phpBB • Free and Open Source Forum Software

Callum95 wrote:If you use the Q&A captcha correctly you shouldn't need a modification. Use some unique, challenging (although not overly so) questions and you will be fine.~Callum

I agree completely. Why modify your forum, when an inbuilt module will do the job?

Thanks for the tips guys!

I'm curious what the plans are for the next version?

Since I find upgrading a pain (mainly due to my own lack of technical knowledge and experience ), I'm wondering if it's worth waiting for the next upgrade, or go with 3.0.8?

I find that my site slows down significantly when these waves of login attemps come in as well.

If I temporarily disable new registrations, will this reduce the load on the server?

Just out of interest, and this is not conclusive proof.... I've just changed all my Q&A questions, and in the last 6 hours, I've not had a single spammer register. This tends to indicate that they are not bypassing the Q&A, but have simply compiled a set of answers, that will, after enough ...

Yes that's a very handy resource!

I look up the IPs in stopforumspam.com, and if they're listed I block the single IP. I don't usually like to block IP ranges, as it can block many legit users as well, but from certain countries (which are known for spam and are unlikely to offer legit users) I sometimes do block the IP range too.

Just out of interest, and this is not conclusive proof.... I've just changed all my Q&A questions, and in the last 6 hours, I've not had a single spammer register. This tends to indicate that they are not bypassing the Q&A, but have simply compiled a set of answers, that will, after enough t...

Cpt. Blackbeard wrote:How do you know it's bots and not humans bypassing the Q&A?

We can't be sure, but the sheer volume that suddenly seems to get past the Q&A is a strong indication that they are bots, or at least something semi-automated.

I agree, it's such a waste of bandwidth and resources! It pretty much doubles you hosting requirements, if not more.

I've been running with Q&A for nearly a year and I have administrative activation. The questions I have are very specific to my niche interest group and can only be answered by careful reading of the site. In the last 3 weeks the number of attempted spam sign-ups has rocketed. Occam's razor say...

Thanks a lot Dog Cow!

WOw you've done well to make some automated script out for that... I had trouble seeing anything different than from normal logs, apart from the external URLs which will always be different of course...

Callum95 wrote:I've seen quite a few SQL injection attempt in my logs, but they're obvious. You wont be able to recognise spam in the logs though

~Callum

Obviously to you perhaps, but I would not have a clue how to identify that. Can you advice what to look for please? Cheers!

Thanks for the reality check, and putting thing in perspective! You make a good point!

I think it's the wasted bandwidth and server load that these clowns use that annoys me the most...

What about those that seem to continuously try to login using other people usernames, and presumably try to guess the passwords. Anyway to recognise them from the logs? There seems to be a huge increase of this activity in the last few days, as many members have reported that they get the message th...