Split from spam topic [*Read The First Post*]

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Albert Wiersch
Registered User
Posts: 145
Joined: Sat Dec 11, 2004 6:00 pm
Location: Dallas, TX
Name: Albert Wiersch
Contact:

Post by Albert Wiersch »

alan keys wrote: gents

what do you recommend then for automatic posters that allways leave p*rn URL's as their websites ?
its not the messages that are a problem it is the posting of websites with illegal content. to which u then link..


Require registration for posting and use the myVIPcode mod talked about earlier in this thread. Automated posters (bots) can't get past it without human help.

morestuff
Registered User
Posts: 816
Joined: Sun Aug 20, 2006 6:19 am

Re: Cracker Tracker Professional 2nd Edition

Post by morestuff »

asdil12 wrote: I prefer Cracker Tracker Professional 2nd Edition
[link removed]


this is not suggested to use .

it has it's own security problems. and besides that, it lies to you about how many "exploits" it has blocked.

if you notice, when you first install it and think it says it has already blocked 6 exploits.

phild
Registered User
Posts: 35
Joined: Mon Apr 04, 2005 11:05 pm

Post by phild »

Second day of having the vipcode mod installed and no spammers. Typically in two days I would have had at least half a dozen and probably more :)

I am happy! 8)
____________
Regards
Phil

User avatar
Ramon Fincken
Registered User
Posts: 4835
Joined: Thu Oct 14, 2004 1:04 am
Location: NL, The Netherlands Amsterdam area @GMT +1
Contact:

Post by Ramon Fincken »

phild wrote: Second day of having the vipcode mod installed and no spammers. Typically in two days I would have had at least half a dozen and probably more :)

I am happy! 8)



yes that is a good mod AND easy to install :)

Albert Wiersch:
* when will this mod be submitted to the DB ?
* if you need an ACP integration let me know :)
Dutch quality fully managed WordPress hosting - ManagedWPHosting.nl

Before changing a file, some code or installing a MOD >> Make a backup first!

Do you like my mods? paypal me $1 :) forumsoftware[AT}creativepulses[DOT}nl [/size]
PhpBBantispam.com || Instant find your mod here

gayle28607
Registered User
Posts: 12
Joined: Fri Jan 24, 2003 12:28 am
Contact:

Post by gayle28607 »

Question for Marshalrusty or anyone:

I chose to modify the files as per Marshalrusty's suggestions for the VIP mod. I think it went fine, but... I feel like an idiot. The user reg page looks good, and points the person registering to the page where I will put the code. But where do I configure the board with the code I selected? Is there supposed to be an option on the config file page now where I could insert it? I have no idea.
Gayle

alvo
Registered User
Posts: 712
Joined: Thu Jun 22, 2006 3:57 am

Post by alvo »

Albert Wiersch wrote: Require registration for posting and use the myVIPcode mod talked about earlier in this thread. Automated posters (bots) can't get past it without human help.


You don't need to require registration to stop spam bots. Anything that you do to stop them from registering can be use to stop them from guest posting. I added the Anti Bot Question mod that does it work in both places and there's no spam anymore (been a couple of months now).

The problems I see with the VIP mod mentioned is that their is only one number used rather than a more random selection. That makes it easier to get around, especially if they know where the number is going to be stored on your site. If they got that then the actual number used is irrevelent. Another problem is that it's hard coded into the code itself, making it a somewhat cumbersome process just to change it. Lastly it is a useability problem to make someone leave in the middle of a registration to go find another page so they can cut-and-paste a number on that page back in the middle of their registration. If you're interested in having maximum growth in your forum you don't want to be making the process any more difficult than you have to. The more difficult something is to do, the less people are going to do it.

User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29253
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Post by Marshalrusty »

asdil12 wrote: I prefer Cracker Tracker Professional 2nd Edition

Download: [Link removed as above]

I would strongly recommend not following this advise. We took that MOD apart edit by edit some time ago and found a number of issues, some of which have already been fixed, some of which still exist.

The additions to search.php an usercp_register.php are useless as flood protection is now included by default. The MOD claims to increase security, but SPAM is not a security issue to begin with. Install at your own risk, and don't blame anyone but yourself if it doesn't work.

This has been posted ad nauseum, but I'll say it again: there is a big difference between security and SPAM. If you see a MOD that claims to increase security, be very very sceptical.

EDIT: And some of the code is now out of date.
gayle28607 wrote: I chose to modify the files as per Marshalrusty's suggestions for the VIP mod. I think it went fine, but... I feel like an idiot. The user reg page looks good, and points the person registering to the page where I will put the code. But where do I configure the board with the code I selected? Is there supposed to be an option on the config file page now where I could insert it? I have no idea.

You can stick it anywhere you like. You could even make a locked forum called "VIP code can be found here" with the VIP code in the description. Also note that I never suggested any of the MODs, although I also never said anything bad about this one ;)
alan keys wrote: what do you recommend then for automatic posters that allways leave p*rn URL's as their websites ?
its not the messages that are a problem it is the posting of websites with illegal content. to which u then link..

See the first post in this thread. If the built in features aren't doing enough, consider one or two of the MOD listed. Each is good in its own way. You should focus on stopping these bots from registering in the first place, not from posting.
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs

Zara
Registered User
Posts: 11
Joined: Sun Apr 16, 2006 10:12 pm

Post by Zara »

I wonder if it is possible to delete several threads at once.

