# Membership Approval Now Required



## Admin US West (May 10, 2013)

We are now requiring membership approval of each new member. The reason for this is the 400 new account signups by spam robots each day. 

Approvals usually take as day or less to complete.

We are weeding out the spam accounts, but that will take time.

We will not approve membership if the account name looks like a advertisement, is a e-mail address, or just sounds phoney, It is definitely better if a account name has some recognizable link to photography.


----------



## jdramirez (May 10, 2013)

April 1st... was 6 weeks ago... but cool if that is indeed what yall are doing.


----------



## Hobby Shooter (May 10, 2013)

Makes sense, will you leave a message box for the person applying say something about him/herself?


----------



## Forceflow (May 10, 2013)

Well, as an already registered user I don't mind this, but why are you not implementing a Q&A process? Ask a specific question during the sign-up and tell the users that the answer is on your help site and not on the register page. Anybody answering that question correctly will have been a human and not a bot. Should weed out quite a bit of the bots. (Got rid of 99.99% of all SPAM accounts on my two forums)


----------



## meli (May 10, 2013)

You could get creative with the sign-up page, lets say for example that there was an image (pulled between 6-7 different ones) with a simple field such as "what type of photography is this" and the answer rotating between landscape, portrait or sports, Sounds dumb enough that it might actually work.


----------



## expatinasia (May 10, 2013)

CR Backup Admin said:


> It is definitely better if a account name has some recognizable link to photography.



Not sure I agree with that last little bit at all. 

I know how hard it is to deal with the bots which are getting smarter and smarter everyday. But it is a fine balance, between stopping the bots and trying to make enrolling as easy, simple and *fast* as possible for those that are real and want to join.

As forceflow suggested, using a form of CAPTCHA of some kind would help reduce this. Even if it means showing a picture with a maths puzzle and asking the person to calculate the total, or something else.



CR Backup Admin said:


> Approvals usually take as day or less to complete.



Not good. I probably would have joined another forum during that time, and would have no interest in returning here. And that is the danger. Anything other than pretty immediate membership could have dire consequences on the future growth of the forum.

Anyway, I wish you luck.


----------



## Hobby Shooter (May 10, 2013)

expatinasia said:


> CR Backup Admin said:
> 
> 
> > It is definitely better if a account name has some recognizable link to photography.
> ...



I agree with your last point, let's hope they find another way around it


----------



## CanadianInvestor (May 10, 2013)

The out-of-proportion costs of imposing such protocols I see everyday in my day job as an M&A specialist and they will reap few rewards for legitimate users. Good luck in implementing these changes. 

I guess my account name would have been flagged since it has little to do with photography!


----------



## Sith Zombie (May 10, 2013)

Fair enough, Everybody hates a spambot. I'll be able to link to my website in a few weeks once its done but don't mind answering a question or something. No maths though! I'm terrible at it .


----------



## Rienzphotoz (May 10, 2013)

Fair enough ... but a day for approval? :-\


----------



## zim (May 10, 2013)

Naah just ask how much DR a Nikon sensor has, no real Canon user knows the answer to that…. No…. oh wait.… dooh 

(sorry someone had to ;D )


----------



## funkboy (May 10, 2013)

http://en.wikipedia.org/wiki/CAPTCHA


----------



## Click (May 10, 2013)

CR Backup Admin said:


> ... It is definitely better if a account name has some recognizable link to photography.



[email protected]


;D ;D ;D


----------



## J.R. (May 10, 2013)

CR Backup Admin said:


> We will not approve membership if the account name looks like a _advertisement, is a e-mail address, or just sounds phoney_, It is definitely better if a account name has some recognizable link to photography.



This is way too subjective and what may be an advertisement / email / phoney to you may just be perfect for someone else. Compound this by the fact that the username will be rejected after *one *day I doubt a genuine user who is rejected will bother to try again (I certainly wouldn't, but that's just me). 

IMHO a captcha is a better idea as suggested above.


----------



## bvukich (May 10, 2013)

Rienzphotoz said:


> Fair enough ... but a day for approval? :-\



It's usually more like an hour or two max.

And the only person I've rejected so far was someone that already had two accounts, and for some reason felt the need to sign up for a third.


----------



## junkwerks (May 10, 2013)

Do I look phony? Yes, actually I do. But I am not a spam bot.

It is a serious problem. Hope a way is found to lighten the admin load. Maybe a series of questions that reasonably intelligent individuals could figure out how to answer. 

Oh, never mind...


----------



## bvukich (May 10, 2013)

J.R. said:


> CR Backup Admin said:
> 
> 
> > We will not approve membership if the account name looks like a _advertisement, is a e-mail address, or just sounds phoney_, It is definitely better if a account name has some recognizable link to photography.
> ...



You'd be surprised how non-ambiguous some of the attempts are...

khlhkjh001
khlhkjh002
khlhkjh003
...
khlhkjh999

All signed up in a matter of minutes from the same IP address.

Usernames that are obvious spam URLs...

