Split from spam topic [*Read The First Post*]

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Locked
User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29253
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Post by Marshalrusty »

Taipo wrote: Would it be true to say though Marshalrusty that many of the spammer applications, applications used by spammers to post or request data from the webserver are in fact not web browsers, but independant applications, sometimes referred to as 'bots'.

Yes probably, but what does that change?
Taipo wrote: There is most certainly a lot of concern amongst phpBB administrators, enough for modders to make at least 21 hacks to prevent default flooding. But as you know, it doesn't take much effort for a spammer with knowledge of http headers to packet capture a header and rebuild it in their spammer applications/attack tools (lets call it what it is) using any custom changes made to the default scripts by many of these anti-spam mods.

Most of these tools simply alter the way phpBB handles registration, so of course if the spammer alters the script to work with each specific site, many of the MOD will be useless. Since most spammers use premade scripts and have no idea how they actually work, MODs like the VIP code or the humanizer may be somewhat effective.
Taipo wrote: The basic ideas of course need developing. The eventual result I think, needs to be a all encompassing security class file which also handles all sanitising of inputs, timers to pick up flooding attempts etc to be required_once into the head of every php script in the phpBB system with user controls in the ACP. But its main function would be to request cookies, send expired cookies and even make javscript requests in order to determine if a the browser viewing the forums is in fact an established web browser and not some spam bot BEFORE allowing the rest of the php script to load.

This is practically impossible, unfortunately.

Back-porting the various spam prevention tools (including the new CAPTCHA) from phpBB 3.0 certainly isn't a bad idea in my opinion, however this is something that is up to the developers, and they may have very good reasons for not doing it.
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs

lightwait
Registered User
Posts: 38
Joined: Tue Jan 17, 2006 9:44 pm

What do I do?...

Post by lightwait »

I am a novice!

What do I do with MyVipCode?

I downloaded, now please give explicit directions on what to do?

Thank you in advance,

Keith

viewletbuddy
Registered User
Posts: 3
Joined: Tue Oct 10, 2006 9:09 pm

Spam

Post by viewletbuddy »

I use the Visual confirmation and get 10-20 new (fake) users over a weekend period and several a day....so it doesn't work. I use the Admin feature and have to approve each one...as well as delete them. I started to add their domain to the Block list as I delete....helps a little.

I think I would like to try some of the mods....the VIP one looks good.

Just my 2 cents to agree that the Bots and Scripts have no problem getting in.

ViewletBuddy
www.qarbon.com

User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29253
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Re: What do I do?...

Post by Marshalrusty »

lightwait wrote: I downloaded, now please give explicit directions on what to do?

Knowledge Base - How to Install MODs :wink:
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs

Taipo
Registered User
Posts: 174
Joined: Fri Jan 07, 2005 9:25 pm
Contact:

Post by Taipo »

Yes probably, but what does that change?


Well that means that there are behaviours that these spam scripts/bots/applications do when connecting to a webserver in order to send spam, that a browser does not do.

example: a web browser will return a valid cookie and drop an expired one. So if your security script first sent a valid cookie, and an expired cookie. If either the valid cookie is returned, or the expired one was not returned then the script would allow the continuation of the page to load. Conversely the opposite would say to me that this was not a legitimate browser trying to access the forums, and call a page die().
Since most spammers use premade scripts and have no idea how they actually work, MODs like the VIP code or the humanizer may be somewhat effective.


This is where I would have to partially disagree. I would divide the spammers into two groups. Group one are those that are using spam tools as forms of spreading their advertisements. This lot would tend to be the ones you are referring to. However there is also a fairly large lot of individuals out there that use the raft of http request header tools out there in order to attack database backed scripts. Some of the security mods actually address one of these issues, that of dictionary password cracking.

Again having a security system that first demands that any application wishing to browse a website first understand some semi-advanced functions of cookies would most certainly put a stop to the current range of http header attack tools, of which, i have only seen one that handles cookies in that manner.

Taipo
Registered User
Posts: 174
Joined: Fri Jan 07, 2005 9:25 pm
Contact:

Post by Taipo »

example code

Code: Select all

<?php

$phpbbkey = "phpbbsecure2007"; // change this to whatever you want

// set up the hashes needed
$phpbbsecurehash = MD5($_SERVER["REMOTE_ADDR"] . $_SERVER["HTTP_USER_AGENT"] . $_SERVER["HTTP_HOST"] . $_SERVER["DOCUMENT_ROOT"] . $_SERVER["SERVER_SOFTWARE"] . $_SERVER["PATH"] . $phpbbkey);
$phpbbexpiredcookie = MD5($_SERVER["HTTP_USER_AGENT"] . $_SERVER["HTTP_HOST"] . $_SERVER["DOCUMENT_ROOT"] . $_SERVER["PATH"]);
$phpbbsafe = "phpbbSafeCookie_" . MD5($_SERVER["DOCUMENT_ROOT"] . $_SERVER["REMOTE_ADDR"] . $phpbbkey);
$phpbbtripwire = md5(uniqid(time()));

