# Thank You, Fur Affinity Spambusters



## MadPlumber (Oct 18, 2007)

I am starting this thread to thank the administrators for putting in all their work to overcome the recent vandalism.  I feel it is very tragic that you people were targeted by these juvenile anarchists who need something more constructive to do with their time than tear apart forums like these.  Your dedication to countering their vulgar behavior is most admirable and appreciated.

[align=center][size=x-large]*Thank you, Fur Affinity.*[/size][/align]


----------



## Uini (Oct 18, 2007)

No... For the love of god no.


----------



## Triad Fox (Oct 19, 2007)

To quote the great Captain Beefheart:

"Pappy with the Khaki sweatband
Bowed goat potbellied barnyard that only he noticed
The old fart was smart
The old gold cloth madonna
Dancin' t' the fiddle 'n saw
He ran down behind the knoll
'n slipped on his wooden fishhead
The mouth worked 'n snapped all the bees
Back t' the bungalow

Momma was flatten'n lard
With her red enamel rollin' pin
When the fishhead broke the window
Rubber eye erect 'n precisely detailed
Airholes from which breath should come
Is now closely fit
With the chatter of the old fart inside

An assortment of observations took place
Momma licked 'er lips like uh cat
Pecked the ground like uh rooster
Pivoted like uh duck
Her stockings down caught dust 'n doughballs
She cracked 'er mouth glaze caught one eyelash
Rubbed 'er hands on 'er gorgeous gingham
Her hand grasped sticky metal intricate latchwork
Open t' the room uh smell cold mixed with bologna
Rubber bands crumpled wax paper bonnets
Fat goose legs 'n special jellies
Ignited by the warmth of the room
The old fart smelled this thru his important breather holes
Cleverly he dialed from within from the outside we observed
That the nose of the wooden mask
Where the holes had just been uh moment ago
Was now smooth amazingly blended camouflaged in
With the very intricate rainbow trout replica

The old fart inside was now breathin' freely
From his perfume bottle atomizer air bulb invention

His excited eyes from within the dark interior glazed;
watered in appreciation of his thoughtful preparation. "


----------



## Triad Fox (Oct 19, 2007)

Triad Fox said:
			
		

> To quote the great Captain Beefheart:
> 
> "Pappy with the Khaki sweatband
> Bowed goat potbellied barnyard that only he noticed
> ...



[size=xx-large]*WOW MAN, THAT'S SO HEAVY!!!!!!*[/size]


----------



## clam (Oct 19, 2007)

Don't you think that maybe, if the site had been better coded in the first place, maybe we wouldn't be having this problem at all?

Is it really asking too much a simple little image verification or e-mail system? Some mandatory delays between comments? Like any other site? This was inevitable more than anything...

If you're talking about DDoS-ing/gigaloading, then sure, they acted very well, but otherwise... can't say they didn't have it coming. It's practically asking for it.


----------



## Eevee (Oct 19, 2007)

clam said:
			
		

> Don't you think that maybe, if the site had been better coded in the first place, maybe we wouldn't be having this problem at all?


hang on while I jump in my d'lorean and go back in time to fix everything

it is powered by complaints so 1.21 gigawatts should be easy to get


----------



## clam (Oct 19, 2007)

Eevee said:
			
		

> clam said:
> 
> 
> 
> ...



Thank you, that is all I ask.

But really, most of these things shouldn't be major changes... How can you expect to maintain a site if you can't add such few modifications to its code?


----------



## Purplecat (Oct 19, 2007)

One of them did shout on my userpage.

I'm not offended. Infact, I'm curious as hell what he actually said. :lol:


----------



## Stratelier (Oct 19, 2007)

> But really, most of these things shouldn't be major changes... How can you expect to maintain a site if you can't add such few modifications to its code?


The big issue is that some small changes can have major impacts.  And if it breaks...


----------



## kamunt (Oct 20, 2007)

Eevee said:
			
		

> clam said:
> 
> 
> 
> ...



*Fixed*. Also, I feel the need to do this:









			
				clam said:
			
		

> But really, most of these things shouldn't be major changes... How can you expect to maintain a site if you can't add such few modifications to its code?



Since you've obviously been living underneath the intangibly large rock that is Kanye West's ego these past several months (year?), you should know that the Ferrox project is well under way. The site is basically being completely reprogrammed into Python, as opposed to the PHP/SQL combination it currently is. If you'd look around the forums for about 30 seconds, you'd no doubt find some sort of topic pertaining to this matter.

This has been a Public Service Announcement from your neighborhood-friendly Baka.


