WWW.TOTALCMD.NET is out (new site about Total Commander)

[chrizoo]

what about the closed comments?

[Flint]

what about the closed comments?

Ergo closed them because of huge amounts of spam. I tried to clean the comments from spam, implement some captcha and turn them back on, but it required much more time than I could spare. Anyway, I still have this task in my to-do list, so there is place for hope.

[chrizoo]

Pliiiiiiiiiiiiiiiiiiiiiiiiiise

Huge amounts of spam? I never saw a single instance! Plus as long as I can remember the user always had to do a calculation before posting so this would make automated spam impossible anyway.

And to prevent spam from humans who are able to calculate, it would be wise to make registration mandatory, so that the user account of a spammer can be deleted.

I think with these 2 safeguards (calculation captcha + user accounts) it shouldn't be much of a problem, right?

At any rate, I am very happy that it is on your to-do list )))

[Flint]

I never saw a single instance!

Believe me, there are tons of them!

Plus as long as I can remember the user always had to do a calculation before posting so this would make automated spam impossible anyway.

It was added to prevent spamming, but helped only temporarily. After some time, spam-bots were adapted to perform this calculation and continued to flood the comments. For some of the plugins, there are ~10 pages of comments full of spam, with only 2 or 3 single meaningful comments.

And to prevent spam from humans who are able to calculate, it would be wise to make registration mandatory, so that the user account of a spammer can be deleted.

The problem is poor engine capabilities. It needs much work, or, better, complete rewriting to support such management functions.

[chrizoo]

I sure believe you and I can imagine that it's an annoying thing.

But there are millions of Internet pages which somehow manage to acommodate user comments.
For example, I am sure that there are more advanced captchas freely available (some of them are even quite hard to solve for a human).

Anyway, I pray that you will succeed

[Flint]

chrizoo
Everything is possible. But transforming it from "possible" into "real" needs much work and free time for doing this work, which I personally don't have, unfortunately.

Actually, I don't see what's so crucial in that comments system. Forum is much more convenient for discussing, with its quotations, BB-codes, post editing and moderating system. Surely, all this could be done for the comments too, but… won't it be just another forum?

[chrizoo]

transforming it from "possible" into "real" needs much work and free time for doing this work, which I personally don't have, unfortunately.

Of course nobody expects you to put work and your freetime into it and if I sounded like that, please let me apologize. I was just trying to say, that there are quite advanced and - for the time being - quite unbreakable captchas freely available, that can be embedded without any work from the web site designer or admin. My suggestion was to look out for those, or any other solution of the many many pages that accommodate user comments.

Actually, I don't see what's so crucial in that comments system. Forum is much more convenient for discussing, with its quotations, BB-codes, post editing and moderating system. Surely, all this could be done for the comments too, but… won't it be just another forum?

I partially agree with you. If all the plugin devs would be active on the ghisler.ch board, that would be the ideal situation. But that's far from being the case. I'd say only about 10% of plugins have a dedicated thread here. In these cases, it's certainly the better solution, but for the vast majority of the other plugins, the commens on www.totalcmd.net are the ONLY way of communicating with the plugin author to provide feedback and suggestions.

[Flint]

I was just trying to say, that there are quite advanced and - for the time being - quite unbreakable captchas freely available, that can be embedded without any work from the web site designer or admin.

Ah, I see what you meant. But really, captcha itself was not the main source of the problem. I know that there are good ones (I even installed one myself on the wincmd.ru forum when it was bombarded by spammers as well). But captcha needs some infrastructure to be installed into (like sessions). It would be really annoying to enter captcha each time when writing a comment, so some kind of authorization will be needed too. Authorization needs database profiles, password management, E-mail notifications, security considerations, and so on, and so forth. All this is highly interconnected, one feature depends on another and cannot be implemented without it.

