Preventing SPAM - Bots and Humans [*Read the First Post!*]

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785

How helpful did you find this guide?

Very helpful
160
79%
Somewhat helpful
32
16%
Not very helpful
11
5%
 
Total votes: 203

meyerII
Registered User
Posts: 6
Joined: Sat Dec 29, 2007 1:18 am

Re: Preventing SPAM - Bots and Humans [*Read the First Post!*]

Post by meyerII »

That was the one, thanks -- I seem to recall that there was more to it than that (hiding user profiles and groupcp), but that's all I was really after. I realize that it doesn't stop the spammers, but it gives me a good feeling to know that the memberlist will be hidden from the search engine crawlers so that anything they post on a profile will not help them in any way. ;)

 
momentum
Registered User
Posts: 1505
Joined: Thu Sep 20, 2007 4:07 am
Location: Melbourne, Australia

Re: Preventing SPAM - Bots and Humans [*Read the First Post!*]

Post by momentum »

In this post you'll find the whole of the redirect_annonymous_users_to_login_1.0.8 MOD which has been removed from the MODs database.

Craig.
QOTY: phpBB is free, good hosting is not. - robert (Lumpy Burgertushie)
User avatar
rsrikanth05
Registered User
Posts: 43
Joined: Thu Jun 16, 2005 9:09 am
Contact:

Re: Preventing SPAM - Bots and Humans [*Read the First Post!*]

Post by rsrikanth05 »

I tried going to this mod: http://www.phpbb.com/community/viewtopic.php?t=266787
It says I am not allowed to view it.
Is it because the mod was for phpBB2, and is no longer available?
.........
User avatar
ric323
Former Team Member
Posts: 22910
Joined: Tue Feb 06, 2007 12:33 am
Location: Melbourne, Australia
Name: Ric
Contact:

Re: Preventing SPAM - Bots and Humans [*Read the First Post!*]

Post by ric323 »

rsrikanth05 wrote:I tried going to this mod: http://www.phpbb.com/community/viewtopic.php?t=266787
It says I am not allowed to view it.
Is it because the mod was for phpBB2, and is no longer available?
It got removed in the recent database cleanup.
The first post will be updated shortly to link to an equivalent MOD which is still active.
The Knowledge Base contains solutions to many common problems!
How to fix "Doesn't have a default value" and "Incorrect string value: xxx for column 'post_text' " errors.
How to do a clean re-install of the latest phpBB3 version.
Problems with permissions? Read phpBB3 Permissions
ChuckStarchaser
Registered User
Posts: 11
Joined: Fri Sep 29, 2006 5:52 pm

Re: Preventing SPAM - Bots and Humans [*Read the First Post!*]

Post by ChuckStarchaser »

We have about a dozen antispam mods installed at our forum: Memberlist is hidden from non-registered users, captcha is on, time-based registration rejection, time-zone-based rejection, and many more. They each helped a bit, but what really made a huge difference, though, was textual confirmation. But NOT when we first installed it: We did add quite a few questions to it; but some spammers were still getting through... Finally we figured out the problem.

The problem was that Textual Confirmation comes with one question: Are you human?
You need to remove that question.

The problem with that is that spambots have already been programmed to answer yes. No matter how many other questions you might add, if even ONE question can be answered yes or no, spambots will try those two answers again and again until they hit the right question. Once we realized this, we got rid of all yes/no questions, and we haven't had a single spam registration in a whole year.

Until last week, that is. Obviously this was a human spammer who got through. Next day there were two more spam registrations. All 3 to spam about the same scam site. What I'm afraid is that they are going to spread the one right answer to other spammers, so I changed all the questions today. But anyways, nothing's been as effective as Textual Confirmation; but you need to make sure none of the questions have yes/no answers.

Well, we also have max registration attempts at two, and the wait to try again at several hours... :)
Cheers.
Count Karnstein
Registered User
Posts: 17
Joined: Mon Jun 30, 2008 11:57 pm

Re: Preventing SPAM - Bots and Humans [*Read the First Post!*]

Post by Count Karnstein »

Ok, my other post got locked, so I'll repost it here, where the moderator wants it. :)
__________________________
I just cannot believe this. I've tried everything to prevent spam sign-ups. The visual identification where you have to enter a series of numbers is utterly useless. Setting it so that the admin must approve the registration is also pointless because I end up having to sign in and delete half a dozen new spam accounts every day.