----------



## clam (Oct 21, 2007)

kamunt said:
			
		

> Since you've obviously been living underneath the intangibly large rock that is Kanye West's ego these past several months (year?), you should know that the Ferrox project is well under way. The site is basically being completely reprogrammed into Python, as opposed to the PHP/SQL combination it currently is. If you'd look around the forums for about 30 seconds, you'd no doubt find some sort of topic pertaining to this matter.



Because, obviously, Ferrox is what held off every attack on FA in the past week. Because keeping a site running in the present is dependent solely on the ambition of its next implementation, with no need for a clear time frame whatsoever. Thanks Captain Obvious, but your help is needed elsewhere.


----------



## SDWolf (Oct 22, 2007)

Thank you, Clam, for allowing us to bare witness to your superior intellect.  You obviously know exactly what is wrong with FA as it stands now, and also know precisely what to do to correct it.

I also appreciate that you did us all the courtesy of leaving out any explanations, sparing us all the from confusion since, clearly, no one here would understand.  So overwhelming is the power of your mind that you need only say that they're doing wrong, and you know the correct way, since that is more than adequate.

[/sarcasm]



			
				clam said:
			
		

> Because, obviously, Ferrox is what held off every attack on FA in the past week. Because keeping a site running in the present is dependent solely on the ambition of its next implementation, with no need for a clear time frame whatsoever. Thanks Captain Obvious, but your help is needed elsewhere.



I would love to hear what you'd do differently, aside from "code it better in the first place," unless you have a time machine hidden away someplace that you plan to share with the staff.  As I understand, there aren't many coders working on FA, and diverting their resources away from Ferrox to instead work on patching a system that'll soon be scrapped simply makes no sense.  While far from perfect, I think the current FA software will get us by until Ferrox goes live.

* * *

Back on-topic, nice job dealing with the recent spam, vandalism, and general nonsense.  Thank you, admins!


----------



## clam (Oct 22, 2007)

SDWolf]Thank you said:
			
		

> I would love to hear what you'd do differently, aside from "code it better in the first place," unless you have a time machine hidden away someplace that you plan to share with the staff. As I understand, there aren't many coders working on FA, and diverting their resources away from Ferrox to instead work on patching a system that'll soon be scrapped simply makes no sense. While far from perfect, I think the current FA software will get us by until Ferrox goes live.



But when is Ferrox due, exactly? That is what I would like to know most. Because if there are still months to go, I would say that there is no other option but to divert resources away for a temporary problem, because it has proven to be quite a distraction in itself; this is a loss, but a loss any developing team must account for in any long-running application's lifecycle. As a broader case, it makes perfect sense if you expect to still have a userbase by the time the next upgrade comes along.

I am not saying that I know everything about FA's development or current state nor that I deserve to know, but am simply curious as to how long the website will remain in this state. Of course it isn't up to me to make such a judgment and if it is deemed futile for me to be informed of it, then fine, but I see no harm in discussing it either.

The comment about FA being better coded in the first place simply confronts the irony in having a "thank you spam cleaners" thread, because in a way, it was invited with arms wide open. Who knows, maybe the total time they spent cleaning up this crap they could've used to program some bits of code to stop it, and depending on how much time remains, maybe they still could. I don't know, that's what I'm asking.

As for what I'd do specifically? Add simple image verification for accounts (there must be free libraries for that) and add some min spam times already. Heck, the forum already has those things and more (and isn't the forum free software itself?). Do I really need to go into further detail?

Damnit look what you made me write.


----------



## furryskibum (Oct 22, 2007)

clam said:
			
		

> I am not saying that I know everything about FA's development or current state nor that I deserve to know, but am simply curious as to how long the website will remain in this state.



What state?  Up-and-running?  Woe to those who can't live without FA for a few hours!  If I never visited the forums, I probably wouldn't even have known what went on, aside from a phantom comment.  FA works for now, and will likely continue until Ferrox goes live.  When you ask?  No one knows!  :O


----------



## TheGru (Oct 22, 2007)

Somehow this thread started out with the best intentions and careened straight into a head on collision with the rants and raves section at 200mph.

Like the OP I too will thank the administration not just for a job well done at getting rid of the spam-bots, but also at keeping the site running well. It's not perfect by no means, but it works. That alone satisfies me.


----------



## clam (Oct 22, 2007)

furryskibum said:
			
		

> What state?  Up-and-running?  Woe to those who can't live without FA for a few hours!  If I never visited the forums, I probably wouldn't even have known what went on, aside from a phantom comment.  FA works for now, and will likely continue until Ferrox goes live.  When you ask?  No one knows!  :O



Heh, I suppose ignorance is bliss.  (how many people have quoted that around here?)

