Preventing SPAM - Bots and Humans [*Read the First Post!*]

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785

How helpful did you find this guide?

Very helpful
160
79%
Somewhat helpful
32
16%
Not very helpful
11
5%
 
Total votes: 203

User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 48144
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: Preventing SPAM - Bots and Humans [*Read the First Post!*]

Post by stevemaury » Thu Feb 07, 2008 6:21 pm

Welshcat wrote:
Well I'm not sure if the "hacks" (aka mods) I installed from these links are the same ones as some of the mods on this board, but from the descriptions they sound like they are.

The log registration IP mod is here: http://www.phpbbhacks.com/download/2975

And the photo visual confirmation is here: http://www.phpbbhacks.com/download/7937 (this one uses pics of animals and cars - the registrant has to pick the animals from the cars).

I simply changed the animal and car photos in the mod to something more specific when I installed it. However, less than 3 minutes after I actually installed the mod, one of those bots I have described above got through and managed to register. I can't see how someone would have tuned the bot to bypass that specifically after only 2 minutes, especially when it would have to a) learn which photos always appear and b ) actually be able to recognise which ones are correct.

The photo visual mod seems to have stopped human spammers from registering because they simply don't know the answer, but the bots still get through.

As for the RAC Mod, the question isn't something so straight forward either. It asks "what is maria sharapova's first grand slam title?" - a fan would easily know this, but not a bot and not necessarily a human spammer (incidentally it has also stopped the human spammers too but not the bot in question). Again, while the bot could have been tuned to answer this question specifically (I suppose it is possible that hundreds of spammers know the answer to this question), it shouldn't be able to get through this after just a few minutes of installing again.

So this bot must be designed to get through all these defences somehow.

But of course, one has to ask again: what is the incentive for the bots to keep registering if the website or signature fields never show up and they haven't even filled them in? Are they just registering for the sake of inputting their birthdays? Surely if they can bypass all of these mods then wouldn't they at least post some links in the website and signature fields rather than just filling in their date of birth?

Just to explain further, this is a screenshot of how the profile (myprofile space) of normal users or even human spammers etc would look on my forum:

Image

That is the only way their profiles can appear when they register.

Then this screenshot here is how the profiles appear for those spammers I have been referring to in my posts here so far. It's always exactly the same pattern:

Image

As you can see, the birthday field is always filled in. This causes headaches later because all of these spammers' birthdays appear at the bottom of the forum en masse and the profiles have to be amended each day.

Even if there isn't some mod to stop these spammers, is there some way for the birthdays to not appear at the bottom of the forum for these particular users, but to appear for everyone else who is legitimate?

Oh, and the other thing this bot can do is that it can still have usernames (and all variations of it) that have been specifically disallowed in the ACP.
The MODs you think you have in place, you don't. That picture thing is not working, for example. Go do a test registration and you will see. Install the RAC MOD. Done.
For REALLY good and VERY inexpensive hosting CLICK HERE

All unsolicited PMs will be ignored.

2by2host
Registered User
Posts: 33
Joined: Fri Oct 19, 2007 7:50 pm
Contact:

Re: Preventing SPAM - Bots and Humans [*Read the First Post!*]

Post by 2by2host » Fri Feb 08, 2008 5:56 pm

Lumpy Burgertushie wrote:
2by2host wrote:Here’s a pretty interesting online tool that checks your phpBB forum for vulnerabilities to SPAM. It’s completely anonymous and free. All you need to do is type in your URL and it will produce the results.
http://www.phpbbcustomization.com/tools.php

Any comments, suggestions and bug reports are welcome.
harvesting email addresses is hardly the main problem with spammers in phpbb.

all you have to do is set email via board to yes and that problem goes away.


robert
We actually updated the tool and now it also checks for bot registrations to see if they go through. This is the main issue for most phpBB forums.

Welshcat
Registered User
Posts: 81
Joined: Sat Sep 02, 2006 5:26 pm
Contact:

Re: Preventing SPAM - Bots and Humans [*Read the First Post!*]

Post by Welshcat » Fri Feb 08, 2008 10:15 pm

stevemaury wrote:
Welshcat wrote:
Well I'm not sure if the "hacks" (aka mods) I installed from these links are the same ones as some of the mods on this board, but from the descriptions they sound like they are.

