Anti-Spam Thread!

The 2.0.x discussion forum has been locked; this will remain read-only. The 3.0.x discussion forum has been renamed phpBB Discussion.
Locked
User avatar
Dog Cow
Registered User
Posts: 2497
Joined: Fri Jan 28, 2005 12:14 am
Contact:

You get what you put into it.

Post by Dog Cow »

You get what you put into it.

If you truly don't want spam at your forum, then you'll work for it. If not, then not.

It's that simple. :mrgreen:
Moof!
Mac GUI Vault: Retro Apple II & Macintosh computing archive.
Inside Allerton bookMac GUIMac 512K Blog

Grayson
Registered User
Posts: 24
Joined: Fri Feb 27, 2004 4:23 am
Location: Tupelo - Mississippi
Contact:

Post by Grayson »

The fact is, I have read it. Maybe even twice. That thread was rubbnsh. Some thing work for some, not others. My beef is that it's so bloated and written over a vast array of versions. I was seeking a clear and obvious solution without 29 pages of maybe. I started a new thread to cut the chase and try and get a lean efficient answer. That thread was locked and I was back in the circle once again! I have tried many of the various solutions with little needed results.

However, I have upgraded to 2.0.21 and installed the Confusbot solution which has taken care of the problem. The thing there is that even clean-cut humans can't register now. I must continue my search for the Holy Grail of Anti-Spam.

Ya'll "Moderators" may call my thread rubbish is you want, but in this age of information, the bloated community forums of phpBB have become full of misinformation and swollen "maybe this will work" answers. Some things need to be pared down with accuracy and details.

Anyway, Thank you for what you do. I know it's a thankless task!

User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Post by EXreaction »

Grayson wrote: The fact is, I have read it. Maybe even twice. That thread was rubbnsh. Some thing work for some, not others. My beef is that it's so bloated and written over a vast array of versions. I was seeking a clear and obvious solution without 29 pages of maybe. I started a new thread to cut the chase and try and get a lean efficient answer. That thread was locked and I was back in the circle once again! I have tried many of the various solutions with little needed results.

However, I have upgraded to 2.0.21 and installed the Confusbot solution which has taken care of the problem. The thing there is that even clean-cut humans can't register now. I must continue my search for the Holy Grail of Anti-Spam.

Ya'll "Moderators" may call my thread rubbish is you want, but in this age of information, the bloated community forums of phpBB have become full of misinformation and swollen "maybe this will work" answers. Some things need to be pared down with accuracy and details.

Anyway, Thank you for what you do. I know it's a thankless task!


Did you miss the first post or something?

It contains all of the links to many anti-spam solutions(and mostly very good ones at that).

Grayson
Registered User
Posts: 24
Joined: Fri Feb 27, 2004 4:23 am
Location: Tupelo - Mississippi
Contact:

Post by Grayson »

No, I saw it and it helps, but still .... for such an obvious problem, why not incorporate the best of these mods into a new version and do away with the guess-work? That's my only beef! I regret I brought the subject up. I'm just trying to assist others that seem lost by the many options.

User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Post by EXreaction »

Grayson wrote: No, I saw it and it helps, but still .... for such an obvious problem, why not incorporate the best of these mods into a new version and do away with the guess-work? That's my only beef! I regret I brought the subject up. I'm just trying to assist others that seem lost by the many options.


Well, I have thought of the same thing, but adding all of those extra options just makes the install process much longer.

If I ever feel like working on phpBB2 again I might upgrade my Anti-Spam ACP to include a whole bunch of other things(like the User Shield, admin userlist, post controlling, and others), then just keep the old copy and rename it as a different mod(so if they don't want to install a bunch of things they do not have to).

The problem is I don't even use phpBB2 anymore. So any mod I make for it I have no use for. ;)

Wo1f
Registered User
Posts: 2039
Joined: Fri Jan 28, 2005 3:20 am

Post by Wo1f »

Hi Grayson,
Grayson wrote: Ya'll "Moderators" may call my thread rubbish is you want, but in this age of information, the bloated community forums of phpBB have become full of misinformation and swollen "maybe this will work" answers. Some things need to be pared down with accuracy and details.

Anyway, Thank you for what you do. I know it's a thankless task!


That's harsh. And I believe frustration may have influenced your choice of words, and I do understand frustration. Much work has been done by many to try and inform users on how to tackle this problem. It's also very clear that there is no such thing as the "holy spam" grail. There is no one (1) MOD solution. Also, what works for your neighbor does not guarantee the same return for you.

