Factorio Forums

When reporting some spam in the general forums recently, I noticed it doesn't look as if links in user posts have rel="nofollow" (or equivalent). I'd strongly advocate adding rel="nofollow" to any outbound links posted by untrusted users. The lack of rel="nofollow" gives spammers a much stronger incentive to vandalize the forums, because receiving inbound links can improve their search-engine visibility; the spammer isn't advertising to Factorio users, they want to be seen by Googlebot. Conversely, linking to spam could cause Google to penalize this site. For more detail, check out the Google article on rel="nofollow".

I think this is one possibility.
But I doubt it will help, cause they are just bots, and it takes for a spammer only seconds to enter the captcha. The rest is automatic. He will not look beforehand, if we add "nofollow" to the links.

I see two more possibilities:
- shrink the rights of new users. For example: The urls are not parsed, no bbcode and no sig.
- make the login more strict (better captcha, for example a question like "How many arms does a long arm inserter has? Enter a digit.", a spammer doesn't know the right answer and will give eventually up, after entering "2", but someone, which had played it or even only wants to play it, knows the answer).

Here is an idea I had, I'm not sure how simple it is to implement - limit users to 1 post every 10 minutes until they have a few posts with replies from users other than themselves.
This shouldn't be a problem for real users, as they will probably have replies to their posts, and posting only every 10 minutes isn't that much of a penalty for a real human.

A bot on the other hand would presumable never get replies before his messages and profile are deleted, and this will limit the amount of messages they can post before their profile is deleted by a mod...

Edit: I mean only limit opening new topics, not replying to existing ones, as I think this could be frustrating - for a new user having problems running the game to have to wait 10 minutes before he can give more info about his system when people already try to help him

We'll see. My plan is to look with the devs into the forum and what can/must be done. Cause this forum is per sure not armed enough for going to Steam.

. o O ( And what I also don't want to loose is is "nice, personal, friendly community", one of the best I know. )

Ah, yes, I agree - keeping a nice friendly community is very important

I must admit I fear a little the Steam release as a moderator , even if I'm looking forward it as a Factorio enthusiast. I spend a lot of time reading all the posts to know whats going on in this forum, and trying to keep them as tidy as possible when I'm at home, but I have a job - and a terribly time consuming one atm. I try to process spambots as fast as I can, but there will always be some delay between the first spam post and the cleanup. Whatever good solution we can find to limit the spambot threat without punishing the legitimate users of the forum will be welcome.

I was thinking that maybe there could be a captcha-like confirmation whenever a new user (first tier of inserter) tries to post a link to any site that's not in a whitelist the forum admins would manage. The said whitelist would just contain places like youtube, imageshack, github. If the captcha-like confirmation is not processed, it would be impossible to post, and the account would be detected as potential bot, and adressed a template PM explaining that he has a limited time to adress a PM to a moderator (or post an explanation in a dedicated subforum) to explain what he's trying to do, and in case of no answer, auto-ban (not Autobahn haha ).

ssilk wrote:- make the login more strict (better captcha, for example a question like "How many arms does a long arm inserter has? Enter a digit.", a spammer doesn't know the right answer and will give eventually up, after entering "2", but someone, which had played it or even only wants to play it, knows the answer).

Even better, make it a screenshot and have them identify the entity pictured.

Be sure to test that you can't find the answer in Google Image Search.

But keep in mind, that you can't expect good knowledge of Factorio from new users.
Usually simple Q&A test is simple a efficient solution.

The current idea I now try is to couple the community and the forum in some way.

The idea is this:
https://wiki.phpbb.com/Authentication_plugins
As I understand it, I need to create these methods:
http://www.balakumarp.com/custom-login- ... tegration/
And maybe also change the registration-process...

My idea is:
- as a paid user you don't need to make the full registration to the forum, it takes the registration information from your community-account (maybe the same is possible also to the wiki?). Just log in with the same account as in the community and you are registered user.
- As non-paid user (and possible spammer) you need to make a full registration as now and until you are not made one post and waited one day you are in a group, that cannot post any links nor has a signature and so on.

I think that will surely avoid spam very efficiently and is not too hard on the other hand.

I would appreciate, if someone has a better idea or tips how to do this and what to watch for.

I'm not a security expert, but I feel the forum is less secure than the Factorio website :
Factorio furum is in http, I feel account information is sent from browser to forum uncrypted.
On the other hand, Factorio main site is in https (as soon as you try to authenticate), and communications are crypted from that point. It won't stop the NSA, but I guess it will stop the average script kiddie to get my account information.
Thus, I'm not sure I want my Factorio account information to be used for me to authenticate on the forum.

I'm not sure i'm understandable, if my post is too wrong, feel free to say so

Koub wrote:I'm not a security expert, but I feel the forum is less secure than the Factorio website :
Factorio furum is in http, I feel account information is sent from browser to forum uncrypted.
On the other hand, Factorio main site is in https (as soon as you try to authenticate), and communications are crypted from that point. It won't stop the NSA, but I guess it will stop the average script kiddie to get my account information.

I think we are speaking from different securities.
- Security of a website, so that no one can hook into it and nobody can steal all accounts.
- Security of a connection User <-> Website, so that no one can play man in the middle with this account.

To the second: https for this forum is planned.

Thus, I'm not sure I want my Factorio account information to be used for me to authenticate on the forum.
I'm not sure i'm understandable, if my post is too wrong, feel free to say so

Well, I understand, what you mean. Good point.

I discussed this here in Prague with slpwnd, and the opinion is so, that we want only one login to everything.
- There is a migration needed, so that we know, which current user in the forum is which current user in community (the factorio website is the community portal).
- You can also create something like a free account, that will enable the user to enter the forum, even if he didn't bought the game.

And all I need to know from the community-portal, is the username, and password-hash. Even the email doesn't need to be transfered, if not wanted; I think if someone provides it, well, then this is taken, otherwise it is taken from the community-portal.

With this I can create a registered user. After you have been logging into the forum for the first time, you can change of course the password, email and so on, it should work exactly as yet.

I think this kind of registration should work for forum, wiki and for example also the mod-database which we have been talking about here in Prague.

Another strategy spambot owners use is to build a database of answers to anti-spam questions. So ideally the questions should change frequently.

How using the number of Factorio copies sold as a question?