Spam warning email

https://www.phpbb.com/ideas/
Post Reply
Author:
Floyd
Posted:
Sun Nov 24, 2013 1:26 am
Rating:
Status:
New
Floyd
Registered User
Posts: 85
Joined: Tue Sep 03, 2013 10:16 am

Spam warning email

Post by Floyd » Sun Nov 24, 2013 1:26 am

Our forum uses the question & answer antispambot plugin. I have written good questions that are not answerable via a Google search and they block all of the spambots. However, twice now we have endured an attack from the Russian spambots. What happens is that the people running the bots, or their minions, register a few accounts and get the answers to some of the questions. They then program these answers into their spambots and then have them hammer away at the forum until they get a few accounts registered and then they start spamming away. The last attack occurred from 11AM Thursday to 2AM Friday. A total of 72 spambots registered. Just three of the bots posted nearly 500 messages. After cleaning up the mess I realized that phpBB needs the following feature. I recommend having an option in the ACP that will send a notification by email to a specified address when the number of new account registrations exceeds a specifiable number. In this way, an admin or moderator can be alerted to suspicious activity on their forum and can take action if necessary thereby limiting the damage that occurs.

In addition, there can be a second option that limits the number of new registrations within a specified time period. Once that threshold is reached, the registration process goes offline until an admin or moderator investigates and resets it. This will limit the number of spambots that can register and thereby help to limit the damage they cause.

A last suggestion is to have an option that limits the number of posts any member can post within a period of time, e.g., 10/hour or whatever the admin deems appropriate for their board.

----------

View idea at: Spam warning email

Posted by Floyd
Entropy is maintenance free.

User avatar
Oyabun1
Former Team Member
Posts: 23162
Joined: Sun May 17, 2009 1:05 pm
Location: Australia
Name: Bill

Re: Spam warning email

Post by Oyabun1 » Sun Nov 24, 2013 2:36 am

Ideas Bot wrote:I recommend having an option in the ACP that will send a notification by email to a specified address when the number of new account registrations exceeds a specifiable number. In this way, an admin or moderator can be alerted to suspicious activity on their forum and can take action if necessary
So are you are going to stay awake 24/7? If the attack happens while you are sleeping, or otherwise away from the board, what benefit would the email provide?
Ideas Bot wrote:This will limit the number of spambots that can register and thereby help to limit the damage they cause.
It will also stop genuine members from being able to join when the block is in place. How many of those will be interested enough to try again some unknown period of time later without knowing if they will be successful?
Ideas Bot wrote:A last suggestion is to have an option that limits the number of posts any member can post within a period of time, e.g., 10/hour or whatever the admin deems appropriate for their board.
Flood control is already a feature. Check the post settings and permissions of the board. However, the trouble with such a feature is if is too strict is it is likely to limit live members as well. Often people may only login every few days, then read and post replies to numerous topics, all in a relatively short period of time, probably less than an hour.
                      Support Request Template
3.0.x: Knowledge Base Styles Support MOD Requests
3.1.x: Knowledge BaseStyles SupportExtension Requests

Floyd
Registered User
Posts: 85
Joined: Tue Sep 03, 2013 10:16 am

Re: Spam warning email

Post by Floyd » Sun Nov 24, 2013 6:09 am

Thank you for your thoughts on my proposals.
Oyabun1 wrote:
Ideas Bot wrote:I recommend having an option in the ACP that will send a notification by email to a specified address when the number of new account registrations exceeds a specifiable number. In this way, an admin or moderator can be alerted to suspicious activity on their forum and can take action if necessary
So are you are going to stay awake 24/7? If the attack happens while you are sleeping, or otherwise away from the board, what benefit would the email provide?
I typically check my email several times per day, but check the status of the forum less frequently. With an alert email I would be made aware that there could be a potential problem that needed addressing at a time when I would otherwise not have checked the forum's status. In addition, many people carry smartphones and could receive the alert email through that.
Oyabun1 wrote:
Ideas Bot wrote:A last suggestion is to have an option that limits the number of posts any member can post within a period of time, e.g., 10/hour or whatever the admin deems appropriate for their board.
Flood control is already a feature. Check the post settings and permissions of the board. However, the trouble with such a feature is if is too strict is it is likely to limit live members as well. Often people may only login every few days, then read and post replies to numerous topics, all in a relatively short period of time, probably less than an hour.
The flood control is slightly different from what I proposed. Most people might not post to our forum more than 10 times a day. However, if I limit the frequency of posts through the flood control option to once every 5 minutes, then that might annoy legitimate users while still allowing a bot to create 288 spam postings per day.
Entropy is maintenance free.

Post Reply

Return to “phpBB Ideas”