Question

Suggestions for OS

Answer 1

From what I understand, the data from the suspension is held in a cookie that can easily be deleted by the user, which allows them to come back and make a new account. I'd like to know if there is any way for the mods to at least be able to disable making new accounts with that same cookie.

I know that lately, there has been an increase in spammers/trolls/"hackers". I've seen several er... interesting ideas and suggestions. I've latched onto a few, but I have a couple of ideas of my own as well:
-Permanant IP bans could be made to be accessable by mods after a certain amount of reports, suspensions, and/or warnings.
-Ability to post a question, comment, chat post, or send a PM can be revoked after a certain amount of reports and/or warnings related to such things.
-Proxy server bans, if possible.
-Deletion and/or deactivation of an account can be used by mods or admins after a certain amount of warnings and/or suspensions.

A better report popup that varies in priority (Such as the reasoning of the report can make it more or less of a priority than other reports, and abuse of the prioritization can lead to suspension of the reporter's account. i.e. a user reported for sexual harassment is more of a priority that a user reported for spam.)
http://prntscr.com/4kx23k

Answer 2

@Ashleyisakitty @ganeshie8 @Preetha @thomaster @Compassionate

Answer 3

erm...

Answer 4

Thank you for your input, Elsa. :)

Answer 5

c:

Answer 6

I'm not sure I agree with some of these. If you have a ban then what if a sibling or friend wants to sue your computer/internet access point and they can't get to open study due to the IP being banned? Truly the easiest thing to do would just be to report the hackers/spammers/etc. I think it would be wise to have the administrators remove certain accounts after so many warnings though. I do agree with suspending and possible revoking priveleges on openstudy in the event that someone does not learn from their mistakes, These are just my opinions so please do not take anything offensively :) - Bree :)

Answer 7

@bookworm14 I understand where you're coming from, and you have a very valid point. Though every once in a while there are cases like lolowlet where it's ridiculous not to ban the user (as we all know, owlet uses a proxy server, though), and the mods need access to some form of a back-up plan that allows them to ban an IP address permanently. There are many warnings given before a person is banned (unless if they do something like post nudes), and if that person makes the decision to ignore those warnings, they must accept the consequences. The original user can always contact OS with any issues when it comes to having been banned.

Answer 8

I can see what you mean, it does make sense :) Just some concerns ya know lol @DangerousJesse

Answer 9

lol xD @DangerousJesse "thanks for your input elsa" and this does make sense

Answer 10

@DangerousJesse i hope this idea works out ^_^ and is successful

Answer 11

Same here :P Thank you.

Answer 12

I can't imagine suspension data is stored in a cookie. Because that would make it possible to just log in on another computer. I tried this before and it's not possible.

-Permanant IP bans could be made to be accessable by mods after a certain amount of reports, suspensions, and/or warnings.
= They should yea, it's currently done manually by an administrator after mods vote for an IP ban.

-Ability to post a question, comment, chat post, or send a PM can be revoked after a certain amount of reports and/or warnings related to such things.
= Has been suggested a while ago, but only a chat ban which revokes the ability to post in the chat. Revoking the right to post questions/answers would render the site useless for that user (as the purpose of the site is to help eachother), if they cannot do so, it's basically the same as a suspension.

-Proxy server bans, if possible.
= Has been suggested multiple times over the years, I've heard they're working on this one (Proxy servers and TOR IP's)

-Deletion and/or deactivation of an account can be used by mods or admins after a certain amount of warnings and/or suspensions.
= Deactivation is the same as suspension. Deletion isn't possible, rendering the profile empty and perhaps adding a tag to all their posts saying 'permanently banned' would be a better idea.

About the report popup improvements, that's not a bad idea. It should still contain a comment box though (which you cannot leave empty). Not sure what the URL part is about.

Answer 13

true @thomaster lol anyways my computer gets slow and i call the tech support from my school and the first thing they suggest is delete my history, downloads and cookies so does this mean if OS has tech problems can it be possible if the cookies get deleted the proof of suspensions get erased as well?

Answer 14

proof and the thing blocking the person from logging into that account

Answer 15

oh my bae Sha going to say something im curious what its going to be ^_^ oh and please correct me if im wrong on my question i had about cookies

Answer 16

@thomaster I have been able to avoid suspensions and stay on an account even when I was so called "suspended." I could still interact with the community and such. I'm guessing this recent hacker is using a similar exploit.

Answer 17

O_O oh theres a hacker on OS?

