Page 27 of 50

Re: Need Some Help

Posted: Fri Nov 10, 2006 5:14 pm
by Dog Cow
DstrucTIonS wrote: I have spammers that are bypassing my registration page and creating accounts in phpBB. I am seeing returned registration email (in Brazillian ... my site is english) for the spammer. I have multi-language turned off. Anyone have an idea of how they are doing this? Is there a known issue with 2.20?

Any help is appreciated.

D


try checking out the very first page of this topic some of the modifications listed there ought to help you

Posted: Wed Nov 15, 2006 8:02 pm
by yoshimitsuspeed
I just installed
[2.0.20] registration disable website signature
and the mod that keeps unregistered users off the memberlist.

We were getting an overwhelming number of new members in the memberlist who turned out to be unregistered so these mods made that problem fairly manageable.
Unfortunately a funny thing happened.
We were only getting a few posting spammers a month before the mods. Now the member list is much more manageable but we are getting a couple spammers a day who register and post.

What would you guys recomend as the next layer of defense?

I just saw spamwords. I will try that now.

Posted: Wed Nov 15, 2006 8:33 pm
by stevemagruder
yoshimitsuspeed wrote: I just installed
[2.0.20] registration disable website signature
and the mod that keeps unregistered users off the memberlist.

We were getting an overwhelming number of new members in the memberlist who turned out to be unregistered so these mods made that problem fairly manageable.
Unfortunately a funny thing happened.
We were only getting a few posting spammers a month before the mods. Now the member list is much more manageable but we are getting a couple spammers a day who register and post.

What would you guys recomend as the next layer of defense?

I just saw spamwords. I will try that now.


For those spammers that are automated, a better captcha in the visual confirmation during registration should help. There is a mod called "Better Captcha" somewhere.

For those who are human, have a strong stated policy on your board that spammers will be dealt with harshly, and then when someone spams so many times (maybe even just once), delete their account and ban their member ID and IP.

If you don't want to do all the continual work that this entails, perhaps write code that prevents or limits the number of links a newly registered user can put into a post. (I already limit links for guest posters to a public forum, but haven't make the jump to apply to newly registered users in non-public forums yet)

I have personally shied away from using something like spamwords, as I don't want to spend the time trying to stay on top of all the spamwords these inventive cretins are using. On Edit: I also fear false positives with something like this.

Posted: Wed Nov 15, 2006 8:43 pm
by bonelifer
This is what I use on one site that was getting 10 or 15 spams a day.

Anti-Spam ACP v1.1.02 -->> http://www.lithiumstudios.org/
- our settings:
Website after X posts
Signature off for Registration

Unique Registration Hash -->> http://www.phpbb.com/phpBB/viewtopic.php?t=430710
FreeCap Visual Confirmation -->> http://www.phpbb.com/phpBB/viewtopic.php?t=344831


Also for LIVE spammers we use the TROLL mod:
Troll Mod -->> http://www.phpbb.com/phpBB/viewtopic.php?t=389005


We currently only get a few spams every one or two weeks. Those are all GUEST postings in the only two forums open to guest(have to have them open to guest posting unfortunately, due to their nature).

Posted: Wed Nov 15, 2006 10:53 pm
by yoshimitsuspeed
I assume the Troll mod only works for return offenders right?

I would assume we are dealing mostly with real people now but I don't really know.
Is there any way to know if a spammer is a bot or a person?

Posted: Wed Nov 15, 2006 10:57 pm
by yoshimitsuspeed
stevemagruder wrote: If you don't want to do all the continual work that this entails, perhaps write code that prevents or limits the number of links a newly registered user can put into a post. (I already limit links for guest posters to a public forum, but haven't make the jump to apply to newly registered users in non-public forums yet)


This sounds like a great idea. Unfortunately I am new to scripting and this is over my head. It sounds like a great mod though.

Fake users registration

Posted: Thu Nov 16, 2006 5:51 pm
by Stand
The fake registrations are a irritant. I usually check my memberlist daily to look for fake registrations. I have changed the memberlist.php name to something else as I don't see it serves much of a function on my board. Renaming it cut down on the number of bogus registrations. The bots may have been using it some way.

I also been adding ip's to both my banned list and to my .htaccess file. In the case of Asian (APNIC) sites I just deny access to the intire block of addresses; i.e., "deny 201. " My site is for US consumption anyway.

I have an IP log mod installed and I have noticed that in every fake registration case Opera is logged as the browser.
Here are a couple of log entries from two fake registrations.
+ 2006 Nov 16 Ersterter3 0.0.0.0 144.30.0.219 144.30.0.219+ Opera/7.21 (Windows NT
+ 2006 Nov 16 Anonymous 0.0.0.0 144.30.0.219 144.30.0.219+ Opera/7.21 (Windows NT 5.0; U)
+ 2006 Nov 16 Anonymous 221.140.105.85 221.140.105.85 Opera/7.21 (Windows NT 5.0; U

+ 2006 Nov 16 Abersterhaup 212.162.130.85 212.162.130.85 212.162.130.80+ Opera/7.
+ 2006 Nov 16 Anonymous 212.162.130.85 212.162.130.85 212.162.130.80+ Opera/7.21 (Windows NT 5.0;

In all cases the referer is:
/phpBB2/profile.php?mode=register&agreed=true

I don't know how the proxy manipulation is performed, but in the Ersterter3 case the IPs went from a APNIC to a UAMS and finally to an AOL one. I banned the 221 block of addresses (221.*.*.*). For over kill I also have it in my .htaccess file as Deny 221.

I wouldn't mind if someone figured out a way to stop this.