The log registration IP mod is here: http://www.phpbbhacks.com/download/2975

And the photo visual confirmation is here: http://www.phpbbhacks.com/download/7937 (this one uses pics of animals and cars - the registrant has to pick the animals from the cars).

I simply changed the animal and car photos in the mod to something more specific when I installed it. However, less than 3 minutes after I actually installed the mod, one of those bots I have described above got through and managed to register. I can't see how someone would have tuned the bot to bypass that specifically after only 2 minutes, especially when it would have to a) learn which photos always appear and b ) actually be able to recognise which ones are correct.

The photo visual mod seems to have stopped human spammers from registering because they simply don't know the answer, but the bots still get through.

As for the RAC Mod, the question isn't something so straight forward either. It asks "what is maria sharapova's first grand slam title?" - a fan would easily know this, but not a bot and not necessarily a human spammer (incidentally it has also stopped the human spammers too but not the bot in question). Again, while the bot could have been tuned to answer this question specifically (I suppose it is possible that hundreds of spammers know the answer to this question), it shouldn't be able to get through this after just a few minutes of installing again.

So this bot must be designed to get through all these defences somehow.

But of course, one has to ask again: what is the incentive for the bots to keep registering if the website or signature fields never show up and they haven't even filled them in? Are they just registering for the sake of inputting their birthdays? Surely if they can bypass all of these mods then wouldn't they at least post some links in the website and signature fields rather than just filling in their date of birth?

Just to explain further, this is a screenshot of how the profile (myprofile space) of normal users or even human spammers etc would look on my forum:

Image

That is the only way their profiles can appear when they register.

Then this screenshot here is how the profiles appear for those spammers I have been referring to in my posts here so far. It's always exactly the same pattern:

Image

As you can see, the birthday field is always filled in. This causes headaches later because all of these spammers' birthdays appear at the bottom of the forum en masse and the profiles have to be amended each day.

Even if there isn't some mod to stop these spammers, is there some way for the birthdays to not appear at the bottom of the forum for these particular users, but to appear for everyone else who is legitimate?

Oh, and the other thing this bot can do is that it can still have usernames (and all variations of it) that have been specifically disallowed in the ACP.
The MODs you think you have in place, you don't. That picture thing is not working, for example. Go do a test registration and you will see. Install the RAC MOD. Done.
I have already installed the RAC mod and the bots still get through. So it is not "done" as you say. RAC may stop a bot that goes through the usual process of registering and filling out the form, but if it uses a system where it doesn't even have to use the form but can submit the information directly then that is where RAC fails.

And as for the picture visual confirmation, that's because I have disabled it temporarily (since bots still got in less than 5 mins after I installed it and did test registrations), not because I haven't managed to get it to work. RAC or picture confirmation doesn't keep out the bots from registering if they can bypass that without even having to answer the question.

I have tried a range of different spam prevention mods, as you'll see I've been discussing in this topic here: http://www.phpbb.com/community/viewtopi ... &start=300 (this is a mod that hides certain field and also prevents a bot from registering if they attempt to fill out those hidden fields). Your simplistic solution of merely suggesting the RAC mod as some kind of catch-all is not satisfactory in this case. If these were able to keep this particular variety of bot from registering, I wouldn't be still discussing the problem here on these threads.

User avatar
ric323
Former Team Member
Posts: 22908
Joined: Tue Feb 06, 2007 12:33 am
Location: Melbourne, Australia
Name: Ric
Contact:

Re: Preventing SPAM - Bots and Humans [*Read the First Post!*]

Post by ric323 » Fri Feb 08, 2008 10:27 pm

Welshcat wrote: I have already installed the RAC mod and the bots still get through. So it is not "done" as you say. RAC may stop a bot that goes through the usual process of registering and filling out the form, but if it uses a system where it doesn't even have to use the form but can submit the information directly then that is where RAC fails.
That is incorrect. The RAC answer must be in the information submitted. If that bypasses the RAC MOD, then it is not installed correctly.
The Knowledge Base contains solutions to many common problems!
How to fix "Doesn't have a default value" and "Incorrect string value: xxx for column 'post_text' " errors.
How to do a clean re-install of the latest phpBB3 version.
Problems with permissions? Read phpBB3 Permissions

