Anti-Spam Thread!

The 2.0.x discussion forum has been locked; this will remain read-only. The 3.0.x discussion forum has been renamed phpBB Discussion.
User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Post by EXreaction » Mon Jun 12, 2006 7:14 pm

The thing is your not keeping track of any of the posts. So if one user is going around and deleteing everyones first post just for kicks you won't even know the post was there. 1 bad user destroys everything.

Franck78
Registered User
Posts: 4
Joined: Sun Jun 11, 2006 12:07 pm
Contact:

Post by Franck78 » Mon Jun 12, 2006 11:12 pm

Yes somebody going crazy can do this.
But tell me the difference with a moderator ? None. I can go crazy too.
You trust somebody, you give him some privilege. You don't trust him, you don't give him privilege.
No difference between those two groups!

Read again: only a group is allowed to do instant cleanup. Not every user.
And when a new account leave 'interim', it is no more 'deletable'.

Would be a strange game for the crazy man to wait new user, kill them before another member of the team validate the new user...

And remember that the developper of such extension can log relevant actions...

Franck
Franck

scoop
Registered User
Posts: 20
Joined: Tue Nov 12, 2002 5:19 am
Location: Australia
Contact:

Post by scoop » Tue Jun 13, 2006 1:31 am

I am interested in the registration check that asks a question relevant to the subject of the forum.
eg. for a World Cup forum
Is a football shaped like a
a) ball
b) box
c) starfish

It may also be a visual check
eg. after showing picture of a cat
Is this a
a) cat
b) camel
c) robot

If the answer is wrong registration is blocked.
Anyone know any thing about/ any links to this subject?
NB: my forum is English only so language is not an issue.

User avatar
rancidmoose
Registered User
Posts: 83
Joined: Tue May 17, 2005 10:32 pm
Location: Vermont, USA
Contact:

Post by rancidmoose » Tue Jun 13, 2006 1:57 am

heehee. I just released a mod for this.

http://www.phpbb.com/phpBB/viewtopic.php?t=397752

that should do the job nicely.

Stormspace
Registered User
Posts: 6
Joined: Fri Jan 20, 2006 4:32 pm

Post by Stormspace » Tue Jun 13, 2006 4:09 pm

I'm a little late to this thread, but I've been having the same problem. I'd like to add a mod to limit the spammers, but I have limited database accessability anyway, so it there was a mod that didn't require a db update I'd prefer it to something that did. I'm currently approving all members since it's a closed forum, though I do have certain areas open for anonymous posting which the spammers aren't using. Good for me huh?

pepak
Registered User
Posts: 2
Joined: Wed Jun 14, 2006 3:31 am

Post by pepak » Wed Jun 14, 2006 3:42 am

I have been playing a bit with antispam measures and one of the things I discovered is that captcha or questions probably won't help much: It seems the spambots log the sites where they couldn't post their message and somebody then posts it by hand. At least I can't see how they could adapt so quickly to my changes (I wrote them from scratch, so somebody had to go through my modified HTML page and read the instructions on how to post messsages identified as spam).

Anyway, currently I am trying a three step antispam filter. I'll see how it performs:

1) Test for forbidden words (like the names of certain pills)
2) Test for a number of links in the post
3) Test for links containing parts of username (e.g. for "pepak" it would test for e.g. www.buypepak.com and www.pepaisgreat).

All this only for users with 5 or less posts.

User avatar
espicom
Registered User
Posts: 17905
Joined: Wed Dec 22, 2004 1:14 am
Location: Woodstock, IL

Post by espicom » Wed Jun 14, 2006 4:26 am

pepak wrote: It seems the spambots log the sites where they couldn't post their message and somebody then posts it by hand.


Yep, you must be new around here... Those of us who believe in hand-spam are greatly outnumbered by those who believe that there's an all-powerful spam bot, that can read all CAPTCHA images, understands every change made, and that it's PHPBB's fault for not stopping them...

You can not rely upon a single or a few measures. None are 100% effective AND non-intrusive to humans.

An interesting MOD would be to modify the "make_clickable" function of bbcode to work with client-side javascript, so that the HTML doesn't present a normal anchor tag, but the javascript goes through and makes the clickable links, similar to the "intellitext" junk that pollutes a lot of pages with links on every word someone is willing to pay money to link to them...
Jeff
Fixing 1016/1030/1034 Errors | (obsolete link) | MySQL 4.1/5.x Client Error | phpBBv2 Logo in ACP
Support requests via PM are ignored!
"To be fully alive is to feel that everything is possible." - Eric Hoffer

neilbombd
Registered User
Posts: 85
Joined: Thu May 22, 2003 2:09 am

Post by neilbombd » Wed Jun 14, 2006 11:08 am

Just wanted to say a big thanks for this thread, it's exactly what I'm after. I've been verifying all the accounts by hand, but it's taking too long. I didn't know what mods to install to try and get rid of the bots, so this looks like exactly what I need.

