BPL Forum Posting Policy Revision in Light of Recent SPAM Attacks

[Ryan Jordan]

In recent days, backpackinglight.com, along with forums across the internet during the same time, has been hit with an automated forum spam attack from newly upgraded spamming software that is becoming increasingly sophisticated at circumventing anti-bot measures. The attacks on backpackinglight.com resulted in a level of spam that makes it nearly impossible to moderate manually with human moderators.

Consequently, we will be limiting forum postings and the creation of new threads to members only (M or MLIFE).

This is intended to be a short term change in policy while we evaluate a number of options as we move forward. One of the options we will evaluate is whether or not to maintain this restriction indefinitely, or at least until we are able to upgrade to new forum software.

My hope with this change in policy is that our forums will return to a very high level of quality, even at the sacrifice of some quantity from those users who have contributed in the past but have not been members of our website. To those of you specifically, I'm grateful for your contributions and will continue to explore options that allow for your participation in the future.

We will continue to make the forums publicly available so that the rich resource here can be read by the public.

I wanted to thank Roger Caffin for being an incredibly patient and persistent moderator during this time. Roger did a terrific job of keeping the impacts of the attacks to a minimum, of keeping me and our web developer informed, and working with our web developer to create tools for helping us efficiently deal with large quantities of spam.

Thanks for your patience with the spammers and with us this past week.

[Anonymous]

Ryan

During this trying time it might be productive to lower the yearly membership to $10 or less
to encourage people to join.

[Mary D]

Came in to see how things are progressing.

I think your decision was a wise one, although it's going to be hard on both members and non-members. A considerable number of the non-paying members contribute significant content to this forum, which has been greatly appreciated by us members. Hopefully a solution can be found soon to have automated controls on new non-paying members so these folks can come back. It's obvious, though, that the days of letting everyone have access are long gone.

At least you'll find out if the spammers want to pay to spam on this site!

Hopefully now Roger can do something besides chasing spam! Maybe get some sleep or go on a backpacking trip?

[Roger Caffin]

> At least you'll find out if the spammers want to pay to spam on this site!
I am sure we can accomodate them. How about $10 per posting?

Cheers

[a b]

What about adding one of those encryption puzzle widgets before each post can be made?
You know, that little box with distorted letters and numbers that requires a human brain to decipher.

If that could be added to the current software we could let everyone back in.

Maybe it would only need to be added to the new user registration page..

Just a thought.

[Roger Caffin]

> encryption puzzle widgets
CAPTCHAS? The latest version of the spamming SW can handle those.

Cheers

[a b]

i knew it couldn't be that easy…

Okay, so everyone has to complete a Sudoku puzzle before they can post… I am kidding.

[William Chilton]

If the spam accounts have been deleted, isn't it possible to allow all current members (paying or non-paying) to post on the forum, but stop the registration of new non-paying members?

[Nick Gatel]

If the spam accounts have been deleted, isn't it possible to allow all current members (paying or non-paying) to post on the forum, but stop the registration of new non-paying members?

---

A difficult decision and I don't have the expertise to offer up a solution. But not allowing non-paying members to post is going to make me less interested to participate in BPL. Many non-paying members are valuable contributors and greatly enhance the BPL experience.

The past couple of months I have spent very little time here as BPL has changed for the worst over the past year or so. This action seems to add fuel to downward spiral.

I vote to allow all current members, paying or non-paying, to continue to participate.

[James Marco]

Thanks, Ryan and Roger!

I would likely have chosen a different path, but, that doesn't matter. You have been very stressed this past week. I hope this is only temporary. I fear it may be permanent.

Many of the forum members are stressed, too. The decision to close the site is a good one. The spam and related issues have caused a number of BS threads and, more generally, a large distraction from the subject by members. Picking out which postings are good, which are spam, has been annoying.

I agree with the past policy of open registration, but, with software that is as sophisticated as what we have seen, this is not an option. If not for inept programmers running the spamming SW, they would be registering new users, logging in and spamming continuously: destroying the site faster than it is possible to humanly maintain. The BPL staff has shown that for a single admin, this is impossible.

