In the eight months between my joining and Keba’s, we had 170 new accounts registered. In the three months since Keba’s registered, we’ve had seven hundred. The spam accounts are getting out of hand. Is there nothing we can do?
I suggested using reCAPTCHA a while back. I don’t remember why we never did…
Wakukee tried changing the account-creation confirmation URL given out in email, a while back, which sadly doesn’t seem to have made a great deal of difference.
I’m not entirely convinced that a captcha will help us here, as we’ve had at least a few human spammers get through (the ones that try to write a comment somewhat related to the blog entry), but I might try adding a trivia-quiz “Who invented Nomic?” type question to the signup page - a small challenge for an enthusiastic new player, but an excessive diversion from their busy work for a human spammer (who would rather spend that time signing up for and spamming two or three other blogs).
Okay, as of five minutes ago I’ve gotten rid of the CAPTCHA entirely and replaced it with the following message:-
Prove you aren’t a spammer. Sorry about this, but we’re an open blog, so we get a lot of spam accounts being created. To make things a little harder for the spammers, here’s a trivia question about BlogNomic (which should be easy for a keen player to solve with a quick look at our wiki, but enough to confound a spambot and waste undue amounts of time for a low-wage human spammer).
So all you have to do is answer the question “What currency was used in The First Dynasty of Elias IX?”
It accepts either the singular or plural of the correct answer, in any mix of upper and lower case. Does that seem reasonable?
I’ve also removed the ellipsis that Wakukee added to the activation link, since it doesn’t seem to have been making any difference. (In retrospect, it’s possible that the spambots automatically strip the full stops from the ends of URLs, in case they’re part of a sentence.)
It may also be a good idea to have nofollow put on all the links in comments and blog posts (if ExpressionEngine can do that). That gets rid of most of the spammers’ motivation, as Google won’t pay any attention to their links.
External links are already obfuscated (ie. this). Spammers don’t care, though - it’s quicker to just post your spam and hope it works, than to comb through archives trying to work out whether there’s a nofollow system in place.
The problem with that is that the googlebot will follow the redirect and they still get the link-juice they were after. It’s probably still a good idea to add rel=“nofollow” to those links as well.
I guess it can’t hurt. I’ve checked the outgoing link (the page a visitor sees if they visit the redirect URL without blognomic.com as the referrer) and put a nofollow on it. A bit puzzling that it wasn’t there already.
Thanks for taking my joining as a reference. How did you find out that data?
Oh, spam bots are really, really silly and do not know what a nomic is. Questions like “Who has invented Nomic?” or “As millions of complicated Rules suck, most Rules are repealed aboutall few months: Blognomic is divided into many Parts, these Parts are known as:”
Or really easy questions (for humans, not for bots): “Who is leading the current Dynasty? (the header image gives a hint)?” etc.
Kevan‘s question is to hard imho.
The concern isn’t spambots, it’s human spammers who being paid pennies to create accounts, and are able to answer simple questions. I picked something that would involve a little digging and deduction, but can switch it out for something easier if we like. (Asking about the current dynasty isn’t great, because it means we have to update the login code every time someone wins. Maybe something like “Who did the Surfer Dynasty belong to?”, which can be solved from the front page of the wiki?)
I’d suggest something easier - we don’t want to discourage new players from joining by putting a question that they think is too difficult to find.
Keba: Your username hyperlinks to your profile. The profile number can be found in the URL.
I like the idea, though maybe instead of just one question maybe have like 5 different ones that cycle around so a spammer can’t just ask someone that might be playing legit what the answer is.
That or maybe change the question once a week. Just my thoughts on it.
How about “What is the title of rule 1.9?”
Any new player would know where to find the answer, and human spammers may not immediately know what the question refers to.
Semi-relatedly, what do you think about having a “New Players Click Here” link in the sidebar containing a “tutorial” and links to the ruleset and FAQ. If necessary, we can make it visible only to visitors who aren’t signed in.
[Ienpw] Sounds good.
[Darknight] Maybe. We can see how we go with one simple question, for now - looking at the member list, we haven’t had a single spammer account sign up since I enabled the question yesterday, so maybe it’s enough.
[Purplebeard] That could backfire if we rename the rule and forget to update the captcha, and end up locking new players out without realising.
I’ve now changed the question to “In 2005, our 27th round was an
“Athenian” Dynasty - who did it belong to?” and mentioned in the blurb that it’s solveable by looking at the front page of the wiki.
BlogNomic is an online Nomic: a self-modifying game where changing the rules is part of the game. Players make blog posts proposing additions or alterations to the ruleset, discussing and casting votes in the comments: if enough vote in favour, the rules are changed and play continues.
The game has been running since 2003 and resets every month or so. Have a look around the wiki for more information and history. New players are always welcome and can join in the game at any time.
BlogNomic is powered by pMachine ExpressionEngine.
Klisz:
Nothing at all.