Anti-Spam Thread!

The 2.0.x discussion forum has been locked; this will remain read-only. The 3.0.x discussion forum has been renamed phpBB Discussion.
User avatar
ChrisRLG
Former Team Member
Posts: 3420
Joined: Wed Nov 24, 2004 3:18 pm
Location: Essex, UK
Contact:

Re: Anti-Spam Thread!

Post by ChrisRLG »

you are slightly changing the subject.

You were stating that people could be taken to court over this - we have stated that 100% is not possible to prove. Even for a government.

For an individial from the public that would drop substantially.

Even for the easiest case where the IP would lead direct to a customer, you would need to subpoena an ISP to get the info about thier client to be able to take action. (please note I am in the UK so our legal process would be different to yours in the US).

Remember that would not lead to a person - but at best to a single machine - with luck to just a single user.

It may not even a computer but a router with anything up to several hundreds of machines behind it.
I know that on my own LAN's such logging is not being done.

Finding the person who posted the message would be next to impossible.

So the idea of this method being used, within a court of law, is just not going to work.
phpBB: The All Important Rules - Bertie Bear 3.0 - No support via PM system - use the forums please.
phpBB v2: Retirement (1/1/2009) : phpBB v3: Read Me Topic - Custom BBCodes - Support Template
Matthew 7:7"Ask and it will be given to you; seek and you will find; knock and a door will be opened to you."
My Links: MS MVP (Consumer Security) - Malware Removal:University - Own Forum: Custom BBCode testing
User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Re: Anti-Spam Thread!

Post by Techie-Micheal »

To continue what ChrisRLG has said, it takes a lot of effort to prove beyond that reasonable doubt that I mentioned that the person you were looking for actually used that PC. Sure, it is possible and has been done, but it takes legal processes that a civilian does not have access to, something you as a board owner would not and could not do. This is getting in to forensic processes, something I and I'm sure ChrisRLG (don't mean to speak for you) would be happy to discuss, but is beyond the scope of this topic, and for all intents and purposes, basically voids the argument.

One last time DogCow, your attitude is pushing me closer and closer to doing something like issuing a warning or even a straight-out ban, so I highly recommend you read through what ChrisRLG and I have said and let it go. This topic is for discussing anti-spam ideas, not forensic and legal processes, and certainly not the place for you to be rude to users and staff.
Proven Offensive Security Expertise. OSCP - GXPN
User avatar
damnian
Registered User
Posts: 801
Joined: Sat Nov 19, 2005 4:43 pm

Re: Anti-Spam Thread!

Post by damnian »

Congratulations, you have successfully buried Spamper.

Now, let's try something different: Project Honey Pot http:BL anti-spam for phpBB.
I no longer develop for phpBB. Check out my .NET blog!
rpgreseller
Registered User
Posts: 6
Joined: Mon Aug 27, 2007 3:52 am

Re: Anti-Spam Thread!

Post by rpgreseller »

Think. 99% of spam is automated.

No hacker is going to waste a nanosecond to get past your security, even if it's simple. Just to add one single forum to their collection. They have what, ten thousand other forums to worry about? Do they have time to spend even fifteen seconds per forum? No. So all you need to do is break their automation by making your registration process different from all the other forums on the internet and implementing a solution that has several variables.

If just one thing makes registration on your board different from the other boards, then no automated spam gets though. You are left with 1% - an amount so trivial it's not even worth discussing.

I've seen effective phpbb antispam solutions that were as simple as asking "What is two plus two" That was making use of a mod that allows someone to add a simple to answer question of their choice to administration.

I saw another that said, "Go to this page and get the code, then type it into this box to register."

1. Add logic.
2. And stop using what is NOT logic. The letters and numbers security test doesn't work because a computer can still read it, and it requires NO logic to read and copy a code that is given to you.

A better system would be to have a bank of randomly displayed pictures, and a question as simple as "what animal is in this picture?"

Potential responses could be: dog, cat, cow, bird (depending on which picture came up.)

We need simple, open solutions. If you can't express a solution with a crayon, you're thinking too hard and it's not good enough.

cat, dog, cow.

How many fingers in the picture? One, two, three, four, five.

What color? Green, blue, yellow, black, white

This picture is a: plate, chair, camera, pen, mouse

Twenty lines of code. You're in, you're out, your problem is solved.
User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Re: Anti-Spam Thread!

Post by EXreaction »

I can really tell your lack of experience in the field. Things are not that simple or they would be done already.

