Preventing Spam in phpBB 3.0.6 and Above [*Read First Post*]

RobSkelton · Post by **RobSkelton** » Sat Sep 25, 2010 11:19 am

Although it is time-consuming, I manually approve new members, check their IP address and have a custom field asking why they are joining. If someone types in ghghghhg and have an India or China IP address, then it is easy to deny them.

What I haven't seen discussed is how the spammers locate out forums to begin with? Could having phpbb in the footer be a factor? Could I change it to php^bb or something and avoid spammers altogether?

Pony99CA · Post by **Pony99CA** » Fri Oct 01, 2010 1:18 am

RobSkelton wrote:What I haven't seen discussed is how the spammers locate out forums to begin with? Could having phpbb in the footer be a factor? Could I change it to php^bb or something and avoid spammers altogether?

More likely they use Google's file search to find viewtopic.php or something similar.

Steve

/a3 · Post by **/a3** » Tue Oct 05, 2010 7:10 am

They also follow the website profile links from other forums. I've found that they don't follow links in signatures, however.

Drats · Post by **Drats** » Wed Oct 06, 2010 12:34 pm

I use the "first post moderated" and lately I have found spamers who have found their way around it. Not too many yet, just the 2.

It has worked perfectly up until now, and still does with most but it may the start.

Ag2000CO · Post by **Ag2000CO** » Wed Oct 20, 2010 9:19 pm

RobSkelton wrote:What I haven't seen discussed is how the spammers locate out forums to begin with? Could having phpbb in the footer be a factor? Could I change it to php^bb or something and avoid spammers altogether?

Spammers may use Google but it appears to me that they use there own spiders too. I do not have my phpBB up and running yet so there are no links to it, nor any Google references. However, after installing the files (and then running into a db issue) the next log files showed about 20 hits just poking around.

To the outside world all I did was create a new sub-directory, /XX, and load the phpBB files. The log about 8 hours later showed hits. At that point I did a chmod to 740 to hide it until I get other issues resolved.

If you have access to your system logs look at the files request that have broken links, or look at your error log. The spiders know that they are looking for. They are looking for file names that are part of applications with known weaknesses or were admin/users may not have set things up correctly (securely).

I also run a newsletter for a small theater group. On the web version of the newsletter there is a form to make comments. Some guy in Holland has posted several "comment spam." I guess I should have named the file something other than comment.html But spammers are dumb and need all the help they can get!

Just because you are paranoid, doesn't mean their not out to get you!

RobSkelton · Post by **RobSkelton** » Wed Oct 20, 2010 10:13 pm

Thanks - I guess it is easier (for me anyway) to just manually approve new members. I get roughly 2 spammers per 5 genuine each day.

Ag2000CO · Post by **Ag2000CO** » Wed Oct 20, 2010 11:54 pm

yea, reading this thread makes me wonder what I have volunteered for! I was hopping that the forum would off-load some of the email traffic among board members etc. coordinating things. -- but maybe my workload will just shift.

EduCatOR · Post by **EduCatOR** » Sat Oct 23, 2010 1:26 am

Hi there, I've been looking into spam protection as my site is now getting hit. I run a few other forum software packages as well and one of them has a simple question during registration that is very successful in stopping bots. It asks a simple question like what is 3 + 2?

Is there anything like this for phpBB??

/a3 · Post by **/a3** » Sat Oct 23, 2010 2:00 am

EduCatOR wrote:It asks a simple question like what is 3 + 2?

Is there anything like this for phpBB??

There is a CAPTCHA plugin in the latest version of phpBB by default which allows you to make a list of questions/answers. Check out the first post in this thread and find on the section called Q&A CAPTCHA for some basic instructions.

I have used it, and so far bots are unable to get past it.

EduCatOR · Post by **EduCatOR** » Sat Oct 23, 2010 2:07 am

Thanks a3 actually I found an AntiBotQuestion mod that allows you to ask the question very easily upon registration. Works perfectly!

Thanks again.

ric323 · Post by **ric323** » Sat Oct 23, 2010 3:19 am

EduCatOR wrote:Thanks a3 actually I found an AntiBotQuestion mod that allows you to ask the question very easily upon registration. Works perfectly!

Thanks again.

Why bother installing a MOD, when the same functionality is already built in to the latest versions of phpBB?

EduCatOR · Post by **EduCatOR** » Sat Oct 23, 2010 6:07 am

Hmmm...I must have missed this feature? I don't see it anywhere in the acp.

ric323 · Post by **ric323** » Sat Oct 23, 2010 6:17 am

EduCatOR wrote:Hmmm...I must have missed this feature? I don't see it anywhere in the acp.

Do you have 3.0.7-pl1 ?
If yes, it is in "CAPTCHA module settings", using the "Q&A CAPTCHA" plugin. This is all described in the first post of this topic.

/a3 · Post by **/a3** » Sat Oct 23, 2010 6:19 am

The only difference will be that you will only have the Q&A, and not the normal image CAPTCHA.

But currently this is fine because bots can't break the Q&A anyway.

Ger · Post by **Ger** » Sat Oct 23, 2010 6:20 am

Admin index -> CAPTCHA Module settings ->Choose from installed CAPTHCA plugins the Q&A CAPTHCA

advertisements