attitude towards the public and that's Linus and it's *only* because he makes us laugh.
1. I know. But that doesn't change the fact that it's a system that needs reform (not just here, everywhere). It's like arguing that because [re]captcha has been around for so long and is ubiquitous, we should keep using it, even though it's also outdated and made redundant by current tech/trends (image recognition, farms of people solving captchas, etc). Common way of doing != correct way way of doing it.
My personal feelings are you should have just the registration page block IPs. Think, non-registered users cannot post, only registered users can login, logged in users who violate policy get banned and cannot log in. Cut and dry if you ask me.
2. I don't know how hard this is to implement, but maybe: Limit new users to text and no embeds/uploads. Tricky part solved. Compare the text to a dictionary and if the black-listed word-count > 1, flag the post.
3. How long ago? Spamming these days is done en mass. Either by bots or by people who get paid $0.005 USD or something that stupid per post. In both cases, they'd not be able/willing to make 10 meaningful and intelligible posts. Very few people are still trying to promote/advertise their crappy site, app, scam, or pyramid scheme by themselves. Those that are will use the methods I'm using now to circumvent your system (check the IPs I've logged in under vs the IP I registered with).
4. Fair enough, as I mentioned. I've no experience coding with forum software. You could disable redirects as it would probably deter spammer in the first place. You could also blacklist known crap addresses so that posts containing hyperlinks to them were deleted automatically.
5. I never got any proof-of-human tests and when I registered it was through a *very* dubious network. Did you mean you used to use it?
6. You're missing the point here. Your system does *not* protect you here *because* the adversary has *already* obtained credentials.
*. A banned user will not be able to login. Solved.
*. A registered user will be able to login. Proof of not being a spammer until they spam. If he does spam at this point, the system has already failed you.
7.In my case, it can only be my real IP. I've tried multiple browsers, tried multiple UA strings. The only time I can use these forums is with TBB, which is hugely ironic because that's where most of your spam is probably coming from.

We've done everything suggested here in the past. It does not work.

[oviano]

I'm not sure if this is the same issue but I currently live in Turkey and I cannot log into these forums using my registered account, from Turkey.

However, I am able to access my account and post etc if I do it via VNC to a machine at a location in the UK (I'm British), but this is not really very convenient; is there anything that can be done? I've also tried using a VPN but that surprisingly doesn't get around the issue.

Just to add, I'm a member of many tech forums around the Internet and I've never had this issue anywhere else before!

Oliver

[Yourname]

I'm sorry, but I tried to access forum from about 10 various devices, browsers and IP adresses, but only one combination give me success. I can't use forum on my develpment PC for example to show logs. If this filter is made to prevent noob post, it sometimes work successfully.

[keria28]

This is for those people who do spam. They usually create account and start unwanted posting to promote their product.