From: daitengu@ENSEMBLE.remove-fmv-this

Yesterday I finally disabled HTTP registration in ecwebv4. I've had a few spammers sign up and immediately drop spam messages into various echos.

I spent a little time looking to see if there was an easy way to add a flag to a user that signed up via HTTP, or set a specific security level, and it didn't
look like that was the case.

I'd like to re-enable HTTP registration, but disable the ability to post messages until they are manually verified. Does something like this already exist, or do I need to write a new signup module?

Thanks!

DaiTengu

... I got some powdered water, but I don't know what to add.

---
þ Synchronet þ War Ensemble BBS - The sport is war, total war - warensemble.com
--- Synchronet 3.17c-Win32 NewsLink 1.111
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

--- SoupGate-Win32 v1.05
* Origin: www.darkrealms.ca (1:229/2)

From: echicken@ECBBS.remove-fmv-this

To: DaiTengu
Re: HTTP user security levels
By: DaiTengu to All on Mon Feb 24 2020 13:27:18

Yesterday I finally disabled HTTP registration in ecwebv4. I've had a few

spammers sign

I'd like to re-enable HTTP registration, but disable the ability to post

messages until

they are manually verified. Does something like this already exist, or do

I need to

write a new signup module?

"newuser_level" in modopts.ini -> [web] specifies the security level that a user starts with, if they register via the web interface. Configure it (or your
message groups / subs) so that users with this level can't post.

I would like to add an email verifier at some point, and maybe I'll bump that up the list. Then they could automatically upgrade.

The last time I looked into preventing bot signups, it led down a bit of a rabbit hole. The best ways to prevent it often rely on third party services (recaptcha) which I don't want to turn into a dependency.

---
echicken
electronic chicken bbs - bbs.electronicchicken.com
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
--- Synchronet 3.17c-Win32 NewsLink 1.111
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

--- SoupGate-Win32 v1.05
* Origin: www.darkrealms.ca (1:229/2)

From: echicken@ECBBS.remove-pqa-this

To: DaiTengu
Re: HTTP user security levels
By: echicken to DaiTengu on Mon Feb 24 2020 14:53:20

"newuser_level" in modopts.ini -> [web] specifies the security level that

a user starts

with, if they register via the web interface. Configure it (or your

message groups /

Further to that, all of these are available:

newuser_level
newuser_flags1
newuser_flags2
newuser_flags3
newuser_flags4
newuser_exemptions
newuser_restrictions

https://github.com/echicken/synchronet-web-v4/wiki/Configuration

So instead of using the security level, you could also use a flag or restriction.

---
echicken
electronic chicken bbs - bbs.electronicchicken.com
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
--- Synchronet 3.17c-Win32 NewsLink 1.111
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

--- SoupGate-Win32 v1.05
* Origin: www.darkrealms.ca (1:229/2)

From: echicken@ECBBS.remove-x85-this

To: DaiTengu
Re: HTTP user security levels
By: DaiTengu to echicken on Mon Feb 24 2020 14:59:49

Has anyone told you that you're awesome, lately?

No, they've mostly taken issue with my choice of words. :(

Thanks - and see my other reply about flag sets and exemptions/restrictions; some of those might also be of use.

---
echicken
electronic chicken bbs - bbs.electronicchicken.com
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
--- Synchronet 3.17c-Win32 NewsLink 1.111
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

--- SoupGate-Win32 v1.05
* Origin: www.darkrealms.ca (1:229/2)

From: daitengu@ENSEMBLE.remove-k9b-this

To: echicken
Re: HTTP user security levels
By: echicken to DaiTengu on Mon Feb 24 2020 03:05 pm

"newuser_level" in modopts.ini -> [web] specifies the security level
that a user starts with, if they register via the web interface.
Configure it (or your message groups /

Has anyone told you that you're awesome, lately?

Because you're awesome. Thanks for this!

DaiTengu

... In the long run, we are all dead.

---
þ Synchronet þ War Ensemble BBS - The sport is war, total war - warensemble.com
--- Synchronet 3.17c-Win32 NewsLink 1.111
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

--- SoupGate-Win32 v1.05
* Origin: www.darkrealms.ca (1:229/2)

From: rampage@SESTAR.remove-ks6-this

To: DaiTengu
Re: HTTP user security levels
By: DaiTengu to All on Mon Feb 24 2020 13:27:18

Yesterday I finally disabled HTTP registration in ecwebv4. I've
had a few spammers sign up and immediately drop spam messages
into various echos.

if you have your HTTP logs turned on, it would be nice to know the user agent(s) of those signups...

I spent a little time looking to see if there was an easy way to add a

flag to a user that signed up via HTTP, or set a specific security level, and it didn't look like that was the case.

i don't kow of a flag but a UA block would be a nice addition... kinda like the
way apache web server can block UAs...

I'd like to re-enable HTTP registration, but disable the ability to post

messages until they are manually verified. Does something like this already exist, or do I need to write a new signup module?

maybe use onf of the available email signup validators? if the bot is already written to handle the ecweb4 form, it may already be able to handle the sbbs registration emails... that remains to be seen, though... i think i've only had
one or two sign up
via the default runemaster interface but they've done actions like a real user since then... nothing like a bot might do...


)\/(ark

---
þ Synchronet þ The SouthEast Star Mail HUB - SESTAR
--- Synchronet 3.17c-Win32 NewsLink 1.111
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

--- SoupGate-Win32 v1.05
* Origin: www.darkrealms.ca (1:229/2)