Personally, as I've said, I don't trust the internet in the least, and the fact that anybody can so easily attain this website is telling me to put off establishing an account until something comes along that inspires my confidence (although I've been lurking for some time). Registration is way too sketchy (not to mention all those password theft cases). Sorry, but "it works" doesn't exactly address my concerns. In fact I find it rather desperate and worrisome.



			
				TheGru said:
			
		

> Somehow this thread started out with the best intentions and careened straight into a head on collision with the rants and raves section at 200mph.



Not at all . I hope that's not the general impression I'm giving. I find the admins did a great job handling the DDoS, but the spam? It's not that they did not do a good job cleaning it, it's wondering whether it should have been necessary in the first place. Sure, the site's nice and clean for the moment, but what's stopping this from happening again, the exact same way? And again and again and again and again and again? It _is_ preventable, or at least a good part of it.


----------



## furryskibum (Oct 22, 2007)

clam said:
			
		

> Registration is way too sketchy (not to mention all those password theft cases). Sorry, but "it works" doesn't exactly address my concerns. In fact I find it rather desperate and worrisome.


Well if you're really worried about the /b/tards, a little image verification isn't going to stop them from creating multiple accounts.  Password security is up to the user.  I have never had a problem, myself.

If I may offer this analogy:  Anyone can go to the store and buy a nice cherry pie.  It will taste like cherry pie, and will fill you up.  But a really delicious cherry pie is made from scratch and takes a couple hours to make via slaving away in the kitchen.  Sure we could all spend three minutes and buy one from the store, but hard work and unique flavor tastes so much better.  :3

Preventable?  Definitely most likely.  I don't know what goes on behind the scenes either, but coders strictly working on the Ferrox code and admins dealing with the spam issues seems like a more efficient use of time.  I'm really looking forward to that cherry pie.    Besides, considering the ratio of uptime to downtime in the past couple years, I don't think it's a huge problem.

Oh, and thanks admins and coders and all the little hamsters on your wheels powering the shizz.  My FA is very pleased.  :3


----------



## Alex Cross (Oct 22, 2007)

The /b/tards are not bots so CAPTCHA image verification won't do a bit of good. In fact, there's really nothing you could do in terms of registration except prohibit certain IP addresses from getting access.

If FA continues to moderate the issue and if you don't stir the hornet's nest (i.e. discussing these "raids"), we should be alright.


----------



## Eevee (Oct 22, 2007)

clam said:
			
		

> As for what I'd do specifically? Add simple image verification for accounts (there must be free libraries for that) and add some min spam times already.


So instead of generating easily-removed spam, they just continue the DDoS longer?



			
				clam said:
			
		

> Heck, the forum already has those things and more (and isn't the forum free software itself?).


As the license for the current FA code is still under pedantic debate by several parties, I don't believe including code under a viral license like the GPL would be a very good idea.

Ignoring, of course, that we can't exactly cut-and-paste giant chunks of code from completely different and unrelated software and expect it to work.


----------



## net-cat (Oct 22, 2007)

Other than the fact that it's apparently complete shit, I don't know much about the existing FA code.

I've even seen some parties claim that it's GPL. I don't really see how, if the original author didn't license it as GPL. I guess you could make the argument that "it's written in PHP so it automagically has the PHP license." Aside from the fact that the PHP license is closer to the BSD license than the GPL, that's really not how licensing works.


----------



## Eevee (Oct 22, 2007)

Pi argued that it was GPL, and uses that to defend hosting an old version of the code; I think it was based on some older software of Jheryn's that was GPL, and since the GPL is viral it carried over through all the modifications.  Something like that.

Of course, using GPL code is only a bad idea if FA _isn't_ GPL.


----------



## net-cat (Oct 22, 2007)

If my understanding is correct, If Jheryn wrote the code under the GPL and relicensed it with a special license for FA, then modifications made by FA wouldn't be GPL. (It's what MySQL seems to be banking on...)

Even if he didn't, the GPL doesn't obligate entities to actually release modifications into the public. (If they do, they have to do it under GPL and they have to offer the source.)


----------



## Eevee (Oct 22, 2007)

I don't think he ever actually relicensed the code, though; someone just added a mini-rant about it to the ToS or FAQ or something _after_ the code leaked the first time.  I'm fairly sure you can't retroactively relicense, so any version of the code before that -- which Pi's is -- is far more defensible as being GPL.

Although, hm, forgot that loophole under the GPLv2 where web apps aren't considered distributed.  You might be right; it could be possible to get away with sticking GPL code in a closed-source project.

