Problems with spammers!

The 2.0.x discussion forum has been locked; this will remain read-only. The 3.0.x discussion forum has been renamed phpBB Discussion.
ezlynx
Registered User
Posts: 81
Joined: Tue Sep 10, 2002 8:34 pm

Post by ezlynx »

Here are a couple other simple ideas for people who like to fiddle with their board (though the hack cited takes care of things fine):

1) edit the signup page to restrict what is entered when you join.
i.e. just have people sign up with name, password, and email. You accomplish this buy putting
<!-- BEGIN switch_edit_profile -->
before and
<!-- END switch_edit_profile -->
after whatever items you don't want filled in initially.

2) switch the order of signing up to name/email/pass+passconfirm (this is done on the profile_add_body.tpl). If filling in the blanks is a mindless thing, the signup will fail.

3) change the name of the action. I suggest this as you pull it up automatically without clicking on the accept register link at the bottom of the disclaimer when you use: profile.php?mode=register&agreed=true. You could change "register" to "sign_up" or anything at all. Changes would need to be made to these files:

profile.php
admin/admin_users.php
includes/usercp_register.php

Replace $mode == 'register' with $mode == 'NEW_NAME_OF_ACTION'
Also replace:
includes/page_header.php
386c386
< 'U_REGISTER' => append_sid('profile.'.$phpEx.'?mode=register'),
---
> 'U_REGISTER' => append_sid('profile.'.$phpEx.'?mode=NEW_NAME_OF_ACTION'),
jbsmith
Registered User
Posts: 220
Joined: Sun Jul 18, 2004 2:07 am

Post by jbsmith »

vrflyer wrote: How do I control spam e-mails though...

I guess my HOST is telling me I am spamming others with e-mails ? Is my host on crack > ?

How's this possible w/o any weird registrations on my memberlist....

I'm currently still using v2.0.4 with many hacks and also using v2.0.6 emailer.php.


You would have to get specific information about those emails before anyone can help you. THe complete headers would be a start.

Jordan
User avatar
vrflyer
Registered User
Posts: 503
Joined: Mon Feb 17, 2003 8:27 pm

Post by vrflyer »

jbsmith wrote:
vrflyer wrote:How do I control spam e-mails though...

I guess my HOST is telling me I am spamming others with e-mails ? Is my host on crack > ?

How's this possible w/o any weird registrations on my memberlist....

I'm currently still using v2.0.4 with many hacks and also using v2.0.6 emailer.php.


You would have to get specific information about those emails before anyone can help you. THe complete headers would be a start.

Jordan


Here's their supposedly SPAM e-mail sample they FWD me; coming from my shared hosting server...

Code: Select all


 Return-Path:
Received: from serverXX.totalchoicehosting.com
(ev1s-67-15-82-11.ev1servers.net [67.15.82.11] (may be forged))
by relay-sw.akma.spb.su (8.12.11/8.12.11) with SMTP id iB9BfBjR018228
for Thu, 9 Dec 2004 14:41:13 +0300
Received: from kypu (20.87.22.73)
by serverXX.totalchoicehosting.com; Thu, 9 Dec 2004 06:41:12 -0500
Date: Thu, 9 Dec 2004 06:41:12 -0500
From:
X-Mailer:
Reply-To:
X-Priority: 3 (Normal)
Message-ID: <0044________________0751@mos.net>
To: x
Subject:
ب𮪨頱索򰠳񫳣
蠲𮢠䫿 ᠭ蠨
񠳭?r /> MIME-Version: 1.0
Content-Type: multipart/mixed;
 boundary="----------773F9A39C5"
Status:

------------773F9A39C5
Content-Type: text/plain; charset=windows-1251
Content-Transfer-Encoding: 8bit

?뼸⻡󱫳㠨
򮢠𮢠䫿 ᠭ蠨
񠳭?/>
Αәő҂˟Ō сΐʓ
Ƞʎ̏˅ʒ?Ȟ рӍ Ƞ?͜
ώĠʋޗ.