User avatar
Lumpy Burgertushie
Registered User
Posts: 63346
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Preventing SPAM - Bots and Humans [*Read the First Post!*]

Post by Lumpy Burgertushie » Fri Feb 08, 2008 11:17 pm

most likely you need to uninstall all the different things you have done and simply install the RAC MOD.

if you have a bot that is bypassing it, you are the only one out of many, many thousands of people that have been using it for over a year with no "bot" registrations.

for your information, bots do not ever see the registration form or the page etc. they are "bots" they are scripts that scour the internet for phpbb boards. when they find one, they send queries/commands straight to the database trying to create all the correct entries to make a registration. all you have to do is create something that is not standard, something that they do not know how to program in to the script, and you stop them.

that is what the RAC MOD and the security question and some of the better captchas do. the registration process requires a human being to anwer questions, etc. in order to get thru the process.

now, if you are getting registrations like this, it is either a human or ,it is a bot that is designed for your site in particular ( not likely ), or it is because you have so many conflicting bits of code installed that nothing is working any longer.
This is not about trying to just give out a simple answer. It is because we have been fighting the spam bot problem for years now and finally we have a couple of MODs that have worked 100% so far.

I would suggest that you rename your phpbb folder, upload a new one , name it the same as your old one.
copy your old config.php file to it, make sure the install and contrib folders are deleted.

Install the RAC MOD to that board and see what happens.


robert
I am available for custom work on a donation basis. Please send me a PM with your needs.
Premium phpBB 3.2 Styles by PlanetStyles.net

Welshcat
Registered User
Posts: 81
Joined: Sat Sep 02, 2006 5:26 pm
Contact:

Re: Preventing SPAM - Bots and Humans [*Read the First Post!*]

Post by Welshcat » Fri Feb 08, 2008 11:20 pm

ric323 wrote:
Welshcat wrote: I have already installed the RAC mod and the bots still get through. So it is not "done" as you say. RAC may stop a bot that goes through the usual process of registering and filling out the form, but if it uses a system where it doesn't even have to use the form but can submit the information directly then that is where RAC fails.
That is incorrect. The RAC answer must be in the information submitted. If that bypasses the RAC MOD, then it is not installed correctly.
The RAC answer is in the information submitted, and it stops perhaps 98% of the bots from registering because they not only have to fill this field in but they also need to know the answer. The answer is something which, while it can be looked up or maybe be known to some people, will not be known to everyone, but only the types of people I want registering. However, these particular bots can not only bypass this but also bypass the disable registration mod that should prevent them from registering in the first place if they try to fill in the hidden ICQ or birthday fields.

If the bot is able to bypass the registration process so that a profile that is supposed to end up looking like this:

Image

always ends up looking like this:

Image

only whenever these particular bots register, then that would suggest that they may have some means of getting round these defences.

Welshcat
Registered User
Posts: 81
Joined: Sat Sep 02, 2006 5:26 pm
Contact:

Re: Preventing SPAM - Bots and Humans [*Read the First Post!*]

Post by Welshcat » Fri Feb 08, 2008 11:39 pm

Lumpy Burgertushie wrote:most likely you need to uninstall all the different things you have done and simply install the RAC MOD.

if you have a bot that is bypassing it, you are the only one out of many, many thousands of people that have been using it for over a year with no "bot" registrations.

for your information, bots do not ever see the registration form or the page etc. they are "bots" they are scripts that scour the internet for phpbb boards. when they find one, they send queries/commands straight to the database trying to create all the correct entries to make a registration. all you have to do is create something that is not standard, something that they do not know how to program in to the script, and you stop them.

that is what the RAC MOD and the security question and some of the better captchas do. the registration process requires a human being to anwer questions, etc. in order to get thru the process.

now, if you are getting registrations like this, it is either a human or ,it is a bot that is designed for your site in particular ( not likely ), or it is because you have so many conflicting bits of code installed that nothing is working any longer.
This is not about trying to just give out a simple answer. It is because we have been fighting the spam bot problem for years now and finally we have a couple of MODs that have worked 100% so far.