Why has phpBB never taken the simple, logical step of having a simple setting in the control panel/configuration that turns off all registration?

I came up with my own solution, which worked perfectly. In the disallowed username field, I simply added an asterisk (*) and that's all. It's a wildcard. In other words, no matter what user name you try registering, it says "that userame not allowed". Worked fine. No need to go weed out the daily spam accounts, and when someone wanted to join, I simply disabled that setting, signed them up, and re-enabled it.

Well, just now I got a new spammer signed up despite the (*) wildcard filter being on. He signed up as:

Íàøà Ìàøà :$)

And it has a spam link in it, it's definitely a spammer account. (Note: I added an $ between the : and the ) so that the forum would not turn it into a smiley emoticon. Take out the $ and it's a cut and paste of the original user name.

How the hell did he bypass the filter that disallows ALL usernames? :evil:

phpBB really needs to address this terrible weakness. So what do I do now? I certainly don't want to go back to having to delete multiple spam accounts each day. There must be a way to simply disable all registration. I can't understand why phpBB developers would not have thought of this. It's the best and easiest solution.

I'm not interested in any fix that I've seen or heard of so far where it requires someone who wants to sign up to enter a visual ID number or to answer a question because those are so easy to circumvent it isn't funny. I thought my wildcard filter that disallowed ANY username was brilliant, simple, and did the job perfectly for several months now. So how can someone get around that? And how can I set it so that they never do again?

I hope someone has an answer that works. Thanks in advance! ;)
_____________________________

I looked through the various solutions posted in this thread, but none seem to be a solution. In other words, they don't save me any work. So, a few questions:

1. How was this spammer able to bypass my wildcard disallowed username filter? It's set to disallow ANY username, so there should be no way for him to sign up, right? How did he get past that?

2. How do I completely shut off registration? That's the only workable solution I can see. If I can set it so that nobody can sign up, I never need to even go in and clean up spam accounts or fool around with new mods or software. I just turn it on when I want to sign up a new person and then turn it back off.
User avatar
ric323
Former Team Member
Posts: 22910
Joined: Tue Feb 06, 2007 12:33 am
Location: Melbourne, Australia
Name: Ric
Contact:

Re: Preventing SPAM - Bots and Humans [*Read the First Post!*]

Post by ric323 »

Install the "RAC MOD" or the "Security Question MOD", and that will instantly stop all SPAMbots from registering on your board.
Both are recommended in the first post.

Yes, it appears some random strings can get past disallowing "*". That method of stopping registrations is only a a crude kludge anyway.
The Knowledge Base contains solutions to many common problems!
How to fix "Doesn't have a default value" and "Incorrect string value: xxx for column 'post_text' " errors.
How to do a clean re-install of the latest phpBB3 version.
Problems with permissions? Read phpBB3 Permissions
User avatar
RMcGirr83
Former Team Member
Posts: 22011
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr

Re: Preventing SPAM - Bots and Humans [*Read the First Post!*]

Post by RMcGirr83 »

Count Karnstein wrote: Why has phpBB never taken the simple, logical step of having a simple setting in the control panel/configuration that turns off all registration?
If you want to totally disable registration, I did find this mod that will do just that. Though it isn't a validated mod on here, it does work. If you have problems with it though, you will have to seek support from the site that you get it from.

