Preventing Spam in 3.0.5 and Lower [*Read First Post*]

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Anti-Spam Guide
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
Locked
Agent F
Registered User
Posts: 201
Joined: Fri Sep 15, 2006 3:28 am
Location: phpbb_users

Re: Preventing Spam in 3.0 [*Read First Post*]

Post by Agent F » Tue Jul 28, 2009 11:59 pm

I'm having a problem with a guest board. Bots like to post a lot of links and for my users' security, I've disabled BBCode for Guests. Unfortunately, URLs are automatically parsing so links not posted in BBcode are still being displayed. Any suggestions or know of a way to fix auto-URL parsing for Guests?

Example:

Code: Select all

[url=www.google.com]Google[/url]
doesn't work, but the below does.

Code: Select all

www.google.com
Image

TerryE
Registered User
Posts: 21
Joined: Thu Dec 21, 2006 12:54 am
Contact:

Re: Preventing Spam in 3.0 [*Read First Post*]

Post by TerryE » Fri Jul 31, 2009 1:14 am

I've just backed out using custom fields. We used to use drop-downs for users to record their host OS and product version, but the bots now just contain code to process these custom selections and make a random pick for each field. This is enough to counter the use of custom fields as anti-bot deterrents. Also, they are a pain to maintain because you can't easily insert new entries mid-list.

Independent Qs such as entering the current product version (which is obtainable from the download site) is a far more potent defence. These will defeat robots and deter spurious manual registrations. I use my own custom code, but there are a few standard mods which support this feature.

Now that we've done this, we've also dropped back to the old non-GD captcha. The current GD algo is just far too complicated for people with the slightest visual impairments (such as colour blindness), and we get far too many emails to the admins as a consequence.
//Terry

narqelion
I've Been Banned!
Posts: 7235
Joined: Sat Dec 13, 2008 5:00 pm
Contact:

Re: Preventing Spam in 3.0 [*Read First Post*]

Post by narqelion » Fri Jul 31, 2009 2:22 am

TerryE wrote:I've just backed out using custom fields.
I've never used them as anti-spam registration fields, only as profile fields.
TerryE wrote:Independent Qs such as ...
My own challenge response via the email registration process has worked beautifully for me, since it is an atypical approach I think it will be effective much longer than the more common implementations.
TerryE wrote:Now that we've done this, we've also dropped back to the old non-GD captcha.
I disabled it completely, I found it stopped more legitimate human registrants than bots. :lol:

Seraphic
Registered User
Posts: 274
Joined: Wed Feb 15, 2006 8:20 am

Re: Preventing Spam in 3.0 [*Read First Post*]

Post by Seraphic » Fri Jul 31, 2009 4:40 am

I was hit hard with bots on my old 3.0.4 forum. Almost complete with my new 3.0.5 which includes custom profiles. One simple drop down yes or no, while the other is a code box with ten different options. Also lowed the allowed number of registration attempts to three. That should keep them at bay for awhile (well maybe). Might also have to set account activation to admin if worst comes to worst.
Seraphic wrote:So when using custom profiles to add a dropdown box for registration, why is using more then two options considered easier then just two? Wouldn't using say five options be harder then just two for a bot?
Posted this before and was interested on thoughts

Agent F
Registered User
Posts: 201
Joined: Fri Sep 15, 2006 3:28 am
Location: phpbb_users

Re: Preventing Spam in 3.0 [*Read First Post*]

Post by Agent F » Fri Jul 31, 2009 5:36 am

Using a drop-down box only allows 1 wrong answer, so the more options you're adding, the more correct options there are. It doesn't do any better to add more Yes answers than one. With a number field, you can specify the range of correct answers. If you only want one, set the lowest and highest allowed number to be the same.
Image

alanbenjy
Registered User
Posts: 42
Joined: Tue Dec 16, 2008 10:05 am
Contact:

Re: Preventing Spam in 3.0 [*Read First Post*]

Post by alanbenjy » Sat Aug 01, 2009 10:01 am

Can I limit all registrants to say .co.uk and .eu email addresses?

pixelpadre
Registered User
Posts: 10
Joined: Wed Dec 19, 2007 10:38 pm

Stupid Question for you

Post by pixelpadre » Sun Aug 02, 2009 9:26 pm

I did the drop down thing for anti spam with yes no.

Heres the stupid question.........

Why won't the registration process accept yes from the drop down menu? Nobody elaborated on that fine point.

I'd like to know just in case I do some other custom profile questions, like..... are you over the age of 18 for example.