I would suggest that you rename your phpbb folder, upload a new one , name it the same as your old one.
copy your old config.php file to it, make sure the install and contrib folders are deleted.

Install the RAC MOD to that board and see what happens.


robert
Well a bot could have been designed, since I've just found out that my site has been hacked! Now it could be a human too who has some way to bypass it all, as it seems someone has been determined to attack my site. My front page portal is gone, and some of the forums were changed to "hacked" and the site was redirected to some address saying "site hacked" etc.

User avatar
ric323
Former Team Member
Posts: 22908
Joined: Tue Feb 06, 2007 12:33 am
Location: Melbourne, Australia
Name: Ric
Contact:

Re: Preventing SPAM - Bots and Humans [*Read the First Post!*]

Post by ric323 » Sat Feb 09, 2008 2:54 am

Welshcat wrote: Well a bot could have been designed, since I've just found out that my site has been hacked! Now it could be a human too who has some way to bypass it all, as it seems someone has been determined to attack my site. My front page portal is gone, and some of the forums were changed to "hacked" and the site was redirected to some address saying "site hacked" etc.
In that case, probably your protal or one of your many MODs was insecure. phpBB2.0.22 itself has been proven to be secure after 13 months in the field and no security patches required.
I'd suggest submitting this to the incident tracker if you have no idea how they got in. As already stated, there is no way to bypass the registration process on a clean board.
SPAMbots have to fetch the registration page, and solve the CAPTCHA image to be able to submit a valid registration post. Unfortunately they are now able to do that, as the same CAPTCHA algorithm is used on thousands of boards. Installing the RAC MOD, Security Question or Textual Confirmation allows each board administrator to customise the question and answer themselves, making it impossible for the SPAMbot authors to write a generic solution.
The Knowledge Base contains solutions to many common problems!
How to fix "Doesn't have a default value" and "Incorrect string value: xxx for column 'post_text' " errors.
How to do a clean re-install of the latest phpBB3 version.
Problems with permissions? Read phpBB3 Permissions

Welshcat
Registered User
Posts: 81
Joined: Sat Sep 02, 2006 5:26 pm
Contact:

Re: Preventing SPAM - Bots and Humans [*Read the First Post!*]

Post by Welshcat » Sat Feb 09, 2008 3:27 am

ric323 wrote:
Welshcat wrote: Well a bot could have been designed, since I've just found out that my site has been hacked! Now it could be a human too who has some way to bypass it all, as it seems someone has been determined to attack my site. My front page portal is gone, and some of the forums were changed to "hacked" and the site was redirected to some address saying "site hacked" etc.
In that case, probably your protal or one of your many MODs was insecure. phpBB2.0.22 itself has been proven to be secure after 13 months in the field and no security patches required.
I'd suggest submitting this to the incident tracker if you have no idea how they got in. As already stated, there is no way to bypass the registration process on a clean board.
SPAMbots have to fetch the registration page, and solve the CAPTCHA image to be able to submit a valid registration post. Unfortunately they are now able to do that, as the same CAPTCHA algorithm is used on thousands of boards. Installing the RAC MOD, Security Question or Textual Confirmation allows each board administrator to customise the question and answer themselves, making it impossible for the SPAMbot authors to write a generic solution.
Well I managed to get my forum and site back, but I don't know if they could still get in. I'll look into that incident tracker.

So if I removed the CAPTCHA mod that I previously installed, would the RAC mod possibly work more effectively?

User avatar
ric323
Former Team Member
Posts: 22908
Joined: Tue Feb 06, 2007 12:33 am
Location: Melbourne, Australia
Name: Ric
Contact:

Re: Preventing SPAM - Bots and Humans [*Read the First Post!*]

Post by ric323 » Sat Feb 09, 2008 3:44 am

Maybe. I don't know all the MODs you have installed, but I haven't yet seen a board where the RAC MOD could be bypassed if it was installed right.
It might be an idea to start your own topic, and fill in the full Support Request Template to describe all the things you have installed in it.
The Knowledge Base contains solutions to many common problems!
How to fix "Doesn't have a default value" and "Incorrect string value: xxx for column 'post_text' " errors.
How to do a clean re-install of the latest phpBB3 version.
Problems with permissions? Read phpBB3 Permissions

fotsau
Registered User
Posts: 4
Joined: Sat Feb 02, 2008 12:54 pm

Re: Preventing SPAM - Bots and Humans [*Read the First Post!*]