And also the people that set up sock-puppet accounts.


----------



## RAKAMRAK (May 10, 2013)

Please do not delete me. I am human not bot and never send any spams.

And by the way my screen name is the reverse of my actual surname.


----------



## 2n10 (May 10, 2013)

I mod on a forum and we were hit recently with tons of spambots and spammers. Admin had not updated the captcha and question. After those two things were done we have had a lot less spam issues. The time taken to review the names before approval will cut back the spammers even more.
Sucks but is necessary. Good job.


----------



## distant.star (May 10, 2013)

.
I appreciate being told about this. If I recommend this forum to someone, I can let them know in advance they have a gate to go through -- no big deal.

My hat's off to those of you dealing with the barrage of assaults by those who want to prey on the community here. Thanks!


----------



## Admin US West (May 10, 2013)

Forceflow said:


> Well, as an already registered user I don't mind this, but why are you not implementing a Q&A process? Ask a specific question during the sign-up and tell the users that the answer is on your help site and not on the register page. Anybody answering that question correctly will have been a human and not a bot. Should weed out quite a bit of the bots. (Got rid of 99.99% of all SPAM accounts on my two forums)


Those who sign up must answer two questions. Robots unfortunately know this and have a ton of questions and answers programmed in to them. They are always one step ahead.

There are huge halls full of people working for spam companies who do nothing but create accounts. I mentioned Robots, but its those human assisted robots that are the issue.

They concentrate on the larger web sites because that's where the exposure is.

We have other measures taken that keep them from posting, but they are loading up the server with almost 1/2 million user accounts, and 90% of the online users were spammers. That's already down to 10% or less.


----------



## RGF (May 10, 2013)

Sorry you have to do this. You could charge a nominal fee, $1, to deter the spammers. Not sure if many people would be not enroll based upon the fee.


----------



## Rat (May 10, 2013)

RGF said:


> Sorry you have to do this. You could charge a nominal fee, $1, to deter the spammers. Not sure if many people would be not enroll based upon the fee.


I wouldn't shy away from spending a dollar, but I'd hate to hand out my personal data to every forum I'd want to talk on. For that reason: no thanks


----------



## wsmith96 (May 10, 2013)

Thanks for keeping this site as "clean" as possible.


----------



## rpt (May 10, 2013)

funkboy said:


> http://en.wikipedia.org/wiki/CAPTCHA


+1000
You could also use recaptcha.
http://www.google.com/recaptcha


----------



## Click (May 10, 2013)

wsmith96 said:


> Thanks for keeping this site as "clean" as possible.



+1 Thank you administrators and moderators. You're doing a really good job.


----------



## rpt (May 10, 2013)

Click said:


> wsmith96 said:
> 
> 
> > Thanks for keeping this site as "clean" as possible.
> ...


+10,000,000 and more.


----------



## Don Haines (May 10, 2013)

bvukich said:


> Rienzphotoz said:
> 
> 
> > Fair enough ... but a day for approval? :-\
> ...


I've wondered about that.... how can one tell if it is someone with two accounts or two people who use the same computer... husband/wife/partner/kids.....

I've resisted the urge to get two accounts.... but if I did I could argue with myself and always win 

Seriously though, you do a great job of keeping the forum clean. It is a generally thankless task, so let me be one of those saying that they appreciate the work you do.


----------



## Admin US West (May 10, 2013)

J.R. said:


> CR Backup Admin said:
> 
> 
> > We will not approve membership if the account name looks like a _advertisement, is a e-mail address, or just sounds phoney_, It is definitely better if a account name has some recognizable link to photography.
> ...




Of course, we use captcha. 

With human assisted spambots, its no barrier, and most robots read it as well. Those who think captcha is fool proof are out of date, 10 years out. Captcha is like a screen on the front end, each step filters out a few potential spammers. We don't reject someone unless their user name is clearly out of line. Rules are not posted just to help spammers get around them.

We check new signups for duplicate ip's, internet providers, and a warning pops up if they have been banned before. Its far from fool proof, just another screen to filter out what we can.


----------



## Forceflow (May 10, 2013)

CR Backup Admin said:


> Forceflow said:
> 
> 
> > Well, as an already registered user I don't mind this, but why are you not implementing a Q&A process? Ask a specific question during the sign-up and tell the users that the answer is on your help site and not on the register page. Anybody answering that question correctly will have been a human and not a bot. Should weed out quite a bit of the bots. (Got rid of 99.99% of all SPAM accounts on my two forums)
> ...



Well as soon as you hit real humans you are of course facing serious issues. I just did a quick trial register to see the questions you have and those are way to easy to answer. You must ask a question that cannot be answered from being on the registration page! You have to force the user to go to your help page to get the answer. That adds an additional step that is a huge problem for bots and even throws a wrench into SPAM-humans. Alternate the Q&A on a regular basis and I am very confident that you will loose most of the SPAM registration.
It's very easy to do for the one time registration a real user does but seriously adds overhead to any sort of automation.