Answer 18

@thomaster When I say deletion or deactivation, I understand that this is much like suspending a user; that's the point. It's a way for the user to be suspended without being able to come back under that name easily (I was mainly suggesting this because of owlet's "shenanigans")

Revoking the ability to ask questions, send replies, messages, etc., on a single account wouldn't render the site useless, though. They could always make a new account, troll, ask questions, or do whatever they please, but they would have to go through the process of creating an account over and over again. Eventually they'd give up.

Answer 19

And the url was just to fill space haha.

Answer 20

The developer team has a pool of exploits that they need to fix. But it sometimes seems that all they are doing is to improve OS visual and fun wise(tokens and smartscore) while these bugs and glitches are what might bring the downfall of OS. You've seen that one lil hacker in Mathematics chat, what of someone with more evil intent? Why if I wanted to I could tear this site down in a matter of seconds(Of course I won't though ;P). @thomaster these glitches need to be fixed. What is the developer team doing about it? These admins need to interact more with the community as they did so long ago. IP bans could be administered when needed more often and I think the site would improve more quickly as they will be here, directly seeing our suggestions.

@Preetha comes on quite often which is good

But I see few other admins besides c0de_cracker here and there. They should come back and be a part of the community again :)

Answer 21

@DangerousJesse The suspension -> new account -> suspension -> new account cycle goes on forever. Eventually they'd give up, after a few hours of spamming and insulting other users. Then they'll try again the next day.

@shadowlegendx At least they seem to have been fixing the special character problem :P
ლ(́◉◞౪◟◉‵ლ)

Answer 22

(╯°□°）╯︵ ┻━┻ Previews fine. But I still get <?> on post.

Answer 23

When I reload the page, the characters are rendered correctly...
Perhaps this is a bug after all, instead of a fix for special characters.

Answer 24

@Preetha :T

Answer 25

@DangerousJesse NOPE SUSPENSIONS ARE NOT STORED IN COOKIES CAUSE I ALWAYS USE MY BROWSER IN PRIVATE MODE (WHICH DOSENT STORE COOKIES) BUT STILL IF I AM SUSPENDED THEN STILL I AM SUSPENDED GET IT

Answer 26

@e.mccormick pls clarify dis

Answer 27

I have not seen the code so I have no clue what is behind all the inner workings. I just have ideas on how I would do some of these things.

Answer 28

For some time I have said that when it comes to computer: TINS. There Is No Security. Computers, web sites, etc. in of themselves have no security. It must be built in as things are developed. If you do not keep security in mind every step of the development process then insecurities are basically assured to creep in. Even if you aim for security there is always a chance of missing something. With some of the glaring security issues that have been exposed on OS, I am pretty sure that the original development team did not keep security in mind.

Answer 29

@factor please control your caps.. :P

Answer 30

And the only reason I believe the suspension data is stored in a cookie is that Hydra (I'm going to force that to catch on) is able to avoid suspension merely by hiding behind a proxy, which prevents OS from storing cookies/caches in their computer, which means that the suspension isn't rooted in the account itself, but in the computer. This is yet another reason for deletion of the account-- it gets rid of the account itself, and doesn't just toss out a punishment that can easily be avoided.

Answer 31

Deleting the account does nothing. They just make more.

I don't feel that suspension data is stored in a cookie because it is not simply a proxy that is avoiding things. The login save is in a cooky, so keeping someone's login data is possible. But if the cookie was prevented from being made or deleted then the session data would not be there, so the person would be logged out. However, there are other options.

Here is one: It seems the suspension might rely on client side scripting. The reason why I say that is because these scripts can be edited live and tweaked versions can be made to be what a client uses. This would evade suspension.

Here is another: There are multiple accounts that look the same. People have used an assortment of invisible characters from different languages to create accounts. This has allowed the "same" name to show up more than once.

Now, I doubt the second is happening at the moment due to special character issues with the site. That is why I am favoring the first at the moment.

Answer 32

Oh, and Jesse, the name is not Hydra. It is Smiley. We have known Smiley for a long time. Ask @iambatman how long Smiley/LOL has been a problem.

Answer 33

Ah, Smiley. I like that. Your explanation is the first one to actually seem reasonable to me- I'm used to the whole "expert hakk3r" junk. And I know deleting the account would be a waste, but is there a way for the site to filter out users that aren't listed under an IP address? @e.mccormick

Answer 34

I think that if they did nore server side work, like suspended accounts not able to read or write to the database, it would help. Also, I would make a unique session ID to change the saved password cookie every time a person came to the site. So if someone does not have the proper unique one, the acount is logged out and needs to be logged back in. Then if people change computers, they will be logged back out automatically. It also means that if someone script captures a cookie, it will not be valid for an extended time.

Answer 35

There are also forms of browser fingerprinting that add to security. These help confirm the identity of the machine being used.