Post by fotsau » Sun Feb 10, 2008 10:47 am

Gday

I am getting registrations daily, with names that are just jumbled letters and not real email addresses. Already I am sick of deleting the users, (have set it so they cant post till i authorize them)

I viewed the RAC mod, and tried to work it in my forum, but everytime i make the changes, the forum on my website wont open. All i get is it saying "searching for fotsauphbb..blah blah, then it says done, and i have a blank page

Any ideas on what i am doing wrong?

thanks

fotsau

User avatar
ric323
Former Team Member
Posts: 22908
Joined: Tue Feb 06, 2007 12:33 am
Location: Melbourne, Australia
Name: Ric
Contact:

Re: Preventing SPAM - Bots and Humans [*Read the First Post!*]

Post by ric323 » Sun Feb 10, 2008 10:53 am

fotsau wrote: Any ideas on what i am doing wrong?
Not if you don't describe exactly what you are doing.
That MOD has been installed by hundreds of people, so it's something to do with how you are installing it.

Have a look at Knowledge Base - Installing MODs the Right Way
The Knowledge Base contains solutions to many common problems!
How to fix "Doesn't have a default value" and "Incorrect string value: xxx for column 'post_text' " errors.
How to do a clean re-install of the latest phpBB3 version.
Problems with permissions? Read phpBB3 Permissions

fotsau
Registered User
Posts: 4
Joined: Sat Feb 02, 2008 12:54 pm

Re: Preventing SPAM - Bots and Humans [*Read the First Post!*]

Post by fotsau » Tue Feb 12, 2008 10:46 am

G'day again.

Ok so it was very blonde of me not to put what adjustments i had made in the files....lesson learnt

I went in tonite to do it, and then post them here for you to look at, and it worked! The forum showed. It remains to be seen if it will stop the spammers, but if you dont hear from me, take it that it is working.

What i did want to ask...and this is prolly a very dumb question....but when you are installing a mod, is it important to keep the formatting? IE if the mod starts halfway across the page, should i tab to halfway across the page to paste it? That is what i did this time and it seems to have worked.

By the by, thanks for the support with this one. The dodgy registrations were driving me nuts!!!


FOTSAU

User avatar
ric323
Former Team Member
Posts: 22908
Joined: Tue Feb 06, 2007 12:33 am
Location: Melbourne, Australia
Name: Ric
Contact:

Re: Preventing SPAM - Bots and Humans [*Read the First Post!*]

Post by ric323 » Tue Feb 12, 2008 12:20 pm

fotsau wrote:What i did want to ask...and this is prolly a very dumb question....but when you are installing a mod, is it important to keep the formatting? IE if the mod starts halfway across the page, should i tab to halfway across the page to paste it? That is what i did this time and it seems to have worked.
The indentation doesn't matter in terms of functionality, but they do make the code easier to read.
You shouldn't need to add any tabs, the mod instructions should contain the correct formatting already.
The Knowledge Base contains solutions to many common problems!
How to fix "Doesn't have a default value" and "Incorrect string value: xxx for column 'post_text' " errors.
How to do a clean re-install of the latest phpBB3 version.
Problems with permissions? Read phpBB3 Permissions

User avatar
Lumpy Burgertushie
Registered User
Posts: 63346
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Preventing SPAM - Bots and Humans [*Read the First Post!*]

Post by Lumpy Burgertushie » Wed Feb 13, 2008 10:27 pm

when you copy from the MOD file, copy the lines and spaces as well and then paste them into the file exactly where it tells you and you will get the same look.

as ric said, it usually doesn't matter but it helps to learn to be very precise and accurate when doing MODs.

robert
I am available for custom work on a donation basis. Please send me a PM with your needs.
Premium phpBB 3.2 Styles by PlanetStyles.net

Locked

Return to “2.0.x Support Forum”

Who is online

Users browsing this forum: No registered users and 21 guests