----------



## expatinasia (May 11, 2013)

CR Backup Admin said:


> Those who think captcha is fool proof are out of date, 10 years out.



I doubt a single person here thinks CAPTCHA is fool proof, and I certainly didn't read such a post. Also it is a system which may be around 10 years old, but has only been in common use for the past 5 year or so, and until someone comes up with something better it remains one option.

Anyway, I join others in thanking you for the work you do. I have worked on high volume forums in the past and it can be a nightmare.

Of course most of these bots - whether they be human bots, clever code, or a combination - nearly all want one thing - links. I would suggest you remove a member's ability to add a link to his/her signature, and manage how (or which) users can add links posts. Once you do that all the bots will (slowly) realise that it isn't worth their time trying to push through the system.

Good luck.


----------



## fugu82 (May 11, 2013)

Thanx again for working to keep this superb resource up and running. I continue to be amazed that there is no way to send like 147,000 volts back down the lines into the spammers vile little CPU's. Stupid Laws of Physics........


----------



## jdramirez (May 11, 2013)

CR Backup Admin said:


> J.R. said:
> 
> 
> > CR Backup Admin said:
> ...



Captcha got so advanced that I couldn't figure out what the code was... so if Captcha is on its way out... I'm happy to see it gone.


----------



## J.R. (May 11, 2013)

CR Backup Admin said:


> J.R. said:
> 
> 
> > CR Backup Admin said:
> ...



No security is fool proof and I wouldn't dare to say that a captcha is the "only" solution. That said, I guess we are on opposite sides of the table here with users wanting easier access and the mods wanting a better QC over the sign up process. 

Cheers ... J.R.


----------



## pedro (May 11, 2013)

I think it is a right step forward. My nickname here is pedro. It refers to my affinity for latin america. And it is also linked to me as an enthusiast photo amateur. Once you want me to change it into "Peter Hauri Enthusiast Photo Amateur", just mail me ;D Oh, as long as I keep my posting credits, though... 8)


----------



## AprilForever (May 11, 2013)

J.R. said:


> CR Backup Admin said:
> 
> 
> > J.R. said:
> ...



When a forum gets too hard to join, it slowly dies off. Most forums which make it hard for me to join or do stuff on I never use, even if I get accepted. I think that the combination of captcha and a set of questions would stop a lot of bots... stopping human spammers is more difficult... If, somehow, it can be programmed that they cannot enter links anywhere for about 15 posts, that should help things... Though that also might alienate a few new posters. This is a little like the debate of liberty vs. security, or strength vs. mobility...


----------



## rpt (May 11, 2013)

Man I am glad I registered when I did! I went to the register page to check out the captcha and questions and I am guessing I would have flunked!

I mean, I never bought or used Nikon. So what do I know of the colour of the lens? I could guess - they are the dark side so may be dark grey or black? ;D


----------



## J.R. (May 11, 2013)

rpt said:


> I mean, I never bought or used Nikon. So what do I know of the colour of the lens?



That should give you a gold plated approval already ... Stop messing about with those captchas. ;D


----------



## rpt (May 11, 2013)

J.R. said:


> rpt said:
> 
> 
> > I mean, I never bought or used Nikon. So what do I know of the colour of the lens?
> ...


The captchas are cool. It is these darned trick questions that get me... 

So if asked "what is 2 and 2" the best answer is "it depends" (and that works for most questions too - try it out - you would be surprised...)

So is this an arithmetic question, is it a binary logic question, or is it just messing with your mind? I can elaborate - the answers are:
A. 4
B. 2
C. 22

See, It is hard to answer such questions...


----------



## J.R. (May 11, 2013)

rpt said:


> J.R. said:
> 
> 
> > rpt said:
> ...



Damn ... I've been trying to explain to the shareholders that the answer is 5 and that is not even listed as an option


----------



## Admin US West (May 11, 2013)

pedro said:


> I think it is a right step forward. My nickname here is pedro. It refers to my affinity for latin america. And it is also linked to me as an enthusiast photo amateur. Once you want me to change it into "Peter Hauri Enthusiast Photo Amateur", just mail me ;D Oh, as long as I keep my posting credits, though... 8)


The type of weird user ID's the spammers use are like "#nbhiortn[hysqwuiolv]" Actual ID  


No problem with a ID like Pedro, we have contacted only one member and changed their display name for them, since it was a web site .com name intended perhaps to boost their google ratings? We do let people link to their web site in their signature. This is what many spammers try to do, so we watch for that.

Email addresses like [email protected] are a dead giveaway. Even more obvious emails are from [email protected] or [email protected] or 
[email protected]


We can block domains that are big offenders, which is why 98% use gmail.


Users can go to their profile and change their display name without affecting their user id. This is simple and easy to do.


----------



## rpt (May 11, 2013)

J.R. said:


> rpt said:
> 
> 
> > J.R. said:
> ...


Hmmm 5
Simple. Obviously you are not an engineer. You are an economist. So we need to add inflation. I'd say that is option D. 5 = (4+4) + 20%...


----------