Of course, a lot of projects that use the GPLv2 also say I can choose to use any future version of the license...

(What a bloody pain in the ass.)


----------



## net-cat (Oct 22, 2007)

Perhaps. As they say on Slashdot, IANAL. But I think you're right. If the original license was GPL and the author didn't explicitly relicense it, then it's probably GPL. Of course, FA was never "released." Leaked, yeah. But, legally speaking, I don't think that's the same thing.

I've found the GPL to be more trouble than it's worth. Most of my stuff, if I release it all, is either public domain or BSD-style licensed.


----------



## clam (Oct 22, 2007)

Alex Cross said:
			
		

> The /b/tards are not bots



You haven't been on any of the chans in the past week, have you?



			
				furryskibum said:
			
		

> Well if you're really worried about the /b/tards, a little image verification isn't going to stop them from creating multiple accounts.





			
				Alex Cross said:
			
		

> In fact, there's really nothing you could do in terms of registration except prohibit certain IP addresses from getting access.



Image is a quick suggestion for bots. There are _plenty_ of other ways you can deter spammers, most of which have already been mentioned in another thread. Of course you won't stop them 100%! Who ever does? But then, hardly 100% of channers are going to go through lengthy account creations dozens of times only to be banned halfway there. Of course the most determined ones will take their time and find a way! But what tiny bit of chan populace do they actually constitute at this point? /b/ can hardly hold a straight raid anymore! Most of the time I've spent on chans, I've seen forum raids halted exactly when mods tightened their grip on registrations. Lasts about a week, then they move on.

The problem is it's _way_ too easy to spam this site at the moment. Any "newfag" can do it. It takes virtually no effort or delay, quite obviously. It's become a joke, for sake's sake! 



			
				Alex Cross said:
			
		

> If FA continues to moderate the issue and if you don't stir the hornet's nest (i.e. discussing these "raids"), we should be alright.



I somehow doubt this conversation will have any effect on any chan's "plans". And I'd rather not put useless drama in the same boat as valid security concerns and discussions, if you don't mind.



			
				Eevee said:
			
		

> So instead of generating easily-removed spam, they just continue the DDoS longer?



I hope that wasn't meant as a serious argument :, unless you were talking in the extremely short term or know something I don't. Not only is there no evidence that discouraged spammers would resort to DDoS, but supporting a vulnerability in the blind hope of slightly diminishing another does not qualify as acceptable web site security policy in my book.

DDoS will come after us just as strong whether the site improves or not. When it happens successfully, it's organized in some form or another. I'd be surprised if even half of the spammers know what the acro even means. And many who are DDoS-ing aren't even interested in spamming, from what I hear. The link is weak at best.



			
				Eevee said:
			
		

> As the license for the current FA code is still under pedantic debate by several parties, I don't believe including code under a viral license like the GPL would be a very good idea.



:



			
				Eevee said:
			
		

> Ignoring, of course, that we can't exactly cut-and-paste giant chunks of code from completely different and unrelated software and expect it to work.



Now you're just stretching it, the forum was merely an example. Geez, you're a programmer, aren't you? Of course you don't just copy-paste code blindly, that's not what I suggested. What is it with the lack of imagination today.



			
				furryskibum said:
			
		

> but coders strictly working on the Ferrox code and admins dealing with the spam issues seems like a more efficient use of time



That does seem logical, I have to admit, though it would still depend highly on a certain time frame to hold up.

You know, I could be making too much of this, but I've simply never been good friends with sitting back and downplaying serious issues on websites I otherwise love. Sorry if this pisses anyone off, but I'm not trying to bash the mods or the site at all.


----------



## furryskibum (Oct 22, 2007)

Double-post due to my Intarweb.  :


----------



## furryskibum (Oct 22, 2007)

clam said:
			
		

> You know, I could be making too much of this, but I've simply never been good friends with sitting back and downplaying serious issues on websites I otherwise love. Sorry if this pisses anyone off, but I'm not trying to bash the mods or the site at all.



Honestly, and I mean this in the best way possible, you are making too much of it.  What fuels the shit-storm of lulz?  People reacting like they are wont to do.  Deal with it silently and efficiently, like has just been done, ignore their desire for acknowledgment, and they will have no reason to spam people when they don't get the reactions they're hoping for.

Not that furries _won't_ react, but that's the ideal I think.  XD


----------



## Eevee (Oct 22, 2007)

net-cat said:
			
		

> Of course, FA was never "released." Leaked, yeah. But, legally speaking, I don't think that's the same thing.