// first thing we do is check that the browser can return a legit cookie
if ($_COOKIE[$phpbbsafe] != $phpbbsecurehash) { 
  setcookie($phpbbsafe, $phpbbsecurehash);

  // next we send an expired cookie
  setcookie($phpbbtripwire, $phpbbexpiredcookie,time()-99999999);

  // reload
  header("Location: http://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); 
  exit(); 
} 

// last we check to see if the browser has rejected the expired cookie - as it should do
if ($_COOKIE[$phpbbtripwire] == $phpbbexpiredcookie) { 
die();
}

unset($phpbbsafe);
unset($phpbbtripwire);
?>

colinb
Registered User
Posts: 101
Joined: Sat Jun 29, 2002 10:50 am
Location: UK
Contact:

Post by colinb »

alvo wrote: At least not the one that comes with phpBB as it's virtually worthless. There are spam bots programmed to read and solve it.


I agree. It hasn't slowed down my spam registrations at all.
alvo wrote: Another plus to using this mod over the supplied VC is that blind and sight impared people can use it, something they can't do with the phpBB VC. .... You should write your own questions and I would recommend not using the picture option as it needlessly complicates things and also makes it hard or impossible for sight impaired people to answer it.


That's a very good point, and one I hadn't considered. Here in the UK (and Europe) we have website accessibility laws now and every responsible webmaster is striving for improved accessibility, so the suggested Anti Bot Question Mod is worth looking into. Thanks for the suggestion!

CB

InertiaM
Registered User
Posts: 134
Joined: Wed Mar 08, 2006 9:03 am
Location: Kent, UK

Post by InertiaM »

A warning to all - the spammers appear to have changed tactics.

I have self-written MODs in place to keep spammers out. The last spam registration I had to delete was about 6 weeks ago.

However, today, my spam system caught a new occurrence. A human registered 8 days ago (and yes, it was definitely a human). No website address was given.

Today, that user tried to amend their website to include a drug link - 8 days AFTER registration.

I suggest you all check your memberlists !!

colinb
Registered User
Posts: 101
Joined: Sat Jun 29, 2002 10:50 am
Location: UK
Contact:

Post by colinb »

I've also seen an increase in human registrations. They first register, usually with "USA" in the location field, and nothing else. Email often follows a pattern, such as A_Person@hotmail.com or ap_123@yahoo.com and the registrations just sit there for a week or so. They strike by adding links to phentermine or porn video about a week later.

Maybe I'm paranoid, but I'm deleting a lot of registrations at this stage now - at the risk of some of them being bona fide. Too bad. I'm also putting very broad wildcard bans on IP addresses, often putting a wildcard asterisk after the first two sets of digits. I think I've caught one persistent spammer because some registrations (according to a pettern I've determined) have stopped.

Maybe we should all pool our email and IP block lists?

CB

Mortemorte
Registered User
Posts: 185
Joined: Tue Nov 08, 2005 11:16 pm

Post by Mortemorte »

Ip banning is not a real solution, mostly those are infected pc's which will be used only a few times and than they skip to another infected pc.
In the end you ban "innocent" ip's with mostly not a fixed ip (like US has loads of dialin accounts and they change ip's constantly).
Banning proxies is on the otherhand more usefull.
Keep track of th accounts you delete, create a list with all information that was provided in the profile and base your disallow usernames/e-mail on that.
That list you create will also be usefull when phpBB3 will be out when there will be other means of preventing spambots

AshleyPither
Registered User
Posts: 8
Joined: Mon Oct 09, 2006 1:04 pm

Post by AshleyPither »

Please can someone help a beginner!

I've been reading through this thread and what I have tried to do is ban 'Guest' from posting messages (as detailed in the first posting). I went to; Forum Admin, Permissions, and under Simple Mode changed the drop down to Registered, then clicked Submit.....but I can still post under 'Guest'

I am obviously overlooking something silly

Thanks,

Mortemorte
Registered User
Posts: 185
Joined: Tue Nov 08, 2005 11:16 pm

Post by Mortemorte »

You did do it for every section?
See the userguide for explanation on what what does http://www.phpbb.com/support/guide/#section3_1_2

AshleyPither
Registered User
Posts: 8
Joined: Mon Oct 09, 2006 1:04 pm

Post by AshleyPither »

Thanks for the speedy reply

Didn't do it for View and Read. Post, Reply, Edit, etc are now set to 'Registered'.

Any ideas? I assume 'Guest' is not a 'Registered' user?

colinb
Registered User
Posts: 101
Joined: Sat Jun 29, 2002 10:50 am
Location: UK
Contact:

Post by colinb »

AshleyPither wrote: I assume 'Guest' is not a 'Registered' user?


Definitely not. As a Guest anybody can post without registering. I don't allow this at all on my forums - it's asking for trouble these days.

CB

AshleyPither
Registered User
Posts: 8
Joined: Mon Oct 09, 2006 1:04 pm

Post by AshleyPither »

Thanks for the comments/suggestions. Just realised I needed to set the Permissions to 'Registered' for each of the Forums and that now seems to stop me Posting using Guest.

Locked

Return to “2.0.x Support Forum”