PMO

[badger11]

Another thank you to Tony for providing a safe environment in which to write.

Two poetry sites I use have been attacked by spammers/hackers in December. It looks as if one will no longer function.

[Tinker]

I am so sorry to hear that Badge, but yes a Big Thanks to Tony who works diligently to protect this site.

~~Tink

[tonyv]

So sorry to hear about the what happened at the other sites. Vandalism is shameful, such a disgrace.

We've all been through a lot, going back at least a decade to the PC days where many of us met. I don't know what the circumstances of these two other sites were, but are there any updates? Have either or both been restored?

I remember even in the early PMO days there was a lot to learn. We were using free forum software/hosting and lost one site (the first PMO) to a purported database crash! On the next one, we had another bad free forum experience. The host we chose to use held the database hostage and wouldn't release it;  the existence of the forum was entirely at the host's discretion/mercy. We couldn't even buy the database from the host to use it with another provider. The only reasonable, practical answer was migration to paid forum hosting at a solid, reputable host, and that's where we are today. The host's business model has changed a bit with the times, too. It's now the "community in the cloud/software as a service" model that we're on today. I've been assured that this is the most practical, secure way with built in redundancy (multiple points of access) for very little downtime and regular backups.

The other side of it is more hands-on on my end. PMO welcomes new members, but they have to ask. Spammers and miscreants are looking for easy targets: just click "join" and start defacing. All of our legit, quality members for the longest time now have followed the simple instructions for joining, sent an email, and been admitted without a problem. And yes, we have "rules," but in case someone hasn't noticed, we're not so heavy-handed with them. They exist in case a troublemaker contemplates joining. There are none here. We have such a good group that in all of PMO's history I can't remember ever having to "moderate" anything. Everyone for the most part moderates himself. That's maturity, civility. And pretty much anything (with few exceptions e.g. pornography, promoting child abuse, calls to violence, endorsing political candidates, etc.) goes when it comes to what may be posted as art, so long as the token content warning (the "[R]") is used in the title link when deemed necessary.

I also take pride in having been able to keep the forum ad-free. Thankfully, I haven't needed that. I can't stand bloated sites, filled with ads. Everywhere I turn whether online or in person someone is spamming me with ads, trying to sell me something. It's even ever-present with stuff I pay for like my cable and internet provider. You know how it is. Pay them a load of money and then when you go to their websites you have to sift through the rubbish to get to a core component, one that you're paying for like the television schedule. There's no outside advertising on PMO. I hope to keep it that way. Members are encouraged to use the site to promote themselves as writers/poets, artists.

I appreciate and enjoy all of you and your meaningful participation.

Tony

 

[badger11]

Tony the the sites involved were

 

Eratosphere

https://www.ablemuse.com/erato/showthread.php?t=28860

 

and MWC

http://mywriterscircle.com/index.php?topic=63280.0

[tonyv]

3 minutes ago, badger11 said:

Tony the the sites involved were

 

Eratosphere

https://www.ablemuse.com/erato/showthread.php?t=28860

 

and MWC

http://mywriterscircle.com/index.php?topic=63280.0

Unbelievable on Eratosphere. I never would have expected that one.  I did hear from someone at MWC and exchanged a couple of emails yesterday. 

[badger11]

An update from admin at MWC who are still deleting spam manually (I suggested they turn off their current registration process):

Quote

Thanks for your comments and yes, it is time consuming but necessary at this time.

We don't allow automated sign ups, there is a verification in place (new sign ups get a verification email that they have to click in order to log in for the first time) and we have a captcha in place, so we have all the usual security measures in place, which is why the influx of spam and inappropriate posts is a bit of a head scratcher at this time.

I'm working directly with the dev team each day to monitor the situation, and according to the log files there is a huge amount of spammers being blocked, so we are definitely moving in the right direction, we just have a few more holes to patch up before I can confidently say we're all good.

Thanks to everyone for your patience, and I do apologize for not being able to address these concerns in a timely fashion.
Jameela

I don't understand that comment because it suggests that someone would have to click a verification email.

[tonyv]

17 hours ago, badger11 said:

An update from admin at MWC who are still deleting spam manually (I suggested they turn off their current registration process):

"  ... We don't allow automated sign ups, there is a verification in place (new sign ups get a verification email that they have to click in order to log in for the first time) and we have a captcha in place, so we have all the usual security measures in place, which is why the influx of spam and inappropriate posts is a bit of a head scratcher at this time ... "

Quote

I don't understand that comment because it suggests that someone would have to click a verification email.

Here are the options I have in the admin panel:

As you can see, I've selected the option where I manually approve every member. I don't even bother with the email option, because I require prospective members to write me an email asking to join, and a spammer is unlikely to do that; if I receive an email asking to join, it's unlikely to be from a spammer. As for the spammers' successful email validation and captcha completions, there can only be two possibilities: spammers are manually completing those tasks (less likely) or they have some automated way to do it (more likely).

