So good I couldn't bring myself to edit it.

Metl, make this a sticky! 

that url, maybe something fappable lies in wait 

Perhaps these bots are contributing to the slowness of func recently... If they aren't registered they're probably downloading the entirety of threads they visit to post in them, perhaps they just do it too often for the database to cope. 

that wouldn't make sense since it'd cost them bandwith, but you might be right. Maybe they're using hijacked computers, dunno.

Oh, will the pestilence never end?

I still think it's not a solution to require registration for posters... Maybe make a mathematical calculation for the anonymous posters, like:
what is 5-3? [answer here]. Func's such a small place that nobody'll bother to code a bot to handle that. (you need image recognition for blogspot etc..) 

There are systems (called CAPTCHAs or something) people have developed to force humans to type in text or whatever to prove they're human. I could do something like that.

However, I'm thinking of going with a solution of using javascript heavily enough behind the scenes that a javascript-disabled agent (like a web spider) wouldn't even be able to tell what form needed to be submitted, nor where it needed to be submitted to. That way there would be no change in usability for humans. I don't think most spam bots run the javascript they find on a page. 

For starters, use a javascript button calling form.submit() instead of the typical submit button (sure hope the spambots are not reading this). If that doesn't work, go from there - create the form, elements etc using javascript DOM. And so on. Until either you or the spammers get fed up with it =). 

that's exactly what i had in mind.

by the way, i already have a button that calls a function that does form.submit -- the problem is the agent can simply submit the form itself. At the very least, i think i'd need to hide the form.action by creating it using javascript instead of HTML. Beyond that, i might have the input elements outside of the form, not have a form at all, and create the form with javascript when you click the button. Anyway, i'll mess around with it. 

i browse regularly with javascript disabled. Don't loose backwards compatibility just because you get spammed by a few bots. i stopped posting at mapcenter because i had to type in that stupid number every time i visited. 

i browse regularly with javascript disabled. Don't loose backwards compatibility just because you get spammed by a few bots. i stopped posting at mapcenter because i had to type in that stupid number every time i visited. 

Maybe another way to solve this is to have people vote spam threads and messages off (e.g. put a button "report as spam" next to each message, and if at least x people click it, hide that message). 

server hung when posting and refresh of the thread didnt shot my comment :/ 

i was under the impression that currently, you could not post without javascript. But you can? 

Why is javascript such a bogeyman anyways? Lots of sites break without it. 

http://forum.textdrive.com/viewtopic.php?id=1605
http://thresholdstate.com/threshold/3730/comment-spam-and-a-disheartening-realisation 

wouldn't it make sense to at least set the "noindex" flag for func? no wonder it's an easy target if it appears in google results so often... 

interesting read that second article, someone had sat down and actually thought the problem through to logical conclusions.
The question is ultimately ensuring the posters intentions... but that makes only moderation or buddylists useful.
Sigh.
It was good while it lasted, the internet and open forums and such. 

is really really good. and shows how all these systems are really really flawed.

also:
http://37signals.com/svn/archives2/introducing_the_troll_cap.php 

Accessibility mistake #4 (first one on that page) http://www.digital-web.com/articles/seven_accessibility_mistakes_part_2/


Sharing problems with the visitor

You want to protect your site from comment spam, e-mail spoofing, and content theft. But why should visitors bear the burden, and have to enter things they see � or cannot see � in images to submit an inquiry, when it really does nothing for their personal protection? Anything computer generated is hackable by a computer given enough time and dedication�even supposedly hack-proof CAPTCHAs.

Why should your visitors have to go through a multi-step sign-up process to ask you a question? It�s your problem when you get spammed�not theirs. Yes, it does frustrate the occasional prankster and gives you a chance to point out help devices such as your FAQ section, but it also means the visitors who really need to contact you have to go through a lot more steps than they should have to. How many times have you hung up the telephone in frustration after listening to all the options of an automated system?

very, very, true. Of course this is a site for the community, so it's as much our problem as yours, but still what he tries to say remains true.

/me thinks of map-center.com 

...If you don't use a shit browser like IE that supports lots of bizzare MS extensions to Javascript (ok, maybe I am just guessing, but IE is the only browser I know that lets sites add themselves to your bookmarks). Also, I guess if you visit lots of "free" hardcore porn sites and warez sites then you are asking for it. But I haven't had any problem in years (pretty much since I started using Opera, actually.)

The only problem I have these days is with the few remaining popup tricks people have, and Flash.

Flash is great when used well. I think Google video uses Flash to stream video data, and it seems a lot less of a pain in the arse than QT, RM or WMV. Flash animations are often fun, as are games. However, Flash ads, menus and sites built purely using flash for no reason other than to look cool (usually advertising some game or film) are not ok. They suck cock and are usually a PITA to navigate.

There are also sites which use Flash for just little things. Take the site www.kotaku.com for example. I really like the site, and visit it at least once a day, but they use flash for the fucking titles of news posts just so that they can use the font of their choice. It is hardly even noticeable... unless you are using a shit PC, upon which point Flash obliterates your machine until you close the window. If you disable flash, the titles are shown in a regular sans-serif font in the same colour. Big fucking deal?

Mind you, if you don't need javascript, don't use it either. 

The whole idea behind javascript was that it wouldn't impact the user experience at all -- javascript is already required, the javascript would work behind the scenes to make the submit form look normal to humans and look like nonsense to bots. I really don't want to do a CAPTCHA or any other thing that requires extra human involvement. Javascript seemed like the ideal hurdle since I don't think most bots will run the javascript they find on a page.

I understand that it's anti-accesibility to require javascript, but the whole point of the move is to make posting inaccessible to certain visitors -- bots.

But I also want to expand moderation powers a bit, becuase of course javascript is only going to be a temporary obstacle. 

I know you're not very keen on it but I've used a free service in the past thats very easy to get up and running. You don't need to piss about with getting graphics libraries and wotnot installed. They create the captcha images for you.

Website is: http://captchas.net/

You need an account, but its free, you just email them for it. You need to download a php class from there as well and they have an example of how to link it in here: http://captchas.net/sample/php/

You could have it up and running in 20 minutes, tops. If you want any pointers, well you know where I am.

Personally I don't have a problem with them, its a necessary evil unfortunately. 

i'd rather alienate a bunch of non-registered users (register, damn it!) than have to type in some bit of shit for every post i want to make. am i the only one who thinks that's phenomenally retarded? 

Either moderate unregistered posts, encouraging people to register. Once they're registered, they can use a Captcha to verify that they're indeed human.

Or, require a captcha once per IP/IP range, every other week or so. 

Are bots capable of posting from registered accounts? Maybe this is obvious, but if they can't post from registered accounts, and you still want to use captcha stuff, perhaps you could limit that requirement to unregistered users? Perhaps used in combination with various other methods such as IP blocking or limiting anonymous posting to X/(unit of time) that might reduce the frequency while causing a minimum of frustration.

I've gotta be honest, though: I'm not really concerned about the occasional spam message. There are already a few posts that I just ignore. However, eight in a row once every day or two kinda sucks.