Last night, I let one through as he didn't have his website field filled out, and he was using a gmail account rather than eg all those russian addresses that are so popular with spammers. Anyway, he ended up posting links to trojans in two of our forums before we could get rid of him! So yeah, definitely need to try and get a lot of mods and stuff installed to keep these people away. It's just getting ridiculous.

User avatar
Ramon Fincken
Registered User
Posts: 4835
Joined: Thu Oct 14, 2004 1:04 am
Location: NL, The Netherlands Amsterdam area @GMT +1
Contact:

Post by Ramon Fincken » Fri Jun 16, 2006 4:08 pm

Added / posted a new beta:

[BETA] [1.0.0] Block normal act_key requests
http://www.phpbb.com/phpBB/viewtopic.ph ... 64#2183364
Spambots getting past your 'visual confirmation' line of defence and have activation by user set to on?

Then you'll like this one:

the normal activation link is altered. This is the link needed to activate your account.
( Scroll down for examples )

Now when a spambot hits the 'normal' url this will happen:
* account is NOT activated
*admin gets a warning per email

In the email is the ip, the proxy ip, membername and a clickable
link to the members profile..

Installing takes 4 minutes of work.
It will not ask for any database changes..



PS, espicom if you want to use the code for your Confiousabot let me know! Your method of changing words can be used in mine. ( the GET var eow has to be changed in this mod )
Dutch quality fully managed WordPress hosting - ManagedWPHosting.nl

Before changing a file, some code or installing a MOD >> Make a backup first!

Do you like my mods? paypal me $1 :) forumsoftware[AT}creativepulses[DOT}nl [/size]
PhpBBantispam.com || Instant find your mod here

User avatar
Ramon Fincken
Registered User
Posts: 4835
Joined: Thu Oct 14, 2004 1:04 am
Location: NL, The Netherlands Amsterdam area @GMT +1
Contact:

Post by Ramon Fincken » Fri Jun 16, 2006 10:33 pm

I'd like to suggest this one :
http://www.phpbb.com/phpBB/viewtopic.ph ... 24#2006624


this idea is pretty good, It may use some tweaking.

see my explanation of how it works over here:
http://www.phpbb.com/phpBB/viewtopic.ph ... 06#2183806
Dutch quality fully managed WordPress hosting - ManagedWPHosting.nl

Before changing a file, some code or installing a MOD >> Make a backup first!

Do you like my mods? paypal me $1 :) forumsoftware[AT}creativepulses[DOT}nl [/size]
PhpBBantispam.com || Instant find your mod here

User avatar
espicom
Registered User
Posts: 17905
Joined: Wed Dec 22, 2004 1:14 am
Location: Woodstock, IL

Post by espicom » Sat Jun 17, 2006 4:00 am

Ramon Fincken wrote: PS, espicom if you want to use the code for your Confiousabot let me know! Your method of changing words can be used in mine. ( the GET var eow has to be changed in this mod )


ConfusaBOTs are "feature frozen" at this point... :wink:
Jeff
Fixing 1016/1030/1034 Errors | (obsolete link) | MySQL 4.1/5.x Client Error | phpBBv2 Logo in ACP
Support requests via PM are ignored!
"To be fully alive is to feel that everything is possible." - Eric Hoffer

User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Post by EXreaction » Sun Jun 18, 2006 1:15 am

Update:

Added the recent mod I have been working on to the list. 8)

User avatar
ciwluke
Registered User
Posts: 69
Joined: Sun Apr 16, 2006 8:13 am
Contact:

Post by ciwluke » Sun Jun 18, 2006 8:54 am

hi guys
im new to buletin boards and phpbb.
as i dont know how to install and use mods, is there an easy and simple way of banning all this spam??

User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Post by EXreaction » Sun Jun 18, 2006 4:50 pm

ciwluke wrote: hi guys
im new to buletin boards and phpbb.
as i dont know how to install and use mods, is there an easy and simple way of banning all this spam??


Nope, it would be quite hard without mods. :P

You could install easymod and try to install a few of the mentioned mods. That would be quite easy to do. :)

User avatar
Ramon Fincken
Registered User
Posts: 4835
Joined: Thu Oct 14, 2004 1:04 am
Location: NL, The Netherlands Amsterdam area @GMT +1
Contact:

Post by Ramon Fincken » Sun Jun 18, 2006 6:03 pm

ciwluke wrote: hi guys
im new to buletin boards and phpbb.
as i dont know how to install and use mods, is there an easy and simple way of banning all this spam??


use the build in features to ban IP adresses and mailnames like
*@mail.ru

Rfn
Dutch quality fully managed WordPress hosting - ManagedWPHosting.nl

Before changing a file, some code or installing a MOD >> Make a backup first!

Do you like my mods? paypal me $1 :) forumsoftware[AT}creativepulses[DOT}nl [/size]
PhpBBantispam.com || Instant find your mod here

Locked

Return to “2.0.x Discussion”

Who is online

Users browsing this forum: No registered users and 3 guests