This represents one of the things I hate. I hate that the dissemination of knowledge is now only to the wealthy. No, it does not prevent a user from reading what others have written. But , the *poor* user takes this as it comes, with no involvement, with no questions…with partial answers. If you can afford a membership, you can ask a question and expect a response to it. Is the cost of membership that high? No…not compared with the expense of the infrastructure needed to simply access this info. The fact that it requires any charge just goes against my grain.

Gear Swap is protected and posts replying to ads can be sent through external means. Anyone wishing to post publically will have to post an email address. I never use it (except for two small purchases,) but I may reconsider, now. I suspect others will need to simply post to forum members. (I have my own thoughts on the ethics of selling my older or used gear.)

This does not prevent a non-member from reading. Often, especially here, acquiring background on a specific subject is as important as asking a question. He is still free to read, I think. This site represents the single best resource on lightweight packing for anyone. It is supposed to be a magazine. Perhaps, this will return it to that status.

I agree with the need, if not the methode (but that’s just me.) Good Job, guys!

[Ken Thompson]

It's so unfortunate that it has come to this. Now a huge group are unable to use the forums.

Can we define temporary?

This comes at a bad time.

Hopeful that it is not too late for BPL.

How about telling us the exact dollar amount needed for switching to new software? Christmas is coming.

[Will Webster]

"This is intended to be a short term change in policy while we evaluate a number of options as we move forward. One of the options we will evaluate is whether or not to maintain this restriction indefinitely, or at least until we are able to upgrade to new forum software."

I recognize that fast action was required to halt a sophisticated cyberattack, but I strongly urge you NOT to make this the permanent solution. A much better approach would be to allow postings from registered non-members, with precautions during the registration process to ensure that they are not 'bots and perhaps a probationary period during which posts would be delayed and moderated.

I started here as a lurker, learning that I could backpack again despite middle age. That progressed to asking questions and benefitting from the help I received. I became a paying member in order to get access to the excellent SOTM and technical articles.

The way to encourage and grow membership is to keep the flow of high-quality articles coming, and keep the forums open to new people. Locking down the forums will degrade their quality, reduce traffic, curtail new and renewing memberships, and push the site into a downward spiral.

That's my 2 cents.

[Erik Basil]

This is only a partial lockdown (as opposed to going Read-Only), and so I applaud you for it. This is a measured response that should be effective flood control, if the only site compromise has been through the BBS security.

I've seen a few comments about how effective "new spam bots" are, as though that may be a reason not to engage in particular types of spam control. From the perspective of owning a much larger, much more active website that receives much more, and much more sophisticated, spam and hacking attempts inbound than BPL is, I can tell you that I have seen "this" before and that the fearful conclusions regarding the purported futility of anti-spam techniques is plain wrong. When you believe that, the spammers have already beat you.

As I am sure the Admins here are aware, the achilles heel for BPL is the BBS software. I am relatively sure that you've either solicited or received input regarding what the appropriate fix might be for that, but in the event you'd like a third party perspective, or just someone to step up and do it for you, please feel free to use my registration email address to contact me — or PM me an email to respond to.

This isn't the first time I've made this offer and I realize that fact may serve to devalue it. However, I also watched this get ahead of the site and I know what you're going through.

A little flood control is great, but you're still on a glide-path to doom. Shake it off and pull up. Change came.

[David Thomas]

An approach to consider is to create/require a very low-level membership level of $1 which allows posting but not Gear Swap or many of the articles. It would be better than the temporary restrictions in that there would be more options for current non-members. It wouldn't bring as many newbies into the forums as an open policy, through.

Better yet, deputize a number of the calmer existing members (there are a few who don't "run with scissors") and therefore offer a quicker response and shared workload to (1) approve the first 2-10 messages of any new member and/or (2) be quick on the "delete" and "ban member" buttons in response to spam.

This temporary situation does allow you do do a market survey, essentially. The price point for posting just went from $0 to $20(?). Look to see if you get any new members this week(s) of new restrictions.

[Kenneth Andreasen]

This should be possible without actually requiring a $1 payment.

Using PayPal, do a $1 checkout, but when instead of drawing the amount from the users account, cancel the transaction as soon as the user has authorized the payment. This way you can log the users name and email-address (and whatever PayPal gives you access to.) without requiring a payment, although a PayPal account and a credit card is required.

