Poll: Bug? feature? Who knows!
-
So as most of you saw, I got banned from discourse forums the other day. The ban lifted today, and I followed a link over there. ..
I was still logged in with my pre banned credentials so. ..
- bug
- feature
- bug masquerading as a feature
- lol
- File_Not_Found
-
What did you expect? Why would banning you delete your cookies or whatever it is that logs you in over there? I'd assume there just something like:
If banned then dont_show()
implemented and once the ban is lifted, there you go.
If you were still banned because your prebanned creds were banned... thats when I would worry.
Filed Under: Or am I not understanding something, once more?
-
Several features don't require session revaluation, likes, deleting posts, editing posts, updating titles as a leader, etc. You should theoretically be able to execute those commands while banned, provided you know the link structure (/posts/postid)
Probably something we could test here with @pjh
Maybe this weekend @pjh? Fiddler and a dream?
-
Maybe this weekend @pjh? Fiddler and a dream?
I'm going to be largely offline between this evening and Tuesday morning - off on a long weekend so won't be near a keyboard.
I'll have my phone with me though, so don't you lot go getting any ideas...
-
I'm going to be largely offline between this evening and Tuesday morning - off on a long weekend so won't be near a keyboard.
I'll have my phone with me though, so don't you lot go getting any ideas...
You probably shouldn't have told us. ;)
-
It's OK, I have a backup plan in place...
-
Option five: Fug. As in "fugly," which also describes Discurse.
-
Is it banning everyone and locking registrations until you get back in?
Filed under: Can you even disable new user registrations?, Or make them require mod/admin approval?
-
What did you expect? Why would banning you delete your cookies or whatever it is that logs you in over there?
The server should probably notice when he's banned and end his session.
-
Ironically, they do show you the 'logged out' screen, and if you log in, it reverts to the 'logged out' screen.
-
I'm going to be largely offline between this evening and Tuesday morning
So just ban him for the weekend, duh.
-
locking registrations
Did that on CS. Ages ago. The only people doing it were spammers.
Which brings up a point... where are they? We're three months in on DC, fairly certain it's discoverable from the front page now, but there's been zero spam. Famous last words and all that...
So just ban him for the weekend, duh.
Heh. That work fer ya @matches? :-D
-
Which brings up a point... where are they? We're three months in on DC, fairly certain it's discoverable from the front page now, but there's been zero spam. Famous last words and all that...
I have had this thought a lot. Is the registration process just better? Security through obscurity? Software that even spammers don't want to be associated with?
-
where are they?
Probably in the wings, considering it's a brand new forum system and the bots would have to deal with the overtly complicated framework if they aren't going to just automate something using a regular browser and sending click events at coordinates and simulating keystrokes.
-
I was rather more interested in how robust/broken DC's spam controls were.
That's one area of DC we've not looked at yet.
-
Well....at least @darkmatter has figured out how to create a bot that posts.
-
I was rather more interested in how robust/broken DC's spam controls were.
Oh man, this is gotta hurt.
if they aren't going to just automate something using a regular browser and sending click events at co-ordinates and simulating keystrokes.
As if that would give any predictable results...
-
If I'm bored enough this weekend, I might take a peek at what options there are to try and post without needing to be in a browser.
I'll have to be sufficiently bored to consider that an option as to how to spend time this weekend, though.
-
No, but it'd likely be simpler than trying to hook into their framework and making something work.
-
Software that even spammers don't want to be associated with?
+1, because low post IDs are a barrier to Unicode.
-
No, but it'd likely be simpler than trying to hook into their framework and making something work.
Even Dicsores can't hook into their framework and make something work.
-
+1, because low post IDs are a barrier to Unicode.
Sometimes I combine topic and post: +
-
Which is not a code point Chrome can/will display. Yipee.
-
I don't think it was a real code point.
-
-
Well, that would explain it.
-
Chrome doesn't even try to display that, not even a placeholder.
-
In preview, I get the black diamond with a question mark. Nothing in the regular stuff, of course.
-
In preview, I get the black diamond with a question mark. Nothing in the regular stuff, of course.
Just the standard place holder rectangle on both for me - I'm used to that here though as I've made no effort to encourage Chrome to display anything it doesn't display natively.
-
Chrome doesn't even try to display that, not even a placeholder.
My chrome does, but only in the preview :( I also see a blank in the regular post.
-
�
-
And it shows up in my post, but not when I refresh.
dicsoursistency for the win.
-
WHAT YOU SAY, WHERE U GO?
-
You can do that after Monday, when I get my occulus rift.
-
Over on meta. D people have been complaining about tens of thousands of spam posts, so my guess is they are still targeting cs for whatever reason, and haven't picked up we've moved on yet. Probably because there's still activity on the old board and its returning valid data.
-
Got a link? I looked over there for spam stuff and most of it is pretty old. Disco-search is TRWTF, of course.
-
Here's two, i'm not digging for more.
https://meta.discourse.org/t/spam-problem-52-spam-posts-in-one-hour-cant-delete-spammer/10283
https://meta.discourse.org/t/spambots-from-tor-exit-points-keep-taking-over-my-forum/17454/42
-
Ah, yes, I recall seeing the spambot Tor thing. The other one I came across in my search, but it's from last October.
-
Could always just ban anything that creates or modifies a post from a Tor exit point. It's not like we allow true anonymity here anyway, nor discuss anything that requires concealing our identities carefully.
(Governments of the World! You're advised to vet your systems for IT WTFs ASAP! Make it so that we don't have to talk about what you're doing in the field of our expertise. You Have Been Warned!)
-
Yup, Hanzofication™ provides you with all the anonymization you'll ever need! No need for using Tor in addition.
-
-
What's funny in that thread is <a @twatwood saying "it's impossible to spam Dicsores because $TOO_HARD_TO_UNDERSTAND_YOU_MAROONS", and @sam following it up with
At the root though we are a simple JSON API, you don't need to look at any code to figure out how to spam us
To which Jeff saysAnd anyway, our deeper problem is verified real human spammers, there it does not matter either way and the techniques are totally different.
It's a classic "get caught bullshitting, claim you were *actually* saying something else" gambit, but I don't even think he notices he's doing it.
-
Filed
https://bitbucket.org/masamunewos/discoursebugs/issue/31/banned-users-remain-logged-in-and-only