The images mod you have talked about has been done already I believe. There is one major flaw however whenever the user has to type in information about something, and that is each person will say something different. If you have a picture of a cat, some may give the name of the species, and so on, which would cause the registration to fail.

But the far biggest problem for a mod like that is board owners. If they use the default set of pictures and answers it will be broken in a matter of days if a bunch of boards start using it. However, if they add their own just imagine how many are going to misspell names of things. If you block of registration on accident you shot yourself in the foot.

The entire point with this mod is to be as non-invasive, owner/user friendly as possible. There is no way a board owner can screw up the board registration on accident with this mod. Regular users can register the same as always and don't need to screw around with anything extra.

The only way it is possible for a person to post spam on a board with this mod installed on a decently configured board is to completely go through registration without filling in removed fields, activate their account via an email, post at least one legitimate post without any urls, and then continue on to spam. So pretty much the only way you will get spam anymore is by actual people posting it (which you can never stop).

Before you go off on a rant about whats wrong with a mod or mod developer when you do not understand the entire background, stop and think about it for a bit. We have worked and thought about different ways to do things to make a board spam proof without letting the board administrator accidentally screw up, and the ways you have mentioned are not made by the more experienced members for that exact reason.
olpa
Registered User
Posts: 255
Joined: Tue Jan 25, 2005 6:44 pm
Location: Saint-Petersburg, Russia
Contact:

Re: Anti-Spam Thread!

Post by olpa »

Good points about the possible problems with the images MOD. But for casual readers of this thread, I want to highlight that the first part of rpgreseller's posting is very true:
No hacker is going to waste a nanosecond to get past your security, even if it's simple. Just to add one single forum to their collection. They have what, ten thousand other forums to worry about? Do they have time to spend even fifteen seconds per forum? No. So all you need to do is break their automation by making your registration process different from all the other forums on the internet and implementing a solution that has several variables.
rpgreseller
Registered User
Posts: 6
Joined: Mon Aug 27, 2007 3:52 am

Re: Anti-Spam Thread!

Post by rpgreseller »

Noticed bbantispam.com in your avatar. I think you're definitely on to something. I like how it doesn't change the look and feel very much, and it uses the effective method of picture question, and text answer.

Since this is advertised as working with one line of code, I am assuming that the human authentication process is mostly remotely hosted or served. I might have to give this a shot.
olpa
Registered User
Posts: 255
Joined: Tue Jan 25, 2005 6:44 pm
Location: Saint-Petersburg, Russia
Contact:

Re: Anti-Spam Thread!

Post by olpa »

Noticed bbantispam.com in your avatar.
You are welcome! Don't miss also my antispam blog: Spam Bots and CAPTCHAs.
I like how it doesn't change the look and feel very much
I think you talk about Textual Confirmation MOD for phpBB, not about Advanced Textual Confirmation for any PHP forum/blog/guestbook/form/etc.
Since this is advertised as working with one line of code, I am assuming that the human authentication process is mostly remotely hosted or served.
Actually, no. I don't believe in remote services. The script works by intercepting the user requests, technical details are in the blog.
User avatar
Elvenelf
Registered User
Posts: 5
Joined: Fri Sep 07, 2007 7:55 pm

Re: Anti-Spam Thread!

Post by Elvenelf »

I am using the Anti-Spam ACP... latest version... I recently got someone actively trying to register... lol he has filled at least 10 pages of the antispam-log in about 2 days... only 2 or 3 entries are actual users who make typos when entering the better-captcha img verification.

However, the bots are getting better... they are trying to break the code... now they enter a W or WW in the captcha field. Apparently they think they can break the captcha by using some bot that breaks the regular simple captcha codes... better captcha is kinda harder than that it seems....

I have banned all IP addresses that are from parts of the world that my forum is not targeting. Since all i got is a world of warcraft guild forum, i dont need asian ip addresses to be allowed to display my forum, so I ban the WHOLE IP RANGE. Now all spammers come with North American IP addys, which annoys because that range i cannot block completely. Blocking a single ip is not doing anything... because they use proxy, and that ip is most likely going to be occupied by a real user at some poing, they dont hang on to IPs for more than a day or two... anyways...

I really wanted to know if anyone else is getting bots typing letters in the captcha field... like in my case "W" or "WW"... all other attempts come with no captcha code entered... which is great.
REAgentForeclosures
Registered User
Posts: 50
Joined: Tue May 01, 2007 9:14 pm
Contact:

Re: Anti-Spam Thread!

