Anti-Spam Thread!

The 2.0.x discussion forum has been locked; this will remain read-only. The 3.0.x discussion forum has been renamed phpBB Discussion.
Locked
pepak
Registered User
Posts: 2
Joined: Wed Jun 14, 2006 3:31 am

Post by pepak » Sun Jun 18, 2006 6:05 pm

It looks like my solution is working OK so far. That is, I have some 20 or so new spam users but no spam post. Another good thing is that it still lets anonymous users to post and that it doesn't bother legitimate users with captcha.

The tests are made in functions_post.php -> prepare_post: If the number of posts of the current user is smaller than a given value (I use 4 right now), the system first tests for forbidden words (

Code: Select all

$spam = '('.implode(')|(', $spam_word_array).')'; if (eregi($spam, $message)) $error_msg = 'Forbidden words';
), then tests whether there are fewer URLs in the message than a given number (right now, 6; but it is quite feasible to make this 0) (

Code: Select all

if (count(spliti('https?://',$message)) >= 6) $error_msg = 'Too many links';
) and finally iterates through user's nick to make sure there are no URLs that match 4 or more consecutive characters from the nick.

As I said, it is working fine for my forum. It is possible to add more tests: Checking for user's signature, timezone and other properties is a definite possibility (especially when most of my users are located in one of two countries...)

User avatar
noth
Registered User
Posts: 2471
Joined: Fri Jan 07, 2005 7:10 pm
Location: North Surrey
Contact:

Post by noth » Mon Jun 19, 2006 5:23 pm

This command, issued in phpmyadmin, will get rid of the rubbish on your users file: the people who never completed their registrations (inactive) and have never made any posts (as opposed to those who are inactive now but were once active and do have posts). The code also protects against the deletion of the Anonymous User. I have also built in a limit so that you can avoid deleting people who recently partially registered and may still become active.

Code: Select all

 
DELETE FROM `phpbb_users` WHERE (`user_posts`=0 AND `user_active`=0 AND `user_id`!=-1 AND `user_id` < [number]) 

Take a backup first!

Note: change [number] to some thing like 8768 (no square brackets) based on your table's most recent user_id values, so as not to delete recent partial registrations.

This code means you do not have to install an irritating PRUNE USER MOD.

http://www.phpbb.com/phpBB/viewtopic.php?t=298724

[above excellent info is from mamba ... I have tried it and it works!!]

parseljc
Registered User
Posts: 7
Joined: Wed Dec 18, 2002 3:49 pm
Contact:

Post by parseljc » Mon Jun 19, 2006 6:42 pm

Spammers are killing me. phpBB needs two features to help us fight the battle.

1) Easy way to find and mass delete user accounts that have not bothered to activate themselves. This way I can easily delete the link spammers who use bogus email addresses. All they are trying to do is get their links on a profile page to help their google rank. It should be easy to delete these guys with a couple clicks in the admin console.

2) Ability to disable any public mention or display of non-activated accounts while they are pending activation. They should not show up in the member list, or in the "Newest Registered User" on the main page, or anywhere at all except for a logged-in admin or possibly also a logged-in moderator. This, more so than number 1, will discourage link spammers. We will still have problems with some people who use real email addresses and then take the time to activate their accounts. But I can deal with that. If they want to go through that much trouble to get their link buried in a profile page on my phpBB so as to help their Google-rank, no problem. I don't mind taking the time to go and delete their sorry tail from my board. But why does phpbb have to make it so tempting to register on random boards? Don't advertise the "Newest Registered Link Spammer" on my board if they registered with a bogus email address and never even activated the account. At least make them work for it, by waiting for the confirmation email from my system and then going back to activate the account.

Don't tell me that MODs exist for either of these features. The fact that I would have to MOD my board to implement such simple deterrents is one reason phpbb is so popular for link spammers. The code needs to - in its default, vanilla, OOTB form - not provide any way for someone to put a URL anywhere on the forum without being a registered, activated, logged-in user. If someone wants their forum to be easy for Guest users to post anonymously, they should be able to open it up. But if you want phpBB to become more popular and easy to administer, you need to make it harder for spammers to get spam on the site.

