Can you image that a dialog between a webmaster and ISP tech support could be interesting? Not really. But it does happen occasionally. Please read on.
ISP Support: Hello :) How can I help you?
Webmaster: hello. Our site is very slow recently. Also lots of database disconnection. What’s up?
ISP Support: I see. Let me check.
ISP Support: Your site is being abused. Have you noticed that?
Webmaster: not yet. What’s wrong?
ISP Support: I see the same ip adresses making many many many connections at the same time
ISP Support: I had to ban about 500 IPs yesterday
Webmaster: I see. I'll have my programmer to look into it.
ISP Support: do you allow people to post to the site?
Webmaster: yes. It is a public social media site.
ISP Support: do they have to register and log in first?
Webmaster: The system does allow posting without login. Your point?
ISP Support: I was wondering how you stop people from spamming
Webmaster: we request a user to enter an authentication code before saving to prevent program to spaml
ISP Support: and does that keep the spam away?
Webmaster: yes. we occasionally see some manual spam and then delete it manually.
ISP Support: ok. But I need you to think hard.
ISP Support: what happens when a program tries to fill in the authentication code?
Webmaster: it is hard, because typically the code is a randomly generated picture
ISP Support: do you think the spammer cares if he has to try 9999 times before it works?
ISP Support: i mean, he isn't doing it by hand, does he care if his program has to try 9999 times? how do you think the server feels while he tries 9999 times?
Webmaster: good point. you noticed some clue from the log data?
ISP Support: I notice some clues from the server status, also, this is my job all day long i look at sites being abused :)
ISP Support: did you read recently in online news, spammer bots can now solve hotmail authentication images
ISP Support: no, the many many connections is a different problem :)
Webmaster: I did not see the news yet.
ISP Support: It was last week, along with a gmail password compromiseand a flash exploit.
ISP Support: You would not believe how busy the bad people are out there.Think how much they could accomplish if they turned all that energy to good!
Webmaster: agreed.
ISP Support: I know it does not seem completely fair, but when you build a website that tempts people to come abuse it
ISP Support: we have to hold you responsible :(
ISP Support: I realize you are trying to build a safe and usable site
ISP Support: and you don't want it abused
Webmaster: we are on the same side because we are the primary victim of such abuse.
ISP Support: in US law there is an idea called an attractive nuisance. A pool is the classic example.nobody wants a child to come through their gate and drown in their pool
ISP Support: but the law recognizes that certain things tempt people to do what they should notand strangely enough, the pool owner is held responsiblefor having extra extra extra good protection. just because the pool is soooo attractive
Webmaster: Understand..
ISP Support: a site that publishes visitor comments is very very very attractive to spammersso
Webmaster: Sure.
ISP Support: I have heard that bloggers have some solutions
Webmaster: like?
ISP Support: for instance a registration on one particular site can be used to post on many blogs, I forget what this system is called. But it is easier for the user than having to register on every site
Webmaster: I see.
ISP Support: and it let's the blog owner know that the visitor has a good reputation in the blogging community, that his post is likely to have value. I think you should research this type of tool.
Webmaster: Good idea.
ISP Support: the alternative is to require your visitors to register.but the problem is that bots are rather good at registering :( those authentication codes, often called a "captcha". when they are made of letters and numbers, wellthe programs to analyze the images are getting very good smart bots can read them correctly more and more of the time
Webmaster: we are going to rotate our authentication methods to reduce risks.
ISP Support: the spammers use tricks to get real people to solve them for them. they say "fill in the code to get a free download"or something like thatso some kid who wants to download porn, or a song, or somethingends up filling in the code for a spammer - it's
Webmaster: really
ISP Support: you know sesame street?
Webmaster: yes the famous kids show.
ISP Support: They often ask kids to pick: one of these things is not like the others, one of these things, doesn't belong! and then you present six pictures: five are cats and one is a dog. very very very hard for a bot to solve that kind of puzzle
Webmaster: Interesting idea.
ISP Support: so the real problem is that a webmaster would like a lovely website that takes care of itself and in reality, a site where the public can post is going to require moderators to constantly watch what is happening. because nasty things will pop upand they will reflect poorly on your productand they will make your hosting company upset :
Webmaster: Well, we can simply focus one thing a day, unfortunately while there are so many of them out there trying so many things to abuse the digital world.
ISP Support: yes, the bad guys outnumber us by a lot :(
ISP Support: have you considered not having any real public posts that are not approved first by a human being?
Webmaster: we did consider to have a pre-approval before posting, but it makes the site with much less traffic
ISP Support: I know what you mean
Webmaster: we need to grow first, otherwise we have no website problems but no revenue
ISP Support: it's a complicated problem
Webmaster: yes.
ISP Support: the slashdot model has other users rate the value of each postones that are rated up showones that are rated down get hidden away
Webmaster: Our system is doing pretty much this now.
ISP Support: perhaps a combination of methods is best: posts from unregistered visitors have to be approved, but registered users go right on to the site.
Webmaster: Agreed. Thanks a lot for sharing your insights with me. This type of conversation actually is a good blog article
ISP Support: hehe. you will turn our conversation into site content!
Webmaster: valuable stuff for readers.
ISP Support: yes
Webmaster: really enjoyed my conversation with you today. I'll send you the link of the blog article based on this conversation "A Dialog between a Webmaster and ISP"
ISP Support: ok :)
ISP Support: byebye!
Webmaster: bye now
No comments:
Post a Comment