Post by REAgentForeclosures »

Check out: reCAPTCHA MOD
- reCAPTCHA MOD - Replace phpBB's CAPTCHA with the much better reCAPTCHA
- reCAPTCHA Guest Post MOD - Adds reCAPTCHA to guest posts, eliminating spam

SPAM Registrations and/or Posts since installation of the above mods: 0
How secure is reCAPTCHA? VERY ;)
reCAPTCHA = "Digitizing Books One Word at a Time"
Traxion
Registered User
Posts: 15
Joined: Wed Mar 30, 2005 11:32 pm
Contact:

Re: Anti-Spam Thread!

Post by Traxion »

I just got done installing this mod and according to the sql_update page it worked fine. Now when I go to the ACP there is nothing but just a big white box in the left pane. I need help quickly if anyone knows a fix it would be greatly apprectiated. Thanks!

C
"Never underestimate the predictability of stupidity"
User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Re: Anti-Spam Thread!

Post by EXreaction »

Traxion wrote:I just got done installing this mod and according to the sql_update page it worked fine. Now when I go to the ACP there is nothing but just a big white box in the left pane. I need help quickly if anyone knows a fix it would be greatly apprectiated. Thanks!

C
What mod? This is a thread about Anti-Spam modifications/chat, not a support topic of any kind.
Traxion
Registered User
Posts: 15
Joined: Wed Mar 30, 2005 11:32 pm
Contact:

Re: Anti-Spam Thread!

Post by Traxion »

EXreaction wrote:
Traxion wrote:I just got done installing this mod and according to the sql_update page it worked fine. Now when I go to the ACP there is nothing but just a big white box in the left pane. I need help quickly if anyone knows a fix it would be greatly apprectiated. Thanks!

C
What mod? This is a thread about Anti-Spam modifications/chat, not a support topic of any kind.
My bad... just did a search for Antispam and thought this was phpbbAntispam forum.

C
"Never underestimate the predictability of stupidity"
User avatar
Dog Cow
Registered User
Posts: 2507
Joined: Fri Jan 28, 2005 12:14 am
Contact:

Fighting Bots and Spammers

Post by Dog Cow »

As excerpted from my Work-Diary:

Now that I've been hit twice with pretty huge botting attacks, it's time for me to spend time devising devious booby-traps. I'd rather not, it's wasting time I could be spending on CIM and other things, but I'm determined not to spend more than a week on it.

Here are a few things I've worked on over the weekend:

Limit page-loads
I managed to ban myself by IP two nights ago. Here's how this works: each session gets a counter initialized to zero, and a timer initialized to the current date/time. Every time a page is loaded, the counter increments.
So, I can make it such that if 12 pages are loaded in 15 seconds (impossible for a human manually clicking) the system bans the IP address and ends the session.

Problem with this: the spamming attacks I experienced changed IPs. If it was the same IP, this would have prevented it.

Limit page-loads to a certain page
I also banned myself by this. Same as previous, except for counter only increments if the same page is reloaded too many times. In the recent botting attack, the trackback.php was reloaded second after second for over 5 hours (yes, I checked the server logs).

Problem with this: same as before-- wouldn't catch changing IPs.

So far, these two techniques would stop n00bs and other stupid people who use the same IP address, but the pros would not be stopped by it.

My last thoughts on this:

Spammers and bots look for an "unlocked door" on your site. So you have two choices: either put a fancier lock (or install one where none existed) or you can replace that door with a wall.

Right now I am trying a fancier lock, but if in a week it does not prove effective, I will remove the door and replace it with a wall.
User avatar
Elliander
Registered User
Posts: 45
Joined: Sun Jan 20, 2008 10:21 pm
Contact:

Re: Anti-Spam Thread!

Post by Elliander »

Like many others, I have a big problem with Spam filli8ng up my forum. I found this thread, and plan to add some of this tools listed, but one thing I need I can't seem to find.

I was hoping there is a Mod somewhere to make the removal of spam allot easier.

It would be nice if I could, with one click next the the user, ban the user, also ban the IP address, and all other user accounts that uses the same IP address, (basically, all connecting accounts) and at the same time delete all topics made by that user. Or to be able to click on a spam thread, and click a button, and to do this to all the users on the entire thread. Does anything close to that exist?

I have hundreds upon hundreds of spam filling up my forum. And If I can't find a way to remove it all fast, and ban the users, I'm going to have to take my forum down because I just don't have time to manually remove and ban each and every one.

I looked at other forum threads, and did a search, and this forum topic seemed to match closest.
Locked

Return to “2.0.x Discussion”