How to prevent guest spamming (such as Pepotamo1985)

The 2.0.x discussion forum has been locked; this will remain read-only. The 3.0.x discussion forum has been renamed phpBB Discussion.
Locked
Kanuck
Former Team Member
Posts: 2791
Joined: Thu Jul 05, 2001 9:33 pm
Location: Toronto, Ontario

How to prevent guest spamming (such as Pepotamo1985)

Post by Kanuck »

People continue to come to this forum and ask how to stop the spam messages they're receiving from bots posting as guest users. Here are your options, in one post, so you don't need to read through nine pages and find them.

Option 1
Disable guest posting. Go to your administration panel, then to Forum Admin > Permissions, and change the mode from Public to Registered for all affected forums.

Option 2
Download the Visual Confirmation for Guests MOD here. I wrote it, so let me know if it causes any issues. PMs are fine, it isn't as if I get many at all. It will add visual confirmation for guest posting, identical to the visual confirmation seen at the registration page. It doesn't require GD or ImageMagick. Make sure visual confirmation is enabled in your administration panel.

Option 3
Download the Guest Post Visual Confirmation MOD, which uses GD or ImageMagick libraries to produce a visual confirmation image.

Option 4
Disable the posting of links for guests by applying the code found here.

It should be noted that this is not an exploit. If you have guest posting enabled, anybody can post; that's simple functionality, and this is nothing more than somebody taking advantage of a previously unabused feature. All of the options above will prevent automated spamming of your boards.
Kanuck
Former phpBB.com team member
wg_mithrandir
Registered User
Posts: 9
Joined: Fri Aug 15, 2003 3:47 pm
Location: Austria
Contact:

Post by wg_mithrandir »

Hi!

Is it possible that configuration of option 2/3 and 4 by using the admin-panel will be integrated in one of the future release or will it always need to make modifications to a plain installation? I think that some forums must not disable guest-posts - so these features would probably be nice ; - )

And, of course the visual confirmation is only the right choice if it works with your installed templates - or am I wrong?

bye, mith
"No! Please! I'll tell you whatever you want!" the man yelled.
"Really?" said Vimes. "What's the orbital velocity of the moon?"
~Night Watch [Terry Pratchett]
>>> http://www.withingames.net <<<
Kanuck
Former Team Member
Posts: 2791
Joined: Thu Jul 05, 2001 9:33 pm
Location: Toronto, Ontario

Post by Kanuck »

Don't know if they'll integrate it, but I'm pretty sure 3.0 is feature-frozen at this point.
Kanuck
Former phpBB.com team member
rogersjr
Registered User
Posts: 54
Joined: Mon Aug 18, 2003 11:33 pm
Location: Australia
Contact:

Re: How to prevent guest spamming (such as Pepotamo1985)

Post by rogersjr »

Option 4
Disable the posting of links for guests by applying the code found here.


Going to the above link produces the following:- What do I do with it?


diff -ruN phpBB-2.0.11/posting.php phpBB-2.0.11-noguestlinks/posting.php
--- phpBB-2.0.11/posting.php Thu Nov 18 21:02:13 2004
+++ phpBB-2.0.11-noguestlinks/posting.php Sun Feb 20 18:58:38 2005
@@ -545,6 +545,15 @@
$poll_length = ( isset($HTTP_POST_VARS['poll_length']) && $is_auth['auth_pollcreate'] ) ? $HTTP_POST_VARS['poll_length'] : '';
$bbcode_uid = '';

+ //
+ // Block all anonymous posts with URL tags. We don't want no spam.
+ // -- Daniel Roethlisberger <daniel@roe.ch>
+ //
+ if(!$userdata['session_logged_in'] && preg_match('/\[url|https?:\/\//i', $message))
+ {
+ message_die(GENERAL_MESSAGE, "Wegen Spam sind keine anonymen Postings mit Links erlaubt!");
+ }
+
prepare_post($mode, $post_data, $bbcode_on, $html_on, $smilies_on, $error_msg, $username, $bbcode_uid, $subject, $message, $poll_title, $poll_options, $poll_length);

if ( $error_msg == '' )
User avatar
3Di
Former Team Member
Posts: 16052
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milano 🇮🇹 - Frankfurt 🇩🇪
Name: Marco
Contact:

Re: How to prevent guest spamming (such as Pepotamo1985)

Post by 3Di »

rogersjr wrote:
Option 4
Disable the posting of links for guests by applying the code found here.


Going to the above link produces the following:- What do I do with it?


diff -ruN phpBB-2.0.11/posting.php phpBB-2.0.11-noguestlinks/posting.php
--- phpBB-2.0.11/posting.php Thu Nov 18 21:02:13 2004
+++ phpBB-2.0.11-noguestlinks/posting.php Sun Feb 20 18:58:38 2005
@@ -545,6 +545,15 @@
$poll_length = ( isset($HTTP_POST_VARS['poll_length']) && $is_auth['auth_pollcreate'] ) ? $HTTP_POST_VARS['poll_length'] : '';
$bbcode_uid = '';

+ //
+ // Block all anonymous posts with URL tags. We don't want no spam.
+ // -- Daniel Roethlisberger <daniel@roe.ch>
+ //
+ if(!$userdata['session_logged_in'] && preg_match('/\[url|https?:\/\//i', $message))
+ {
+ message_die(GENERAL_MESSAGE, "Wegen Spam sind keine anonymen Postings mit Links erlaubt!");
+ }
+
prepare_post($mode, $post_data, $bbcode_on, $html_on, $smilies_on, $error_msg, $username, $bbcode_uid, $subject, $message, $poll_title, $poll_options, $poll_length);

if ( $error_msg == '' )


did you read the phpBB 2.0.19's posting.php code?.. I did on the fly and I guess: nothing.. correct me if I'm wrong though.