Hope it helps.
Former Modifications/Extensions Team Member | My extensions | github | All requests for support via PM will be ignored
Appreciate the extensions/mods/support then buy me a beer Image
User avatar
karlsemple
Former Team Member
Posts: 39802
Joined: Mon Nov 01, 2004 8:54 am
Location: Hereford, UK
Contact:

Re: Preventing SPAM - Bots and Humans [*Read the First Post!*]

Post by karlsemple »

Registration Stopper is a validated mod for giving an option to disabled registration :)
Image
User avatar
RMcGirr83
Former Team Member
Posts: 22011
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr

Re: Preventing SPAM - Bots and Humans [*Read the First Post!*]

Post by RMcGirr83 »

Karl has all the best bookmarks. :(
Former Modifications/Extensions Team Member | My extensions | github | All requests for support via PM will be ignored
Appreciate the extensions/mods/support then buy me a beer Image
Count Karnstein
Registered User
Posts: 17
Joined: Mon Jun 30, 2008 11:57 pm

Re: Preventing SPAM - Bots and Humans [*Read the First Post!*]

Post by Count Karnstein »

Thanks! That registration stopper sounds like just what I need. The question things to stop the spam bots is pointless, because I always only get live spammers it seems. Now, the last two questions are...

Does it work with all versions of 2.0? I see 2.0.19 and 2.0.22 listed, but I have 2.0.23 running.
How do I install it? I unzip it, and where do I upload the files to?
User avatar
ric323
Former Team Member
Posts: 22910
Joined: Tue Feb 06, 2007 12:33 am
Location: Melbourne, Australia
Name: Ric
Contact:

Re: Preventing SPAM - Bots and Humans [*Read the First Post!*]

Post by ric323 »

Count Karnstein wrote:The question things to stop the spam bots is pointless, because I always only get live spammers it seems.
How do you know they are live?
Modern SPAMbots can solve CAPTCHA images, respond to emails, and make posts....
Does it work with all versions of 2.0? I see 2.0.19 and 2.0.22 listed, but I have 2.0.23 running.
There are only minor differences between 2.0.22 and 2.0.23, so anything that works on 2.0.22 is almost certainly going to work on 2.0.23.
How do I install it? I unzip it, and where do I upload the files to?
There are several articles in the Knowledge Base describing how to install MODs. Follow the link in my sig.
The Knowledge Base contains solutions to many common problems!
How to fix "Doesn't have a default value" and "Incorrect string value: xxx for column 'post_text' " errors.
How to do a clean re-install of the latest phpBB3 version.
Problems with permissions? Read phpBB3 Permissions
Count Karnstein
Registered User
Posts: 17
Joined: Mon Jun 30, 2008 11:57 pm

Re: Preventing SPAM - Bots and Humans [*Read the First Post!*]

Post by Count Karnstein »

Yikes! That's too techy for me. I think I'm going to be stuck doing it the prehistoric way and just using the wildcard filter. Thanks anyway, but trying to figure all those steps out will have me up all night and my blood pressure 30 points higher. :cry:
User avatar
ric323
Former Team Member
Posts: 22910
Joined: Tue Feb 06, 2007 12:33 am
Location: Melbourne, Australia
Name: Ric
Contact:

Re: Preventing SPAM - Bots and Humans [*Read the First Post!*]

Post by ric323 »

Count Karnstein wrote:Yikes! That's too techy for me. I think I'm going to be stuck doing it the prehistoric way and just using the wildcard filter. Thanks anyway, but trying to figure all those steps out will have me up all night and my blood pressure 30 points higher. :cry:
It's just inserting a couple of bits of text into your PHP files.
Search, copy, paste, repeat several times...

So long as you keep backups of the originals before you start, you can't go too far wrong. :)
The Knowledge Base contains solutions to many common problems!
How to fix "Doesn't have a default value" and "Incorrect string value: xxx for column 'post_text' " errors.
How to do a clean re-install of the latest phpBB3 version.
Problems with permissions? Read phpBB3 Permissions
mcdogs
Registered User
Posts: 112
Joined: Sun Apr 04, 2004 8:54 am
Location: Wolverhampton, UK
Contact:

Re: Preventing SPAM - Bots and Humans [*Read the First Post!*]

Post by mcdogs »

Help Please

I have just manually installed this and logged out to see if it works.

I get the normal page asking to confirm if over 14, choose yes and then i get a normal register page but with this error emssage at the top:

The authorization code you have entered is incorrect. The location of the code should be stated on the registration page. Please try again.

It has not asked me to enter the code or anything, what have I done wrong ?

Thanks
When you think things can't get any worse, THINK AGAIN !
Locked

Return to “2.0.x Support Forum”