Might be a good idea to clear with PayPal’s terms and conditions before implementing.

[BlackHatGuy]

Necessary triage, it seems. I appreciate the difficult decision.

I do hope it's short-lived. As others have said, there is a great deal of content contributed by current non-members (I'm beginning to prefer that term, as many current non-members were long-term members in the past) and I'd hate to lose their voices for an extended period of time.

[BlackHatGuy]

Roger/Ryan,

Can registered non-members still PM others? Would a non-member try PM'ing me to see if it works?

Edit: Yup, non members can still use the PM system, in case anyone else was interested.

[James Marco]

"Edit: Yup, non members can still use the PM system, in case anyone else was interested."

Great! This will remove a lot of stumbling blocks to using Gear Swap!

[HkNewman]

Something had to be done and if upgraded technology isn't doable, this was the only option. Unfortunately the spamming technology will just keep becoming more potent and pervasive as time goes on, so an economic solution may be the only cure in the absence of deep pockets.

[Charles P]

I'm glad that steps are being taken to address the integrity of the forums, but, like others, I also hope that this is a temporary fix. I"m a new member and I participated without membership for months before committing. I needed to understand the community and the value the forums and organization had to offer before throwing down some coin (the forums to me tho are far more valuable than the articles). Banning non-members could have a detrimental effect, really hampering recruitment of new members and future growth.

This may be the easiest and most effective immediate measure, but there must be other ways. i participate in a lot of forums (backpacking to political to tech) and this is the only one that's been spammed like this.

[Ryan Smith]

+1 to everything Will Webster has said.

In order for the site to continue, it MUST be a temporary fix. And by temporary I'm talking 2-3 weeks maximum. Many people only find value in the forums & reduced traffic means the death to any forum. If the forum fails, membership will rely solely on the articles. With today's blogoshpere, BPL is no longer the only place to find UL content so we don't want to go there.

On the more capitalistic side, this could prompt someone to create a new UL website that addresses the issues we've all had for years. (or buyout this one). Either way, I hope everything works out for all involved. Except for the spammers of course.

Ryan

[Dena Kelley]

While I agree this is better than the constant spam, I also agree with some other people here that believe that non-members contribute a lot to the forum content. I hope this is very temporary, because it will definitely affect the flow of information on the forum. And while some people may decide now is a good time to join, others may resent the idea that they are being forced to join to participate at any level. What I would rather have seen happen would have been that new unpaid members would have limited posting powers where all posts would be subject to moderator review prior to posting them up, with an instant ban on any new spam attempts. With Roger being the only moderator, of course, that would not be feasible but there have been a number of us (David, Mary, myself, others) that have offered to step up and become temporary moderators to help with the spam situation. Perhaps that's not an option with this software, however. The forum I administrate is on PHPBB and the tools available there may be different.

[Tony Wong]

Would it make sense to have a $1 membership for new people signing up where it allows them acces just to the forums and a limited number of "intro to UL backpacking" articles for something like 1 month?

Allows people to experience the value of the forums and some of the articles.

Teaser version of a membership to give the new people a reason to sign up for an annual membership while limiting the SPAM problem.

-Tony

[Eric Lundquist]

There are several non-paying members who contribute more than the paying ones to the quality of the forums. During this time of member only forums I think that some of these top contributors should be gifted a temporary membership (1-month?) so that they can remain active.

Is it not possible to stop new registrations and thereby no new spammers? I assume you could, thereby keeping the ability of non-paying members to contribute.

Edit: I've removed some of my post after seeing Roger's reply regarding this being a temporary solution

[tyler marlow]

My renewal period just came up and I almost let it lapse.

I really love this forum but have been sad to see the way BPL is being run in some ways. I dont appreciate the lack of communication between BPL and us regular members in relation to the Lifers. Article content has taken a bit of a dive too.

I think that requiring membership to post would kill this forum.

I do understand the need though to do something about the spam. The forum was pretty much useless during the spam attack.

I hope this is only temporary, very temporary.

any non members that want to post in the meantime (except for gear swap) PM me and I'll be happy to post for you

[Author]

Posts