[chrizoo]

I know that there are good ones (I even installed one myself on the wincmd.ru forum when it was bombarded by spammers as well). ... It would be really annoying to enter captcha each time when writing a comment,

Glad that you agree there are quite effective captchas. And I must say I absolutely don't think that it would be annoying to enter a captcha each time, because ... :

First of all it's a perfectly legitimate antispam measure and users have comprehension for that, especially if it's not a commercial site run by guys like you who sacrifice their free time essentially. Maybe let the captcha be accompanied by a short note saying "sorry guys, but we get so much spam" or something...

Secondly, it would be annoying on a forum, where people post regularly, but www.totalcmd.net does not intend to be a forum I think, and the page where the plugin is presented should not - I guess - evolve into a multipage discussion ... The way I remember it was that people left very concise messages and that people didn't post in the spirit to get immediate reply but it was rather intended to leave feedback or suggestions, assuming that one day the author might comment on it. And a response time of a couple of weeks or months was certainly rather the rule than the exception. So, in essence, I think a captcha that is required for each message encourages this way of thinking. I think one could even imagine a limit of 1 posting per day (at least per day per plugin)*. After all, the comments don't intend to replace a forum like this here, they rather complete each other. In case the plugin author is indeed active on a forum, he could post the forum link on the plugin site and request that all comments be made there (instead of totalcmd.net) On the contrary, if the author isn't reachable anywhere else, it would be good to have a "better-than-nothing" alternative in form of the comments.

*this would in turn help with spam, too

Note that all this is just my personal take on it, but I think that more or less reflects the state where we left off, when comments were closed a while ago.

[ts4242]

When I try to visit www.totalcmd.net, Firefox display a "Reported Attack Page!"

Reported Attack Page!

This web page at wincmd.ru has been reported as an attack page and has been blocked based on your security preferences.


Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.

Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.

I have tried to visit the site using IE9 and once the page loaded, the Java started then the following message popup

Code: Select all

---------------------------
Java Virtual Machine Launcher
---------------------------
Unable to access jarfile \\windowsleader.co.cc\public\readme.txt
---------------------------
OK   
---------------------------

What is going on?

[ts4242]

This is the report I received after pressing the button "Why this page blocked"

Code: Select all

Safe Browsing
Diagnostic page for totalcmd.net

What is the current listing status for totalcmd.net?

    Site is listed as suspicious - visiting this web site may harm your computer.

    Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

    Of the 11 pages we tested on the site over the past 90 days, 7 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-10-24, and the last time suspicious content was found on this site was on 2010-10-24.

    Malicious software includes 1 exploit(s).

    Malicious software is hosted on 2 domain(s), including windowsleader.co.cc/, fastcell.co.cc/.

    This site was hosted on 1 network(s) including AS23352 (SERVERCENTRAL).

Has this site acted as an intermediary resulting in further distribution of malware?

    Over the past 90 days, totalcmd.net did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

    No, this site has not hosted malicious software over the past 90 days.

How did this happen?

    In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

    * Return to the previous page.
    * If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.

Updated 19 hours ago

[Matthias030]

I have tried to visit the site using IE9 and once the page loaded, the Java started then the following message popup:
Unable to access jarfile \\windowsleader.co.cc\public\readme.txt

I also got security warning by Google and Firefox Browser to not open both websites. I have thought about bypassing the security warnings. But your test with IE9 shows, that wincmd.ru and totalcmd.net are really distributing malicious code. Security warning is no false alarm.

So better not visit these sites until malicious code is removed.

[ghisler(Author)]

Indeed it sounds like they have been infected. I'm currently trying to contact Ergo (the site maintainer) about the problem.

[Hacker]

Christian,
Flint took over from Ergo.

Roman

[JOUBE]

@ghisler(Author):

Because nowadays Plugins are essential for Tc, now is the point in time to establish a new webpage for the Plugins under the administration/maintenance of you! (Webpage with it's own domain name, but with you as the domain owner [1]).

I request you to set up such a page and to be the founder and maintainer. [2][3]

JOUBE

[1] based on standard software like Wordpress, Wikimedia, Drupal ...

[2] supported by us.

[3] No time for hobbies any more...