TerryE
Registered User
Posts: 21
Joined: Thu Dec 21, 2006 12:54 am
Contact:

Re: Preventing Spam in 3.0 [*Read First Post*]

Post by TerryE » Mon Aug 03, 2009 3:17 pm

Seraphic wrote:Wouldn't using say five options be harder then just two for a bot?
?? This is just a case of for (i=0;i<n;I++) ... with n = 5 instead of two. Once you can parse the select tag in the form, picking random choices is easy. Getting a robot to answer Qs like "What is President Obama's Christian name?" or "Please enter the current version number of our product?" is a little more of a challenge.
//Terry

User avatar
Mick
Support Team Member
Support Team Member
Posts: 21724
Joined: Fri Aug 29, 2008 9:49 am
Location: Cardiff

Re: Stupid Question for you

Post by Mick » Tue Aug 04, 2009 7:30 am

pixelpadre wrote:Why won't the registration process accept yes from the drop down menu? Nobody elaborated on that fine point
The settings for the "profile type specific options" are as follows.

Note you are rejecting the default value - so if more than two choices are provided you will have made it easier rather than harder to pass.
"The more connected we get the more alone we become" - Kyle Broflovski

pixelpadre
Registered User
Posts: 10
Joined: Wed Dec 19, 2007 10:38 pm

Re: Preventing Spam in 3.0 [*Read First Post*]

Post by pixelpadre » Wed Aug 05, 2009 10:22 am

That answer doesnt help me. I read it too but it doesnt explain how the default value is rejected or why the default value is rejected.

User avatar
JimA
Community Team Leader
Community Team Leader
Posts: 7667
Joined: Thu Jul 31, 2008 5:54 am
Location: The Netherlands
Name: Jim Mossing Holsteyn
Contact:

Re: Preventing Spam in 3.0 [*Read First Post*]

Post by JimA » Wed Aug 05, 2009 10:36 am

pixelpadre wrote:That answer doesnt help me. I read it too but it doesnt explain how the default value is rejected or why the default value is rejected.
Because this is against spambots, and spambots usually just pick the default answer. So by rejecting the default answer, you can loose lots of bots.
Image Jim Mossing Holsteyn - Community Team Leader
Knowledge Base | Documentation | Board rules

If you're having any questions about the rules/customs of this website, feel free to drop me a PM.

pixelpadre
Registered User
Posts: 10
Joined: Wed Dec 19, 2007 10:38 pm

Re: Preventing Spam in 3.0 [*Read First Post*]

Post by pixelpadre » Wed Aug 05, 2009 11:19 am

You are not answering my question.

I know what the purpose is.

My question is a technical reason why the default value is not accepted.

What if I wanted to make sure that the member was over the age of 18 and so i made a custom profile that asks "are you over the age of 18?". If the answer the default value of yes, then they would be rejected?

Are you telling me that the programming is intentionally written to disallow someone from selecting the default values?

User avatar
JimA
Community Team Leader
Community Team Leader
Posts: 7667
Joined: Thu Jul 31, 2008 5:54 am
Location: The Netherlands
Name: Jim Mossing Holsteyn
Contact:

Re: Preventing Spam in 3.0 [*Read First Post*]

Post by JimA » Wed Aug 05, 2009 11:31 am

In your case you would set the default answer to "No".

Then the users would need to change it to Yes themselves, and then you know that they have changed the box themselves to show you that they're over 18. And not that they, if the default answer was Yes, just left it as it was and might give you the wrong answer.

This is just the way it's build, and will only work if the field is required.
Image Jim Mossing Holsteyn - Community Team Leader
Knowledge Base | Documentation | Board rules

If you're having any questions about the rules/customs of this website, feel free to drop me a PM.

pixelpadre
Registered User
Posts: 10
Joined: Wed Dec 19, 2007 10:38 pm

Re: Preventing Spam in 3.0 [*Read First Post*]

Post by pixelpadre » Wed Aug 05, 2009 2:47 pm

You are still avoiding my question Jim.

Are you telling me that the programming is intentionally written to disallow someone from selecting the default values? Soley 100% for the purpose of avoiding spam?

User avatar
onehundredandtwo
Registered User
Posts: 1228
Joined: Fri Nov 14, 2008 8:07 am

Re: Preventing Spam in 3.0 [*Read First Post*]

Post by onehundredandtwo » Thu Aug 06, 2009 7:08 am

pixelpadre wrote:Soley 100% for the purpose of avoiding spam?
Umm, not necessarily. A board might not want people under the age of 21 on their board, so they might use Custom Profile Fields. I'm sure many administrators would also use this for other reasons as well.

AND YOU DON'T NEED TO YELL TO GET AN ANSWER!!! If you don't want to use the feature, then don't.
Need help preventing spam? Read Preventing spam in phpBB 3.0.6 and above

Locked

Return to “[3.0.x] Support Forum”