There may be a setting that would make it so new members' topics/posts have to be approved by a moderator and, until they are, their titles won't even be visible in the forums' topic listings except to moderators. But these kinds of settings have to be made in the admin panel by the admin himself or he has to allow other members access to the admin panel to tweak the settings.

It's not surprising that the spam onslaught is ongoing. If I enable registration and leave it open even for a week, the list of registrants to approve/delete can easily fill up with more than a hundred spammers that have successfully filled out registration information and completed captcha. It's all automated. And if they're successfully clicking validation emails, it would seem that they're using real (probably disposable) email addresses to register instead of fake ones, and I wouldn't be surprised if they have an automated method of doing that, too.

[badger11]

18 hours ago, tonyv said:

"  ... We don't allow automated sign ups, there is a verification in place (new sign ups get a verification email that they have to click in order to log in for the first time) and we have a captcha in place, so we have all the usual security measures in place, which is why the influx of spam and inappropriate posts is a bit of a head scratcher at this time ... "

Here are the options I have in the admin panel:

As you can see, I've selected the option where I manually approve every member. I don't even bother with the email option, because I require prospective members to write me an email asking to join, and a spammer is unlikely to do that; if I receive an email asking to join, it's unlikely to be from a spammer. As for the spammers' successful email validation and captcha completions, there can only be two possibilities: spammers are manually completing those tasks (less likely) or they have some automated way to do it (more likely).

There may be a setting that would make it so new members' topics/posts have to be approved by a moderator and, until they are, their titles won't even be visible in the forums' topic listings except to moderators. But these kinds of settings have to be made in the admin panel by the admin himself or he has to allow other members access to the admin panel to tweak the settings.

It's not surprising that the spam onslaught is ongoing. If I enable registration and leave it open even for a week, the list of registrants to approve/delete can easily fill up with more than a hundred spammers that have successfully filled out registration information and completed captcha. It's all automated. And if they're successfully clicking validation emails, it would seem that they're using real (probably disposable) email addresses to register instead of fake ones, and I wouldn't be surprised if they have an automated method of doing that, too.

Hi Tony,

         I can't see the example of admin panel after the colon?

best

Phil

 

[tonyv]

2 minutes ago, badger11 said:

Hi Tony,

         I can't see the example of admin panel after the colon?

best

Phil

 

There's a picture there. I'll look into it later today using another account. Maybe only only can see it. 

Tony 

[badger11]

I can see it using an i-pad - very helpful.

[tonyv]

A spammer just contacted me using the "contact us" link :

That's a first! Should I thank him for his kind message, tell him I'll temporarily re-enable registration, and approve him when he registers?

Tony

[Tinker]

Wow!  That's the Like button with a little enthusiasm.  

[tonyv]

I'll give him the freebie, Judi. If you need some new fishing gear, be sure to go to FishingEureka!

Tony 

[tonyv]

Everybody! "Rozald Stoxy" would like to join! But even more than wanting to join, he would like you to know that if you're looking for "cialis" cheap, you can contact him:

 

 

So, for fishing gear be sure to see the contact info for FishingEureka! a few posts up. For drugs, Rozald Stoxy is the man!

Tony

 

Really, what this means is that the automated spammers can only find one clickable link on the site which will allow them to post their unwelcome messages. That link happens to be the "Contact Us" link at the bottom of the site, but that link doesn't even post to the board; it just sends me an email.

[Tinker]

Ha ha Lucky you,  ~~Tink

[Aleksandra]

Hello everyone!

I am very happy to see PMO still active and very good looking site, with many of the good old site mates being around. I am happy to see you all dear people, and many other great members - new for me. Such a joy to see this lovely community active and creative. I am deeply sorry for some of our friends who have passed away, our Victor,  Frank, I hope not someone else. Tony, you, as always, have done a great job all these years, thank you for this. And Tinker, I see your dedication as well. The site wouldn't be as good as it is without both of you and the other friends of ours.

I've missed PMO, I've missed all these poetic souls. Suddenly I feel how much I've missed poetry.

I hope to catch up with you all, step by step. It's great to walk through your works all over PMO.

 

[Tinker]

Ah Aleks,  We have missed your spirit.  Please stay and join us.   It is nice to feel your open heart.

~~Tink

[tonyv]

On ‎6‎/‎16‎/‎2018 at 8:42 AM, Aleksandra said:

I've missed PMO, I've missed all these poetic souls. Suddenly I feel how much I've missed poetry.

Welcome home, Alek.

Tony 

[Aleksandra]

Thanks Tink and Tony. It's nice to be back and yes, it still feels like a home ?

[David W. Parsley]

I am so grateful for this site.  Thanks for the diligence and wisdom, Tony, exercised in a true labor of love.  Like you, I am kind of stunned that the bad guys got to Eratosphere, given its roots and mainstream standing.  I hope they got the ship righted.  Internet robustness is what makes Tink's own love-labor possible and available.  Same goes for all the poets that are here.

Compliments, 

- Dave

[David W. Parsley]

To Aleksandra's point, do we know why it has been so long since we have heard from Benjamin and Daedalus?