I'll continue to make some progress on the Guild and get registrations turned on again ASAP. I'd like to try to avoid too much
bikeshedding. Yall give me way too many excuses for procrastination. Look how long this post is.
The amount of noise generated by a change is inversely proportional to the complexity of the change.
Currently, I'm visiting my parents in the Texas countryside, so I have some solid chunks of quiet and time.
Right now, I'm going to build a quick feature for mods that lets us toggle on/off registration. That way any of us can allow registration and then, worst case scenario, disable it if the spambots come back immediately. It's simple to build. Also, if it turns out that a ratelimit isn't good enough, then mods can disable registration while they clean up the forum or something.
This feature could turn into some sort of "we're-under-spambot-attack mode" toggle once I get the ratelimit done which would jack the ratelimit up while mods are offline.
Also, I'd like to reassure that my goal here is to limit mass-spambot destruction while maximizing newbie participation, so I won't be happy if any aspect of the proposal is significantly affecting legitimate newbies and if it was, my objectives have failed and I'd reiterate.
10 minutes might be a bit of an overkill, even for new users only. As I have noted, I tend to find out 5 seconds fairly quickly, with legimate posts I actually wanted to make (never mind that five seconds would not prevent timeout-related double-posting, anyway)... About thirty seconds is something I'd personally be able to tolerate, if it was something that went away sooner rather than later.
Yeah, the params can be tweaked. Ideally on the fly so that we can put the forum into an under-attack mode while still allowing new users to join. Also, the idea of the moderation-queue is that we can quick-approve new users (disable the ratelimit) if they seem legitimate, which means the ratelimit is primarily to limit the damage of spambot registrations while mods are offline.
<Snipped quote about users getting the power to nuke spambots> This seems to be far too dangerous. I've seen far too many griefing incidents, and if it was a fairly unknown and none-too-confrontational user who was targeted, it might easily slip attention. I don't think less-than-mods should have that kind of power. By default, only mods are the users you trust enough.
The idea would be that it's hard to gain the community-nuke ability, easy to lose it, easy for mods to review it, easy to reverse decisions, and impossible to farm an account for the ability without being a genuine member for quite some time.
Like most abuse, it doesn't really happen too often in practice. To respond to your scenario, if 5 established-member butt-buddies conspire to nuke someone, then (with the most naive implementation of the system) the victim would be nuked until a mod reverses it. But it also means we get to evict 5 toxic members from the community. More likely is that the community can also vote against nuke-votes and then mods just ban the abusing member. Kind of a lame way to get perma-banned, no?
Also, the difference between a report->nuke system and a community-nuke->review system is that the latter cleans the forum up immediately and isn't bottlenecked by moderators.
This feature is the most fun to talk about, but it's also the least likely to ever get implemented and doesn't even have a shot until we're happy with the features on the list, so I don't want to over-emphasize it with too much attention. Even in the worst case scenario that everyone abuses it, then I'd just turn it off and we wouldn't mention it ever again.
Just to add my two-cents, any kind of rate limit for established accounts will easily break any speed-posting focused RP like my own. Removing the limit for older accounts is an absolute necessity.
Absolutely. The ratelimit is purely for new users and it falls to 1-second very rapidly, as in, within 10 posts. I might disable it entirely for new users posting from residential IP addresses since those are hard for spambots to post from.
@NuttsnBolts: Hopefully my post answers your main concerns.
In terms of the posting restrictions, is it at all possible to limit thread creation rates? In my experience with the spambots they've generally created their own thread as opposed to posting in existing ones, which may change if thread creations rates are limited for new users, but further fixes can always be amended later.
In my mind, new users are far less likely to create a whole host of new threads shortly after joining as opposed to posting.
Yeah, posting includes creating topics.
@Shienvien @Ellri: Account age isn't enough because, although unlikely, it's possible to then farm accounts and wait for them to age. One of the purposes of the ratelimit being post-based is to force spambots to reveal themselves.