Feedback wanted urgently: Phone verification

[sleepy]

We are getting an increasing amount of real human spammers trying to post messages here on the forum. We can deal with the automated computer spam, we can deal with the human spammers from far off countries, but when the spam is originating from some spam agency based in the UK it is incredibly difficult to filter out.

So the options:

a) We can manually approve all new registrations, moderate a members first 20 or so posts and limit use of the PM system until they are a 'full' member.
We're really reluctant to go down this route because it takes an insane amount of time and it is extremely frustrating for new members.

b) We can install a system that requires you to enter a mobile number when you register. You are then immediately texted a 4 digit code which you type in. Your account is then verified and you immediately have full privileges.

This is what Gmail etc and some other forums are now doing and the feedback is it works really well. We can't really see any downside to it, but, your feedback would be appreciated. Please note this would not affect existing users, and there would be a system to bypass the process if you really didn't want to verify via phone (but it would take longer obviously).

Seems simple enough. Keeps the rubbish out. Do it.

 

[Mdt]

Saw the kitchen threads and wondered if spam. Think b is best option and wont tie admin down then, they can concentrate on proper forum stuff then. Just one question is phone numbers going to be safe? Am sure they will but for peace of mind etc.

 

[llamedos]

cant recall from when i signed up, do you use Captcha? if so dump it and use a question and answer system, pictures and questions are supposed to be best, ie thumbnails of say cat, dog,lamb,mouse and ask them to find the picture of the cat.

 

[JP1]

Phone verification rather than manual approvals for every new member sounds the way to go. We don't want a reputation for keeping new members waiting

 

[sleepy]

cant recall from when i signed up, do you use Captcha? if so dump it and use a question and answer system, pictures and questions are supposed to be best, ie thumbnails of say cat, dog,lamb,mouse and ask them to find the picture of the cat.

We are dealing with real humans, based in an office in the UK, manually registering accounts on here and posting spam.

We have a system that blocks 100% of computer generated spam but question & answer can't stop a human spammer from registering

 

[Blue.]

We are dealing with real humans, based in an office in the UK, manually registering accounts on here and posting spam.

We have a system that blocks 100% of computer generated spam but question & answer can't stop a human spammer from registering

Has to be the phone route then.

 

[ianw]

Yes the phone route plan b,seems best option

 

[sleepy]

Saw the kitchen threads and wondered if spam. Think b is best option and wont tie admin down then, they can concentrate on proper forum stuff then. Just one question is phone numbers going to be safe? Am sure they will but for peace of mind etc.

Yes this has been a major consideration. The plan is to store the number as an irreversible 'hash' in the same way that passwords are stored, so if god forbid the database was compromised the numbers (and passwords) are useless.
The only reason for storing a hash of the number is so as we can prevent people from using the same number to verify multiple accounts.

A bit more clarification:

We will store the number in the same way we store the passwords

ie. as a hash

Which means that the number (ie. 0123456789) is converted into a string that looks like this

sd9fu8sa9dfu8a9su890rew2j2089du09wuiowudrqwji0eqw9jrwiohjd

and it is non reversible

So if a new user signs up, we hash their number and compare the two hashes so we can tell if it is a duplicate.

But there is no way to retrieve the original number

 

[llamedos]

yes sounds like it is the only route then , just hope it dosnt put people off Can only try it and see

 

[JP1]

Yes this has been a major consideration. The plan is to store the number as an irreversible 'hash' in the same way that passwords are stored, so if god forbid the database was compromised the numbers (and passwords) are useless.
The only reason for storing a hash of the number is so as we can prevent people from using the same number to verify multiple accounts.

I take it you've ordered your kitchen by now?

 

[DrDunc]

Telephone, provided you can GUARANTEE database integrity from hackers?

Edit: to alleviate any worries, surely the automated telephone system could be set up to delete numbers after the four digit verification is complete if the new user wishes?

Now presumably you've got email addresses and contact info from the human spammers?

Now how could this be put to a good use..........

 

[Clive]

I cant see an issue with a phone txt verification system personally - all data is safe and regulated by the data protection act so no one can do anything with the info just like email addresses

I think its the only way to stop the few spammers that our systems don't detect getting through other than manual verification of resorting to banning free emails as other forums do and ther is NO WAY i'm going down that route when 99% of free emails are perfectly legitimate real people just wanting to use the forum

 

[multi power]

the phone rpute sounds fine to me, might not suit everybody so maybe keep manual, much slower regestration

 

[suffolksmallholder]

yes we could delete phone numbers once it has been used for verification I guess

I would be happy with this method Clive. We had an account that was hacked. This account was storing card details of existing customers. Luckily the card was a credit card and we received a refund. A warning though! The hackers were caught out because they went and spent their finds at Tesco.....
SS

 

[Clive]

I would be happy with this method Clive. We had an account that was hacked. This account was storing card details of existing customers. Luckily the card was a credit card and we received a refund. A warning though! The hackers were caught out because they went and spent their finds at Tesco.....
SS

we are very well protected here and they way the database stores member details means that even if a hacker did get in they would not get complete details so info would be useless to them

the worst a hacker could do to us is take the site offline which we could recover within an hour

TFF is as safe as it gets, we made this a priority when setting things up in light of farming forum history !!

 

[Walterp]

Gmail system using tel no works fine.

But why does anyone post spam?

 

[ianw]

I agree with clive,gmail uses this system and the chances of problems with storing numbers must be slim,I use different email accounts for banking,paypal,forums etc,I have a gmail for personal email use and log onto sites to read any messages never open emails in some accounts then there should be no problems with opening spam if that makes sense ie if it said tff message I'd log in here or ebay message I'd log in there and not had any problems from having a phone code

 

[ianw]

And @Clive check your spelling out in the title,bad spelling normally is spam

 

[Clive]

But why does anyone post spam?

they get paid for it - basically the more you mention a certain website etc on the web the higher Google might rank it as it sees the links as making the site relevant - spamming forums is gold for these people because it fools Google into thinking that people are talking about the spam site so it must be useful info

we have automatic filters to block all the robot spammers and they filter out hundreds of new member requests everyday, that's how big a problem it is. If we didn't block them the forum would drown in spam within a week

the issue is the non robot spammers - real people who can get past the filters we set - we are getting a few of them and this is why we are looking at another line of defense to stop them

all this is the reason BFF banned free email address registrations as they seemingly didn't have the technical nohow to stop spam any other way - however that is no solution IMO as it ultimately kills a forum. I think what BFF do right now is moderate new users first posts and if its spam delete and ban them ! that's a massive job that ultimately becomes to big to do so the doors end up closed. It also swells member numbers artificially as many listed are spammers banned after 1 deleted post !!

 

[Clive]

And @Clive check your spelling out in the title,bad spelling normally is spam

fixed !! fat fingers !