being locked out of TheBrain user forum for more than a week now

davidgretzschel · 2020-12-01 12:51 pm

Hello there,
I'm a very active betatester for the PKM software "TheBrain".
This is their forum-website "<redacted>".
I have ~1800 posts on that forum under the name "DavidGretzschel" and I have many more bugs to report/requests to make.
I have been getting locked out since probably around Saturday last week.
Also my account has been deleted either by you or some other forum system that makes automated decisions.

That was when someone misconfigured a router in our building's network, which caused constant outages and certificate errors for thirty people, till we found the problem.

I have requested to be unblocked many times via the removal request form.
[the one that claims "....but generally no longer than 24 hours from the time of your submission.." and has a typo in it]

Yesterday after conferring with the main dev/spokesperson/owner of the forum who very much want me back (but they don't have any idea how any of this forum/spam-detection/blocking stuff works either), we figured I could just create a second account.

The redirect page didn't appear anymore so I figured all the "removal requests" did something, but my account was still deleted. So I tried creating "davidgretzschel2", but that one refused to register as well, demanding I'm removed from the list or get an "admin invite".

At the moment, I can no longer confirm that my ipv4 is still in your database from your redirect page, as that shows my ipv6 (which is not in the database).
Also I'm not allowed to make a removal request from that database.

And now I can see that my email address is publicly visible:
https://www.stopforumspam.com/evidence/194861650
https://www.stopforumspam.com/country/DE

Which explains why I'm getting two spam emails per day now, whereas before I almost never got them before

Even for visiting this SFS forum (or is the the Website toolbox-forum?) I got the redirect page, till I found some way to avoid it popping up.
Then I had to make an account with an alternate email, since my email is blacklisted.

I have no idea what all or any of this is about, nor do I have time to read up on mountains of text.
Nor do the owners of the forum (they write software, the forum is just a tool for user discussion to them).

Please tell me what to do/what you need from me, so my account gets undeleted (if possible, otherwise just let me make a second account under the same email), get my IP unblocked and my email address not posted on a public list for any spammer to send mail to.

----
some other issues, you might consider fixing:
The removal request page has double full stops in two places and Space Invader-grammar like "that data will be remain in our database permanently..".
Also the spacing is wrong at "I agree to all theterms and conditions". The text-height is uneven.
Those are issues, because this makes you ironically look like low-effort spammers!
I have had trouble trusting this site at all, since being forcibly redirected away is a red flag for "untrustworthy/bad things are happening" already.

Also I did not get an email confirmation for any of the removal requests, I have made.
Not only should there be email confirmation, but it should also say that you can expect email confirmation.
At no point was I ever sure, that you actually received any of them, since I didn't get anything "in my hand".
Not getting email confirmation (which is a reasonable expectation) made that seem very likely.
But the page didn't tell me that I was supposed to get them.
And then my removal requests didn't do anything within those 24 hours, so this just all around really sucked.

davidgretzschel · 2020-12-01 12:54 pm

would have edited some typos, but I can't, since I'm below 10 posts.... *sigh*

Alex Kemp · 2020-12-01 1:32 pm

I've redacted the URL that you added for the forum; URLs are the classic sign of a spammer & could easily have got you reported for that action under SFS. If I had done so then you would never, ever have been able to participate in almost any forum worldwide.

I've sent a PM to pedigree to examine this thread.

Understand: SFS does NOT block you from any website. SFS hosts a DB of spammers. Other website operators (including The Brain) use that DB to decide whether to block users or not. However, it is their decision to block you, not ours.

The evidence that you show is a false entry, and I've asked pedigree to possibly block that site from reporting spammers. That site is reporting folks because they already exist within our DB. Sites can only report spammers because they have been spammed, but there is zero evidence of spam in that report.

The second evidence is of tripping a hidden field. That is more like it, but is still not evidence of spamming (where's the spam?).

Please be patient. Nobody gets paid for working on this site, and everyone has full-time jobs & families to attend to.

davidgretzschel · 2020-12-01 5:00 pm

@AlexKemp
Yeah, I noticed that I broke the url rule, after I already posted it. But then I wasn't able to edit anymore.
Guess, I should have deleted and reposted.
Uhm.... thank you from not having me banned from all internet forums, then.

So a volunteer-run organization can (albeit indirectly) ban me from forums worldwide using automated systems.
And challenging them involves an opaque and very confusing report system which itself looks like it's a disreputable site?
And it also publicly lists my email address for spammers to get ahold of, all in the name of preventing forum spam?
Kafkaesque, but whatever.

I can accept that this probably works out wonderfully in 99.999% of cases and is a great public service.
It exists after all and you seem friendly enough

re: first report
Dunno, I think it was some automated system on their end. Other people in my building also saw certificate errors and loads of "this page is not safe" or "this connection is not private"-errors.
Probably because two FritzBox!-modems were fighting it out for the router position on 192.168.172.1.
It was a mess.
Guess that might have looked like someone was phishing or doing a man-in-the-middle or..... something.
That definitely was the case on the 23rd, I think also on the 24th, the day I got flagged.

re: second report
Tripping a hidden field? Don't quite know what that means.
I use the SurfingKeys extension on Chrome, which allows me to get an overlay, with which I can specify any page element/link or form field by typing numbers.
Allows me to never use the mouse, when web browsing. Much quicker.
I suppose, that the overlay spotted the hidden field and that is "tripping over it"?