User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Post by EXreaction » Mon Jun 19, 2006 7:34 pm

All of that is avalible with phpBB3.

The only way to do that with phpBB2 though is to use a mod. If you want something that can do all of that(except for the mass deleteing) check out the Anti-Spam ACP link in the first post. ;)

User avatar
espicom
Registered User
Posts: 17905
Joined: Wed Dec 22, 2004 1:14 am
Location: Woodstock, IL

Post by espicom » Mon Jun 19, 2006 8:08 pm

parseljc wrote: Don't tell me that MODs exist for either of these features. The fact that I would have to MOD my board to implement such simple deterrents is one reason phpbb is so popular for link spammers. The code needs to - in its default, vanilla, OOTB form - not provide any way for someone to put a URL anywhere on the forum without being a registered, activated, logged-in user. If someone wants their forum to be easy for Guest users to post anonymously, they should be able to open it up. But if you want phpBB to become more popular and easy to administer, you need to make it harder for spammers to get spam on the site.


You are forgetting one very important fact - Version 2.0 of PHPBB is in maintenance mode - no new features, except as relating to security, will be introduced. Spammers aren't a security problem. They weren't a problem of any sort when v2 was changed to "maintenance mode". Therefore, anything related to fixing spammers for v2.0.x will have to be via a MOD.

Version 3.0 is the development branch. It just reached Beta this past weekend. It's got the sort of things you're asking to be added back into v2. It will be a MAJOR change, moreso than adding some MODs in.
Jeff
Fixing 1016/1030/1034 Errors | (obsolete link) | MySQL 4.1/5.x Client Error | phpBBv2 Logo in ACP
Support requests via PM are ignored!
"To be fully alive is to feel that everything is possible." - Eric Hoffer

User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE
Contact:

Post by drathbun » Mon Jun 19, 2006 8:09 pm

noth wrote: This command, issued in phpmyadmin, will get rid of the rubbish on your users file: ...

Code: Select all

 
DELETE FROM `phpbb_users` WHERE (`user_posts`=0 AND `user_active`=0 AND `user_id`!=-1 AND `user_id` < [number]) 

This is, at best, a partial solution. You need to also remove rows from the phpbb_user_groups table as well as phpbb_groups. It is also possible for a user to have zero posts and an active status of zero yet still have topics in their topic watch table, or other auxilliary tables. Suppose they activated at one time. watched a few topics, then changed their email. They could now be inactive yet still have other traces on the system besides their user account. :-)

Just be aware that running the query above does not completely remove the user. It only removes the row from the phpbb_users table.
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image

User avatar
noth
Registered User
Posts: 2471
Joined: Fri Jan 07, 2005 7:10 pm
Location: North Surrey
Contact:

Post by noth » Tue Jun 20, 2006 11:12 am

flippin heck drathbun, sorry about that :oops: I had no idea it left the job only half done .... my apologies, don't know if mamba appreciates that redundant structures remain :?
karlsemple wrote: this would take a mod, i could not find one on phpbb.com but i found this on phpbbhacks.com
http://www.phpbbhacks.com/download/1427

although installing it could be a risk as their mods have not been valifated by phpbb and are often quite old.


above from karlsemple

I have downloaded the old mod that he refers to and installed it on my site 2 days ago
in the first day it deleted 18 "dead wood" members

I kept a copy of the memberlist before hand of course

so I checked the 18 members that it deleted, in each case they were members who had never logged in or never made any posts at all!! SEEMS TO WORK :wink:

alvo
Registered User
Posts: 686
Joined: Thu Jun 22, 2006 3:57 am

Post by alvo » Thu Jun 22, 2006 4:10 am

I found a solution that works for me to stop the registration spam. It does require occasional intervention from me, but not the daily vigil to delete the registrations. What I did was edit profile.php to remove all the website and web_site code references. I then added a line on the registration form after "This information will be publicly viewable." In bold, red text that reads:
"Note: A website entered here will not be displayed. To link a website to your profile you must contact the forum administrator to have it added."