ϐ΄??̀҅Ј?΂
Ƞ΁ΐӄ΂?ȟ ࠲દ宠

?񥱱󠰻 䫿 ᠭ蠨
񠳭??곯嫨, ⥭誨.
ί򬠰趠.

Ϯ䰮᭥報쮲𨲥
嬠񠩲堯䰥amp;#
56380;a href="http://smithminisoft.net/" class="cer_display_emailText"
target=_blank>http://smithminisoft.net/

ҥ뺠(812) 112-96-04, 920-15-90

Email: vittoro_hold@yahoo.ca


ͮ⠿ 먭婪ࠬ?Logitech: 幸
ự򰥥 蠲奮 Logitech
󫳷?򮷭?𮱲?绢?ᗁ
1;⠯夭嬠ﮪbr> 컸婠䫿 㥩쥰 İ󣨥
񲠭䠰򭻥 쮤嫨
觠먭婪蠌ifestyle 򮦥
񲠫蠫󷸥.
β쥲謠﮿⫥ꮫ?񨪠
񠢮笮歮񲼾
㮰觮뼭ﰮ갳򪨮
Ҡꦥ
컠⧿먠譲尢?񭮢ಥ뿠Lo
gitech Ġ?𥫠,
ꮲ頯䠫 br> 媮򮰻?򥰥񭻵
?ൠ觠豲蠬?Ϯ䰮᭥庠htt
p://www.izcity.com/lib/20072004.htm
------------773F9A39C5-- 
:roll:
Always Under Construction !
Graham
Former Team Member
Posts: 8462
Joined: Tue Mar 19, 2002 7:11 pm
Location: UK
Contact:

Post by Graham »

Well you should update to 2.0.11 ASAP as a first port of call.

That email has clearly not been sent by phpBB, but if you were running such an old version of the software, it is quite possible that the site has been compromised and someone has installed a mailing scrip ton it somewhere (or you had an insecure mailing script on it already - eg formmail)
"So Long, and Thanks for All the Fish"

phpBB Useful Links: Knowledge Base | Userguide | Forum Search | MOD Database | Styles Database
My Links: Blog!
webhostau
Registered User
Posts: 45
Joined: Thu Jun 10, 2004 3:00 am
Location: Melbourne AU

Post by webhostau »

im taking out the email section from the members list to slow down spam. But still, they keep trying. :D
~ Webhosting Melbourne
For all your web hosting needs visit http://www.webhostau.com
Chris Jay
Registered User
Posts: 1
Joined: Mon Jul 12, 2004 8:34 pm
Location: UK
Contact:

Post by Chris Jay »

I've been ready this thread with interest . It's recently come to my attention that any visitor to my board can access my member list and then grab my members e-mail addresses. I've tried to make the board as secure as possible, I'm quite new to this and thought I was making headway so I'm disappointed that this seems to be a failing with all phpBB boards, even this one.

My questions are;

1) Can I stop guests accessing the member list?

2) How do I do it?

Any assistance / guidance would be appreciated, with thanks
webhostau
Registered User
Posts: 45
Joined: Thu Jun 10, 2004 3:00 am
Location: Melbourne AU

Post by webhostau »

if you do a search above or go to the mod section Im pretty sure theres something on this topic.

cheers :D
~ Webhosting Melbourne
For all your web hosting needs visit http://www.webhostau.com
Graham
Former Team Member
Posts: 8462
Joined: Tue Mar 19, 2002 7:11 pm
Location: UK
Contact:

Post by Graham »

The simple option is to go to the General Config page of your Admin Panel and change it to "email via board" which is what we have here and you can see the email addresses themselves do not display, just a link to a form where you can send them a message if you are a member
"So Long, and Thanks for All the Fish"

phpBB Useful Links: Knowledge Base | Userguide | Forum Search | MOD Database | Styles Database
My Links: Blog!
webhostau
Registered User
Posts: 45
Joined: Thu Jun 10, 2004 3:00 am
Location: Melbourne AU