But once the cat's out of the bag, would the cat-releaser be obligated to take the cat down if the cat happens to be GPL?



			
				net-cat said:
			
		

> I've found the GPL to be more trouble than it's worth. Most of my stuff, if I release it all, is either public domain or BSD-style licensed.


I am a fan of the nice and minimal zlib license, although I added a bit since I'm not quite as ubiquitous as zlib.



			
				clam said:
			
		

> I hope that wasn't meant as a serious argument :, unless you were talking in the extremely short term or know something I don't. Not only is there no evidence that discouraged spammers would resort to DDoS, but supporting a vulnerability in the blind hope of slightly diminishing another does not qualify as acceptable web site security policy in my book.


It seemed like a strange thing to focus on, given that the recent barrage of spam came immediately after several hours of DDoSing from exactly the same people.



			
				clam said:
			
		

> When it happens successfully, it's organized in some form or another.


Oh.  You mean like if they had a board dedicated to arranging mass bandwidth rape at a certain time, and an idiot-proof Python script to do it for them.  Yeah, we'd be in trouble then.



			
				clam said:
			
		

> :


I see.



			
				clam said:
			
		

> Now you're just stretching it, the forum was merely an example. Geez, you're a programmer, aren't you?


Actually I just really like magenta!



			
				clam said:
			
		

> Of course you don't just copy-paste code blindly, that's not what I suggested.


Right; you suggested that only non-programmers have a clue how to get a CAPTCHA going.


----------



## MadPlumber (Oct 23, 2007)

*Holy crap.*  You know, I'd like to thank the one user who had the courtesy of reading the alpha post for this topic and for letting his comment comply with what I was trying to do.  For the rest of you, you felt the need to _bitch_, _whine_, and _moan_ about a *FREE SERVICE* that you're not paying one red cent for and totally ruin the effort of this topic.  I suggest any further posts pertain to the topic of *"THANK YOU, Fur Affinity Spambusters"*, not technical suggestions that you miserable freeloaders should start *a whole new topic* for.  I will get nothing but joy to report any further continuations on this ridiculous string you seem so inclined to perpetuate.


----------



## furryskibum (Oct 23, 2007)

I thank-you-ed my admins, and will continue to do so.  I'm am grateful beyond words that they tirelessly support my fapping and archiving needs.  XD

Seriously.


----------



## clam (Oct 23, 2007)

Darn, double-post strikes again!


----------



## clam (Oct 23, 2007)

furrysibum said:
			
		

> Honestly, and I mean this in the best way possible, you are making too much of it. What fuels the shit-storm of lulz? People reacting like they are wont to do. Deal with it silently and efficiently, like has just been done, ignore their desire for acknowledgment, and they will have no reason to spam people when they don't get the reactions they're hoping for.
> 
> Not that furries won't react, but that's the ideal I think. XD



*Sigh*. Please read:



			
				clam said:
			
		

> I somehow doubt this conversation will have any effect on any chan's "plans". And I'd rather not put useless drama in the same boat as valid security concerns and discussions, if you don't mind.



*



			
				Eevee said:
			
		

> It seemed like a strange thing to focus on, given that the recent barrage of spam came immediately after several hours of DDoSing from exactly the same people.



Having followed some of the chans, I'm not convinced it was the same people (unless you have IPs to prove otherwise, and no not proxies). The spammers were remarkably retarded, they couldn't even get the basics right.



			
				Eevee said:
			
		

> Right; you suggested that only non-programmers have a clue how to get a CAPTCHA going.



??? Oh for the love of... Forget it, clearly we're all more interested in bickering in a loop than analyzing possibilities.



			
				MadPlumber said:
			
		

> For the rest of you, you felt the need to bitch, whine, and moan about a FREE SERVICE that you're not paying one red cent for and totally ruin the effort of this topic.



*Sigh*. Please read:



			
				clam said:
			
		

> Not at all Sad. I hope that's not the general impression I'm giving. I find the admins did a great job handling the DDoS, but the spam? It's not that they did not do a good job cleaning it, it's wondering whether it should have been necessary in the first place. Sure, the site's nice and clean for the moment, but what's stopping this from happening again, the exact same way? And again and again and again and again and again? It _is_ preventable, or at least a good part of it.



and 



			
				clam said:
			
		

> Sorry if this pisses anyone off, but I'm not trying to bash the mods or the site at all.



If you're really that pissed off, I'll stop posting in your thread, but know that I only did so in the first place because I thought its existence was ironic and wanted to inquire about the circumstances at hand, which is very much related to the thread, and I cannot regret doing so, thank you.


----------