Now anything entered into the "website" field during registration or when a member edits their profile will be discarded. The board admin can add a URL in the admin section under User Admin>Management. Although this occasionally takes the attention of the admin to add a URL, it takes a lot less effort than to manually seek out and delete spammers one-by-one. One can then run a script to delete the zero post members after a set period of time.
Last edited by alvo on Thu Jun 22, 2006 9:12 am, edited 1 time in total.

User avatar
Arella
Registered User
Posts: 4
Joined: Thu Jun 22, 2006 4:56 am
Location: New Zealand
Contact:

Post by Arella » Thu Jun 22, 2006 5:19 am

Great thread guys. :)

I've got a few of the suggested MODs installed: only displaying active users in the member list and newest user section, plus killing the website and signature fields for people with less than n posts. The default phpBB visual confirmation is on; which from this thread would seem isn't really helping much. I've got email validation on as well, which combined with the memberlist/newest user MOD works really well.

Recently a couple of bots got through that net with apparently valid .ru email addresses. Anyone know a way to check if they are real addresses? I can't help but worry they've figured out a way to get around email validation by working out the confirmation code or something.

Time to upgrade my security again I guess. :roll:

Zarkow
Registered User
Posts: 75
Joined: Sat Sep 14, 2002 5:21 pm

Post by Zarkow » Thu Jun 22, 2006 6:03 am

Alvo: Check the anti spambot-thread in mod-forum.

I added a check to see if the users is registrating and removed the website-field from the registration-page (so we know that only bots would send those fields) and just kill any attempt to send that data.

Your solution might not be spambot-safe and it isn't userfriendly.

User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Post by EXreaction » Thu Jun 22, 2006 3:30 pm

Arella wrote: I've got a few of the suggested MODs installed: only displaying active users in the member list and newest user section, plus killing the website and signature fields for people with less than n posts. The default phpBB visual confirmation is on; which from this thread would seem isn't really helping much. I've got email validation on as well, which combined with the memberlist/newest user MOD works really well.


Well, your in luck! :)
The Anti-Spam ACP(link on the first page) does all of that after you install it and the Hide Users add-on. ;)

User avatar
Arella
Registered User
Posts: 4
Joined: Thu Jun 22, 2006 4:56 am
Location: New Zealand
Contact:

Post by Arella » Thu Jun 22, 2006 8:54 pm

EXreaction wrote: Well, your in luck! :)
The Anti-Spam ACP(link on the first page) does all of that after you install it and the Hide Users add-on. ;)


When I first made the MODs on my boards it was before this thread had started, so I grabbed the bits I wanted from that old 19 page thread in the support forum. It's really good to see you guys have turned it into a package now, so I'll probably look at switching over to the official version eventually. :)

tbokich
Registered User
Posts: 3
Joined: Wed Dec 07, 2005 10:19 pm

guest spam

Post by tbokich » Thu Jun 22, 2006 10:36 pm

Hi
Can someone tell me how to not allow guest to leave messages in the forum all my spam for the moment is coming in this manner and I can not find anything to turn off to stop it. Thanks
T

Free-Spirit
Registered User
Posts: 15
Joined: Sun Jun 04, 2006 4:15 am
Contact:

Post by Free-Spirit » Thu Jun 22, 2006 11:45 pm

Change the permissions in your panel to registered. It is under forum admin permissions. You can set advance or have the panel set defaults with the drop down. This should prevent at least guests from spamming your forum.

User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Re: guest spam

Post by EXreaction » Thu Jun 22, 2006 11:49 pm

tbokich wrote: Hi
Can someone tell me how to not allow guest to leave messages in the forum all my spam for the moment is coming in this manner and I can not find anything to turn off to stop it. Thanks
T


Admin Control panel - Forum Admin - Permissions - (select the forum) - then select registered in the settings. ;)


EDIT: Dang, I am slow. :lol:

Locked

Return to “2.0.x Discussion”

Who is online

Users browsing this forum: No registered users and 7 guests