Alex Kemp · 2020-12-01 6:00 pm

Thanks for calming down a bit. You are, most seriously, dealing with human beings that want the best for you. However, operating a site that is dedicated to stopping spammers means that we get a good deal of sh*t thrown our way. Try not to throw any more yourself, if you can.

Hidden fields
I made use of this myself when I ran a website.

“Hidden” is the type value for an input field on a HTML form. Here is a short example:

<form method=post action="/dev/null" enctype="multipart/form-data">
   <input type="hidden" name="oliver" value="is very short">
   <input type="hidden" name="rebuttal" value="You are ugly, whilst I am young and will grow">
</form>

The key to hidden fields is that, whilst by convention the browser will not display them, they are nevertheless fully visible to everything that browses the page.

Spammers mostly use automated systems (spambots). The most stupid of these (probably 90%) will simply put spam into *every* field on the webpage. However, saying that a hidden-field being tripped is evidence of spamming is in itself as stupid as the spambots that may trip them. The idea of the evidence field is to post the actual evidence of spam. duh.

SFS takes as much short shrift with websites that abuse our service as we do with the spammers that abuse websites. Making false reports is the utter worst & such sites get banned from our service. pedigree will attend to this as soon as he can.

PS
If I recall correctly the second report was actually made first (before the so-called first report).

davidgretzschel · 2020-12-02 1:44 am

re: throwing stuff
I'm good now.
I get a little frustrated when being helpless and barely having any idea about what's going on.
Also UI/documentation/process critique is reflex at this point, since that reliably leads to better software for me.
[1800 posts along those lines (usually nicer though) on that forum are kinda habit forming]
So.... more annoying habit than intentional antagonism. Sorry about that.

re: hidden field
So do I have to worry that SurfingKeys trips over those fields, because it "trips" all fields, including hidden fields?
I don't think I filled anything with text, though if text didn't appear, I'd figure I mistyped and select the proper field again.
But if "tripping" is already caused just by the overlay, I suppose that would be a general issue, I should warn the devs about?

re: pedigree being busy
There's no rush, but it would be nice if this could be settled within a week or so?
If that's unrealistic..... I dunno, in 2020?
I'm not that impatient, I just would like to know if/when approximately this will be settled.
And more importantly whether I need to do anything or keep paying attention to this.
Can I check back in a week? Could you send me a mail, if it's done?

re: false reporters being as bad as spammers
Uhm.... I don't want spammers flooding that forum, because someone maybe misconfigured or misunderstood a setting, which caused me trouble, when I was having freak internet issues on my end, that had me automatically flagged as suspicious.
Other people in my building were also having trouble with logging into websites.
E.g. Gmail didn't want me (and others) to show emails without an extra confirm "because this connection is not safe".

Also I think it's the company that's hosting their forum that's at fault, anyway?
[if someone is at fault, rather this just being unfortunate. I would link or name them, but rules?]

Alex Kemp · 2020-12-02 9:22 am

pedigree is very conscientious, but also has a job & family to support. He will tackle it asap.

I don't want spammers flooding that forum, because someone maybe misconfigured or misunderstood a setting

Occasionally, and especially in our early days, folks would/will use SFS as a firewall, checking every IP against the DB. That rapidly becomes a DDOS on this site. The only way to get back online was/is to drop their IP into our firewall.

Getting settings correct is part of having a functioning system.

Maikuolan · 2020-12-02 9:29 am

re: hidden field
So do I have to worry that SurfingKeys trips over those fields, because it "trips" all fields, including hidden fields?

Well.. Maybe. But, that's also under the assumption that the reason supplied by the reporter within the evidence field isn't, in this case, just pure.. uh.. is there a more polite way of writing "bullshit", in this context? I'm not sure. But anyway.. The vast majority of reporters do the right thing, give proper evidence, and when giving a reason, give an actual, real reason, as opposed to.. the alternative. But, I don't doubt that there'll be at least a few out there (which, I'm also sure, would be in the minority) that opt for said alternative (like, perhaps, those thinking things like, "I want to report someone, but I know that my real reason for it wouldn't be acceptable, so let's just write this other reason in there instead").

Given the nature of the reports in this case, it's just a small thought that comes to mind for me. Point being.. Be cognisant of potential red herrings. :-)

pedigree · 2020-12-03 8:43 am

An update, it's all been removed and the submitter has been given their a warning that their API access is under threat for submission for submitting data just because it was already here. The only time that ever happens if its one on my honeypots, because its me

I need to write some code to clear up some small things the DB which I'll do in the morning

davidgretzschel · 2020-12-03 3:07 pm

@pedigree
All right, that sounds good. Thank you very much.
Have a nice day!

#1 2020-12-01 12:51 pm

being locked out of TheBrain user forum for more than a week now

#2 2020-12-01 12:54 pm

Re: being locked out of TheBrain user forum for more than a week now

#3 2020-12-01 1:32 pm

Re: being locked out of TheBrain user forum for more than a week now

#4 2020-12-01 5:00 pm

Re: being locked out of TheBrain user forum for more than a week now

#5 2020-12-01 6:00 pm

Re: being locked out of TheBrain user forum for more than a week now

#6 2020-12-02 1:44 am

Re: being locked out of TheBrain user forum for more than a week now

#7 2020-12-02 9:22 am

Re: being locked out of TheBrain user forum for more than a week now

#8 2020-12-02 9:29 am

Re: being locked out of TheBrain user forum for more than a week now

#9 2020-12-03 8:43 am

Re: being locked out of TheBrain user forum for more than a week now

#10 2020-12-03 3:07 pm

Re: being locked out of TheBrain user forum for more than a week now

Board footer