Have you also had a chance to review this thread:
  • Preventing SPAM - Bots and Humans
[/url]

Another often overlooked truth is that todays solutions may not work tomorrow which dosen't make this a simple "two-tone" landscape. And also, this is not limited to phpBB. It just happens to be the "Windows" of BB's (popularity-wise :wink:), and it's getting a lot of attention because of it.


Regards,
Wolf

User avatar
Yegor
Registered User
Posts: 97
Joined: Tue Oct 22, 2002 10:13 pm
Location: Toronto
Contact:

Post by Yegor »

Is there a mod that will not let users post URLS until they reach a certain post count? I know vbb has this, and it works great!

Grayson
Registered User
Posts: 24
Joined: Fri Feb 27, 2004 4:23 am
Location: Tupelo - Mississippi
Contact:

Post by Grayson »

Wolf, Yes, frustration is part of it. Whether one believes it or not, I have devoted much time towards the spam bots. Have upgraded and wiped out several previous mods that now have to be re-installed. Still, I am not much closer than before and in some cases have taken a step backwards. Yes, maybe I should take it out on the spammers rather than the ones trying to alleviate their aggravation. I do appreciate all the work that the mod creators donate and can only wish I had their abilities of coding new and time-saving mods. My frustration came from a thread being closed and being re-directed to the thread I've been focusing on for some time ... that obviously hasn't solved my problem. I will be quiet now. Thank to all.

sbhikes
Registered User
Posts: 48
Joined: Fri Sep 20, 2002 10:24 pm
Location: Santa Barbara

Post by sbhikes »

hm2k wrote:
EXreaction wrote:
Truden wrote:I haven't seen somebody to mention Bad Behavior as an Anti-Spam solution.
I use it in some places in my PHPNuke web site, but it can be used in PHPBB2 as well.

You can download Bad Behavior from here
And on this page is the installation guide.

It works and I experienced it on myself :lol:
My IP (South African proxy) was used by spammers and is listed in www.spamhaus.org which list is used by Bad Behavior.
So I wasn't able to post comments in my Web Site until I put my IP in the white list :D

If you want to check how it works, download it, put it in your PHPBB root, open posting.php and ADD after the lines with the includes:

Code: Select all

require_once($phpbb_root_path . 'Bad-Behavior/bad-behavior-generic.'.$phpEx);


I would be willing to list it on the first page...if someone creates a thread for support with it somewhere else(modDB or mod dev forum)


http://www.phpbb.com/phpBB/viewtopic.php?t=406036

This seems like a good idea.

I have used the Bad Behavior mod. It's not as nicely done as the more official mods but it works very well. It's actually amusing to check the logs and see the attempts.

It has not stopped all spam, however. Nothing does. Bad Behavior REALLY helps with the bots.

It really does seem that the problem is two-fold: a) there are real people not bots and b) there are bots that are able to bypass all the php scripts.

Why I believe there are real people is that they are following my rules, such as all posts are blocked if they have more than 3 links, so they put only one link, or whatever.

I might be wrong about the bots bypassing the php scripts, though. I only see their attempts as they are caught by the bad behavior mod. I imagine that catches and logs their attempts before they get to the error messages.

This has been an excellent topic by the way. Way early in the posts there was a suggestion for some stuff to put in your .htaccess file. I am going to try that next. I will also send you to the error page if you do a GET request directly to my profile or posting page just in case the people are real.

I would like to also add (sorry this is so long) that you need to trust your instincts. I have noticed that every now and then I'll get someone who signs up and their username and other info looks valid but they don't post right away. If I wait longer than a day to see if they get around to posting I usually get a flood of spam and new spammer user registrations, so I think it's some kind of fishing attempt. From now on, if you register and don't post on the same day and I'm in any way suspicious of you, you're deleted end of story and your email address/ip address is banned. Go ahead and send me a complaint.

I would like to try mass banning of IP addresses based on country. This would work for me because my site is very location-specific. Maybe I'm stupid but I'm having a hard time finding a usable list. Where do I get one?
Thanks,
Diane

olpa
Registered User
Posts: 255
Joined: Tue Jan 25, 2005 6:44 pm
Location: Saint-Petersburg, Russia
Contact:

Post by olpa »

Grayson wrote: No, I saw it and it helps, but still .... for such an obvious problem, why not incorporate the best of these mods into a new version and do away with the guess-work?.

The problem is that everyone has its own opinion on what mods are the best and how to deal with spam. You've read this thread, now I suggest to read my text: phpBB Antispam HOWTO.