thank you
To request support for our extensions you can also contact me here: phpBB Studio

Please PM me only to request paid works. Thx. Want to compensate me for my interest? Donate
My development's activity º PhpStorm's proud user º Extensions, Scripts, MOD porting, Update/Upgrades
🚀 Looking for a specific feature or alternative option? We will rock you! 🚀
rogersjr
Registered User
Posts: 54
Joined: Mon Aug 18, 2003 11:33 pm
Location: Australia
Contact:

Post by rogersjr »

I am using version 2.0.11 and wonder if the code is meant to be a new file. If so does it need to be referred to in another file.
p3980
Registered User
Posts: 1311
Joined: Sat Jul 23, 2005 5:02 pm

Post by p3980 »

rogersjr wrote: I am using version 2.0.11 and wonder if the code is meant to be a new file. If so does it need to be referred to in another file.

1) Upgrade
2) I beleive it goes in posting.php
Support Request Template <> Knowledge Base<>starfoxtj's Admin Toolkit
Member of the Unofficial Forum for phpBB.com Supporters
Image
rogersjr
Registered User
Posts: 54
Joined: Mon Aug 18, 2003 11:33 pm
Location: Australia
Contact:

Post by rogersjr »

Can you tell me how it goes into posting.php I tried a couple of ways but neither worked.
User avatar
Ramon Fincken
Registered User
Posts: 4835
Joined: Thu Oct 14, 2004 1:04 am
Location: NL, The Netherlands Amsterdam area @GMT +1
Contact:

Post by Ramon Fincken »

Here's my standard list I post to prevent spamming..

Kanuck if your methods have proven to be efficient and do not show up in the list below PM me the right urls !

Rfn


Anti spambot:
Some hints:
Bold hints are easy to set up. But anyhow you *must* update to the latest version of phpBB.

-Update to latest version of phpBB and make sure the visual confirmation is on.
Outdated template but recent version of phpBB and don't see it?
http://www.phpbb.com/phpBB/viewtopic.php?t=240913 and http://www.phpbb.com/kb/article.php?article_id=329

-If you'r good at PHP and want a standalone visual thing:
http://www.phpbb.com/phpBB/viewtopic.php?t=344831

-Set account activation to admin/user

-Fight the spam registration bots!

-Install a IP logger uppon registration so you can block them( or a netblock like: 123.456.90.* )
http://phpbb2italia.za.net/phpbb2/viewtopic.php?t=183
OR
http://www.phpbb.com/phpBB/mod_search.p ... rds=ip+reg

-Set forum permissions to usergroups.
Manually add trusted members there.
Have lots of members? add them all whitin seconds: http://www.phpbb.com/phpBB/mod_search.p ... user+group

-Limit posts per user:
http://www.phpbb.com/phpBB/mod_search.p ... =limit+pos

-[BETA] Flood control
http://www.phpbb.com/phpBB/viewtopic.ph ... 20#1770720

-Visual confirmation for guests
http://www.phpbb.com/phpBB/viewtopic.php?t=266787

-Ban users with a cookie:
MOD Ban_cookie: Ban user with a cookie
http://www.phpbb.com/phpBB/viewtopic.php?t=336690

-Approve post:
http://www.phpbb.com/phpBB/viewtopic.php?t=76852
http://www.phpbb.com/phpBB/mod_search.p ... s=app+post

-Signature control:
http://www.phpbb.com/phpBB/viewtopic.php?t=168891

-Make your board look 'loossy'
[BETA] MOD Troll
http://www.phpbb.com/phpBB/viewtopic.ph ... highlight=

-Password protect forum:
Password protect a forum

-Minimum posts before PM or email allowed:
Merlin Sythove: http://www.phpbb.com/phpBB/viewtopic.php?t=259453

-Minimum posts before forum accessMOD:
http://www.phpbb.com/phpBB/mod_search.p ... post+forum

-Profile view logged in users only:
http://phpbb2italia.za.net/phpbb2/viewtopic.php?t=181
Dutch quality fully managed WordPress hosting - ManagedWPHosting.nl

Before changing a file, some code or installing a MOD >> Make a backup first!

Do you like my mods? paypal me $1 :) forumsoftware[AT}creativepulses[DOT}nl [/size]
PhpBBantispam.com || Instant find your mod here
Ranger_Ric
Registered User
Posts: 42
Joined: Fri Jul 04, 2003 2:19 pm

Post by Ranger_Ric »

Turning on the visual confirmation alone stops the bot spammers. If you let guests post you have no defence though so plan on spending a lot of time cleaning up your board.

Bots are not the only problem. In fact, since phpBB incorporated the visual confirmation option as standard it's probably not even the most common source.

We have been using the visual confirmation option as far back as when it was a manual modification and don't get me wrong, it does help! People are willing to do a little extra work these days to spam their website however so don't expect visual confirmation to save you entirely.

I just posted about how we have finally found a way to detect the source of manual spammers here...
http://www.phpbb.com/phpBB/viewtopic.php?t=371054

Even that just stops a current source so no solution will ever be a one time thing. Killing a problem at the source is a lot less efftort than dealing with it user by user though.

rogersjr, I don't think the previous posts conveyed the urgency of your situation, you are very lucky and spammers are the least of your worries right now. You best upgrade immediately or turn your board off.

Rick
Locked

Return to “2.0.x Discussion”