Post by webhostau »

Thank you Graham. Ive just updated that on my board.

cheers
~ Webhosting Melbourne
For all your web hosting needs visit http://www.webhostau.com
ezlynx
Registered User
Posts: 81
Joined: Tue Sep 10, 2002 8:34 pm

Post by ezlynx »

Chris Jay, you might also choose to completely remove the member list. There's also a hack that requires a person to be logged in before they can view a profile (which has an email). The "email via board", as pointed out, prevents direct viewing of the address.
Bodi
Registered User
Posts: 134
Joined: Sat Jan 11, 2003 8:53 pm
Location: The Netherlands
Contact:

Post by Bodi »

ezlynx wrote: 1) edit the signup page to restrict what is entered when you join.
i.e. just have people sign up with name, password, and email. You accomplish this buy putting
<!-- BEGIN switch_edit_profile -->
before and
<!-- END switch_edit_profile -->
after whatever items you don't want filled in initially. ,


Followed this advice and edited profile_add_body.tpl with these switches. I find this the easiest way to prevent spamming and it has more advantages like people not turning off BBcode and smilies (and than complain afterwards quoting and smilies don't work) or messing up time syntax the moment they sign up. Visual Confirmation often turns out to visual confusion :wink: with newbies so I don't want to use that on my board.
Outlaw Josie
Registered User
Posts: 14
Joined: Mon Jan 10, 2005 6:50 pm

Post by Outlaw Josie »

AfghanScorpion wrote: I'm having the same problem on my board. I just modded my board to discard any Web site address entered during registration. A Web site can be entered after an account is activated.

I just noticed that when I registered here, my registration did not appear in the member list until after I activated it. This an even better solution!


True most do not activate their registrations. But a few are getting wise to the first fix and are now entering the websites in their sig files instead.

I banned all email addresses from
*@azamail.biz
*@bitare.cjb.net

I Banned these IP addresses I looked up from the websites being listed - but they probably are not using these sites as ISPs so it was probably wasted effort:

213.248.55.94 - www.killhim.boom.ru
195.161.113.6 - http://sh1.rx4.org/
216.194.70.4 - bitare.cjb.net
69.31.82.97 - dominatrix-domination.com
66.199.234.226 - planbwebhost.com
69.50.191.135 - dj-sammy.djfuck.net
81.176.65.76 - proxylists.net
212.57.187.242 - 74mail.ru
209.202.240.100 - proxyclicker.tripod.com
jwig
Registered User
Posts: 56
Joined: Mon Dec 05, 2005 4:51 pm
Contact:

Post by jwig »

'm having the same problem on my board. I just modded my board to discard any Web site address entered during registration. A Web site can be entered after an account is activated.

I just noticed that when I registered here, my registration did not appear in the member list until after I activated it. This an even better solution!


Hi... can someone tell me how to make the registration not appear in the memberlist until after the user activates...? Or does this only work if the registration is admin-activated...?

Thanks,

J
Precious and Pleasant Boutique
http://www.PreciousAndPleasant.com
"An Elegant Boutique for Children and Their Mothers"
Free Shipping Code: 412103097
User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE
Contact:

Post by drathbun »

jwig wrote: Hi... can someone tell me how to make the registration not appear in the memberlist until after the user activates...? Or does this only work if the registration is admin-activated...?

Active Members Only
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image
jwig
Registered User
Posts: 56
Joined: Mon Dec 05, 2005 4:51 pm
Contact:

Post by jwig »

Thanks, I'm going to try it out!
Precious and Pleasant Boutique
http://www.PreciousAndPleasant.com
"An Elegant Boutique for Children and Their Mothers"
Free Shipping Code: 412103097
Locked

Return to “2.0.x Discussion”