User avatar
Dog Cow
Registered User
Posts: 2497
Joined: Fri Jan 28, 2005 12:14 am
Contact:

Post by Dog Cow »

olpa wrote:
Grayson wrote:No, I saw it and it helps, but still .... for such an obvious problem, why not incorporate the best of these mods into a new version and do away with the guess-work?.

The problem is that everyone has its own opinion on what mods are the best and how to deal with spam. You've read this thread, now I suggest to read my text: phpBB Antispam HOWTO.


Another issue is that many of the big posters to this thread are power-users. We can write our own modifications and tweaks to phpBB. Thus, a lot of the tips and suggestions presented in this thread are unfit for newbies or those who do not have a good knowledge of PHP.
Moof!
Mac GUI Vault: Retro Apple II & Macintosh computing archive.
Inside Allerton bookMac GUIMac 512K Blog

User avatar
Phil
Former Team Member
Posts: 10403
Joined: Sat Nov 25, 2006 4:11 am
Name: Phil Crumm
Contact:

Post by Phil »

Most of the MODs and edits provided are fairly comprehensive, so anyone should be able to install them without much problems. Besides, what makes a power user but someone who has installed things like that a lot ;) Given, some of us are a lot more familiar with the phpBB package than others (not to the point that we can recite which files do what in our sleep... well, I can but that's more of another issue), but if you do enough edits to them you get your feel around.

What I'm trying to say is I personally believe "experience" is irrelevant when it comes to those tasks. Working out the bugs may take some, but installation alone hopefully shouldn't.
Moving on, with the wind. | My Corner of the Web

dialnu2
Registered User
Posts: 1
Joined: Sun Nov 26, 2006 8:46 pm

This sql helps me keep the spam out.

Post by dialnu2 »

When someone registers they usually do so with the intent to post a message. I have found that I had many regisered users with http:// urls to meds-4sale sites. They did not have any posts on the board so I could run the sql below to see if it were from someone bad.

SELECT * FROM phpbb_users LEFT JOIN phpbb_posts ON user_id = poster_id WHERE poster_id IS NULL AND user_id <> -1

mfnetworx
Registered User
Posts: 9
Joined: Mon Nov 27, 2006 12:28 am

Post by mfnetworx »

I know the name of a software program that is being used to spam all of of us. I am not sure if I should post it here because someone may be in here looking for ways to beat us, or just looking for phpbb forum names to add to their lists. Let me tell you, I personally have not posted to this forum with my real business name for a couple of years, and I deleted all old posts I had in here that referred to my forum.

Through a neighbor I was able to gain access to blackhat forum where there are people who do nothing all day except try to figure out ways to exploit all of our hard work my spamming our forums with links to their mass-produced pages full of nothing but Google Adsense ads. They claim it can beat captchas and email confirmation. Their goal is to get links in popular forums to increase their Google ranking and links.

The best way to fight these peopleis to:

a: delete them immediately and report all of them to Google immediately if they spam you. Do that here: http://www.google.com/contact/spamreport.html

b: beat them at their own game. If anyone here is a phpbb.com admin who wants me to tell them what this new software is that they are using, please PM me here and I will tell. Hopefully, you have enough knowledge to backwards engineer them and beat them at it.

c. some people in this blackhat forum who also have phpbb report the following: remove any reference to "powered by phpbb" to avoid being put on the list of forums available and active enough for them to bother spamming. I realize this is a condition for using phpbb. I suggest it may be considered acceptable for people to drop it if it is drawing the attention of spammers. By the way - once you are in it there is no way out.

What they look for: (below from the black-hat forum)
Seriously if you put a forum phpbb is the best for spam lol, or vbulletin with or without capthca registration and promote it, in a few weeks you will have all the ideas you need to spam forums

Helps to have a no-link post policy until 15 posts although then you stop getting the great ideas...

ok some ideas:

Forum spam works on poorly moderated forums
Forum spam works on dead forums
Many seod forums (like mine) have nofollow on external links



FYI: if you Google the name of this software, you can see they they have bombed phpbb, phorum, vbulletin and many other forums in just the last few days, and the name is getting successfully indexed in Google. This is their goal, and bad news for us.

IF it becomes known that people who spam phpbb get reported to Google immediately they will stop bombing us. The best tools are HEAVY moderation. Also - any anti-spam tools you can use should be employed.

User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Post by EXreaction »

mfnetworx wrote: remove any reference to "powered by phpbb" to avoid being put on the list of forums


Not recommended. As soon as you remove it you lose all support from phpBB.com.

Though, I would recommend changing it to something else(just make sure the users know what it is and means).

Like "Forums made by phpBB."
(ok, that wasn't very good...but you know what I mean)

Locked

Return to “2.0.x Discussion”