I've been hit by SPAM and I have like 300 threads to delete, and it's complicated (well, it takes a lot o time) to manually delete every thread.

User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29253
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Post by Marshalrusty »

Zara wrote: I wonder if it is possible to delete several threads at once.

I've been hit by SPAM and I have like 300 threads to delete, and it's complicated (well, it takes a lot o time) to manually delete every thread.

Like I said above, use the moderator control panel: http://www.phpbb.com/support/guide/#section5_1

Then just check the boxes next to the topics you ant to remove and hit the 'delete' button. Should speed thing up :)
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs

gayle28607
Registered User
Posts: 12
Joined: Fri Jan 24, 2003 12:28 am
Contact:

Post by gayle28607 »

Thanks for this topic. Since I installed the VIP mod I have had no spam registrations. Even if this isn't a long term solution (see above), it has given me a few days of not having to delete spam registrations. Phew! May it continue a while longer.
Gayle

User avatar
Puggs
Registered User
Posts: 80
Joined: Mon Oct 06, 2003 3:53 am
Location: Melbourne, Australia
Contact:

Post by Puggs »

Hi

I have noticed a lot of new registrations on two of my forums, these don't seem to login at all. looking in the logs i notice that the is a lot of users coming directly to the profile.php?mode=register&agreed=true or using fake referers. So i created the following .htaccess file that will give a Forbidden error for any one who does not go via the correct pages.

Code: Select all

RewriteEngine On 
RewriteCond %{HTTP_REFERER} !^http://(.*)\.yoursite\.com/phpBB2/profile\.php\?mode=register(.*)$ [NC] 
RewriteCond %{REQUEST_URI} !^$ 
RewriteCond %{REQUEST_URI} ^/phpBB2/profile\.php(.*)$ [NC] 
RewriteCond %{QUERY_STRING} ^mode=register&agreed=true(.*)$ [NC] 
RewriteRule ^(.*)$ - [F]
So far there has been no fake registrations for the last 2 days, i hope thats the end of it. Hope this helps people.

User avatar
Ramon Fincken
Registered User
Posts: 4835
Joined: Thu Oct 14, 2004 1:04 am
Location: NL, The Netherlands Amsterdam area @GMT +1
Contact:

Post by Ramon Fincken »

can you point out any diferences with mine?

Code: Select all

RewriteEngine On   

RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .posting\.php*
RewriteCond %{HTTP_REFERER} !.*phpbbinstallers.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://www.google.com [R=301,L]  

RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .profile\.php*
RewriteCond %{HTTP_REFERER} !.*phpbbinstallers.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://www.google.com [R=301,L]  
Dutch quality fully managed WordPress hosting - ManagedWPHosting.nl

Before changing a file, some code or installing a MOD >> Make a backup first!

Do you like my mods? paypal me $1 :) forumsoftware[AT}creativepulses[DOT}nl [/size]
PhpBBantispam.com || Instant find your mod here

VictorSand
Registered User
Posts: 5
Joined: Wed May 19, 2004 10:09 am

Post by VictorSand »

i get several "undeliverable mail returned to sender" a day. mails containing attempts to sign up from adresses like asasfafafa@yahoo.com etc.

i get them back, but they still get trough (asasfafafa@yahoo.com is registred etc.) i jhave both user activation and visual confirmation on. i find it strange that the bots can come through anyway. is there some door i've left wide open?

User avatar
Ramon Fincken
Registered User
Posts: 4835
Joined: Thu Oct 14, 2004 1:04 am
Location: NL, The Netherlands Amsterdam area @GMT +1
Contact:

Post by Ramon Fincken »

VictorSand wrote: i get several "undeliverable mail returned to sender" a day. mails containing attempts to sign up from adresses like asasfafafa@yahoo.com etc.

i get them back, but they still get trough (asasfafafa@yahoo.com is registred etc.) i jhave both user activation and visual confirmation on. i find it strange that the bots can come through anyway. is there some door i've left wide open?



try the
* LEV mod ( http://www.phpbb.com/phpBB/viewtopic.php?t=280755 )
in combination with:
* VIP code mod / block all fields mod
Dutch quality fully managed WordPress hosting - ManagedWPHosting.nl

Before changing a file, some code or installing a MOD >> Make a backup first!

Do you like my mods? paypal me $1 :) forumsoftware[AT}creativepulses[DOT}nl [/size]
PhpBBantispam.com || Instant find your mod here

Albert Wiersch
Registered User
Posts: 145
Joined: Sat Dec 11, 2004 6:00 pm
Location: Dallas, TX
Name: Albert Wiersch
Contact:

Post by Albert Wiersch »

Ramon Fincken wrote: can you point out any diferences with mine?

Code: Select all

RewriteEngine On   

RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .posting\.php*
RewriteCond %{HTTP_REFERER} !.*phpbbinstallers.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://www.google.com [R=301,L]  

RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .profile\.php*
RewriteCond %{HTTP_REFERER} !.*phpbbinstallers.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://www.google.com [R=301,L]  


Did you know that a spammer can easily set the referer... and that some legitimate users use browsers or proxies that may be set not to provide a referer?

Locked

Return to “2.0.x Support Forum”