Regards,

Stan

Re: Fake users registration

Posted: Thu Nov 16, 2006 10:51 pm
by Dog Cow
Stand wrote: The fake registrations are a irritant. I usually check my memberlist daily to look for fake registrations. I have changed the memberlist.php name to something else as I don't see it serves much of a function on my board. Renaming it cut down on the number of bogus registrations. The bots may have been using it some way.

I also been adding ip's to both my banned list and to my .htaccess file. In the case of Asian (APNIC) sites I just deny access to the intire block of addresses; i.e., "deny 201. " My site is for US consumption anyway.

I have an IP log mod installed and I have noticed that in every fake registration case Opera is logged as the browser.
Here are a couple of log entries from two fake registrations.
+ 2006 Nov 16 Ersterter3 0.0.0.0 144.30.0.219 144.30.0.219+ Opera/7.21 (Windows NT
+ 2006 Nov 16 Anonymous 0.0.0.0 144.30.0.219 144.30.0.219+ Opera/7.21 (Windows NT 5.0; U)
+ 2006 Nov 16 Anonymous 221.140.105.85 221.140.105.85 Opera/7.21 (Windows NT 5.0; U

+ 2006 Nov 16 Abersterhaup 212.162.130.85 212.162.130.85 212.162.130.80+ Opera/7.
+ 2006 Nov 16 Anonymous 212.162.130.85 212.162.130.85 212.162.130.80+ Opera/7.21 (Windows NT 5.0;

In all cases the referer is:
/phpBB2/profile.php?mode=register&agreed=true

I don't know how the proxy manipulation is performed, but in the Ersterter3 case the IPs went from a APNIC to a UAMS and finally to an AOL one. I banned the 221 block of addresses (221.*.*.*). For over kill I also have it in my .htaccess file as Deny 221.

I wouldn't mind if someone figured out a way to stop this.

Regards,

Stan


Bots generally send a false User-agent to the HTTP server "just in case".

Or it could be someone who is genuinely using Opera

Posted: Fri Nov 17, 2006 11:33 am
by Dr.Thrax
Hey all. I've installed a couple of mods that really help against the spambots. But i've really been wondering something lately. I know a lot of phpbb forums that do have guest posting enabled, but that have no spambots at all.
My forum on the other hand, has guest posting enabled (and I prefer not to disable it) but I get loads of spambots (some even make it through Spam Words... I can't just ban words like "casino" since many humans could use it in a different context)

Can anyone tell me why some forums have those bots, and other do not? I'm running phpbb 2.0.19

Posted: Fri Nov 17, 2006 5:14 pm
by Wo1f
Hi Dr.Thrax,
Dr.Thrax wrote: I'm running phpbb 2.0.19

Your most pressing priority should be to update your board to v2.0.21. If you have many MODs installed and don't want to reinstall them because of this very urgent update situation, take a look at the "Code Changes" package from the download page, accessible from the top of this page. It installs just like a MOD.

Once you have done this, and don't delay... go here:
  • Preventing SPAM - Bots and Humans
[/url] and take a close look at the "Anti-Bot Question" MOD by "magmo", which I hear is currently efficient in stopping spam when allowing guests to post.


Hope this is helpful and as always, it's very important to backup your database and any forum files this MOD may require you to change ... BEFORE you proceed.


Regards,
Wolf :wink:



NOTE: If you decide to install the above mentionned or recommended MOD(s), any installation or operation problems you might encounter should be referred to the MOD's release or development thread. Link(s) provided above.

Posted: Fri Nov 17, 2006 5:28 pm
by stevemagruder
Dr.Thrax wrote: Hey all. I've installed a couple of mods that really help against the spambots. But i've really been wondering something lately. I know a lot of phpbb forums that do have guest posting enabled, but that have no spambots at all.
My forum on the other hand, has guest posting enabled (and I prefer not to disable it) but I get loads of spambots (some even make it through Spam Words... I can't just ban words like "casino" since many humans could use it in a different context)

Can anyone tell me why some forums have those bots, and other do not? I'm running phpbb 2.0.19


I agree with upgrading to 2.0.21 immediately.

Also, consider that boards that get hit with spambots more than others may be placing better in search engines. It's a matter of the ease with which the spambots can locate your board.

Posted: Sun Nov 19, 2006 5:52 am
by Bramster
EXreaction wrote:
fritz wrote:i'm just curious.
how come spambots seem to bypass the visual confirmation?
i received 75 registrations from *.ru with porn sites as signatures.


Beats me exactly how they code it...but they take an OCR and have it scan the image...and with easier VC's like phpBB2 has, it can figure out what it says most of the time...

Thats what this thread is for...the mods linked to in the first post will help you. ;)


I read the first post 3 times and seem unable to locate a mod that improves the vusual confirmation :(

Posted: Sun Nov 19, 2006 10:25 am
by Jim_UK
An alternative is freecap

Jim

Posted: Sun Nov 19, 2006 1:47 pm
by .:YoUnGLinKiE:.
I would like people to write a code when they want to sign up on my forum (like when you get a picture with numbers and letters and you need to fill it in). Where do I get a plugin like that because I had a forum that didn't had this and it's full of spam now.

Thanks in advance!

Posted: Sun Nov 19, 2006 5:58 pm
by EXreaction
Jim_UK wrote: An alternative is freecap

Jim


Or Better Captcha. :)
http://www.phpbb.com/phpBB/viewtopic.php?t=382890
.:YoUnGLinKiE:. wrote: I would like people to write a code when they want to sign up on my forum (like when you get a picture with numbers and letters and you need to fill it in). Where do I get a plugin like that because I had a forum that didn't had this and it's full of spam now.

Thanks in advance!


Every semi recent(don't know the exact number) phpBB2 install has one. If you have a phpBB2 install that does not have one(the option to turn it off or on is in the adminCP in general configuration) you should immediately upgrade to the latest version.