Preventing Spam in phpBB 3.0.6 and Above [*Read First Post*]

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Scam Warning
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
Locked
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26503
Joined: Fri Aug 29, 2008 9:49 am

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by Mick »

iWisdom wrote:The blacklists are pre-populated with a list of known offenders.
It just seems a bit of a potch to me when there are better and, IMHO, more flexible ways of doing it.
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel
User avatar
Martin Truckenbrodt
Registered User
Posts: 3045
Joined: Sun Mar 23, 2003 6:22 pm
Location: Franconia
Name: Martin Truckenbrodt
Contact:

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by Martin Truckenbrodt »

Hello Mixstar,
blocking can be very flexible if you are using more than one blacklist and if you are using a weight system.

And please don't forget: Blocking is much more user friendly as CAPTCHA it is.

Bye Martin
Free tutorial: Installing MODs in phpBB 3.0
Advanced Block MOD - Prevent spam on your phpBB 3.0 board with Stop Forum Spam, BotScout, Akismet, Project Honey Pot and several IP-RBL and Domain-RBL DNS blacklists!
My MODs
Use the official phpBB Ideas to vote missing core features!!!
ToonArmy
Former Team Member
Posts: 4608
Joined: Sat Mar 06, 2004 5:29 pm
Location: Worcestershire, UK
Name: Chris Smith
Contact:

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by ToonArmy »

Martin Truckenbrodt wrote:And please don't forget: Blocking is much more user friendly as CAPTCHA it is.
Until you find yourself on a number of blacklists through no fault of your own.
Chris SmithGitHub
User avatar
Martin Truckenbrodt
Registered User
Posts: 3045
Joined: Sun Mar 23, 2003 6:22 pm
Location: Franconia
Name: Martin Truckenbrodt
Contact:

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by Martin Truckenbrodt »

Hello Chris,
for me your answer is very typically for my experience since the last months (and years). For me it shows that you haven't done a look to my MOD by now.
For me it seems that some members of the support team and the dev team haven't done this look by now, too.

I don't want you to say: Hey Martin, your MOD is the only one good thing to fight against spammers.
I don't think so, too!
But a lot of answers are showing me that a lot of people are posting against blocking but they haven't tested it by now. This behaviour and these political statements I don't understand!

Chris, please remove the bad default check_dnsbl from phpBB3 core code or insteat give this feature the same chance that you have given CAPTCHA in phpBB 3.0.6.

Bye Martin
P.S. Please excuse my bad bad english.
Free tutorial: Installing MODs in phpBB 3.0
Advanced Block MOD - Prevent spam on your phpBB 3.0 board with Stop Forum Spam, BotScout, Akismet, Project Honey Pot and several IP-RBL and Domain-RBL DNS blacklists!
My MODs
Use the official phpBB Ideas to vote missing core features!!!
ToonArmy
Former Team Member
Posts: 4608
Joined: Sat Mar 06, 2004 5:29 pm
Location: Worcestershire, UK
Name: Chris Smith
Contact:

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by ToonArmy »

I've looked at the MOD more than once, but the simple matter is blacklisting is bad. You place the decisions over who can access your board to an external provider, even if you use multiple providers and collate the results you could end up with a false positive. An IP address does not represent an individual user, blocking an IP might unintentionally block legitimate users.
Chris SmithGitHub
User avatar
Martin Truckenbrodt
Registered User
Posts: 3045
Joined: Sun Mar 23, 2003 6:22 pm
Location: Franconia
Name: Martin Truckenbrodt
Contact:

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by Martin Truckenbrodt »

Hello,
but have you tested the MOD on a large board in a large spammers focus?
Sorry, but If you haven't done this test by now I can't accept your statement and opinion. If you want to test it, please contact me. I will give you my topical blacklist settings which will be published with the next version of my MOD perhaps in June.

My experience:
If a good user has a bad ISP then there is a very, very low risc for him to be listed on serveral blacklists my MOD is using. But here the weight system is doing a very good job using several blacklists with a low weight setting for the difficult blacklists.
The trick is to use several very different blacklists and not only spam-email blacklists. Then you will not have problems with dynamic IPs. There are a lot of very different blacklists.

Bye Martin
Free tutorial: Installing MODs in phpBB 3.0
Advanced Block MOD - Prevent spam on your phpBB 3.0 board with Stop Forum Spam, BotScout, Akismet, Project Honey Pot and several IP-RBL and Domain-RBL DNS blacklists!
My MODs
Use the official phpBB Ideas to vote missing core features!!!
Pony99CA
Registered User
Posts: 4783
Joined: Thu Sep 30, 2004 3:13 pm
Location: Hollister, CA
Name: Steve
Contact:

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by Pony99CA »

ToonArmy wrote:I've looked at the MOD more than once, but the simple matter is blacklisting is bad. You place the decisions over who can access your board to an external provider, even if you use multiple providers and collate the results you could end up with a false positive. An IP address does not represent an individual user, blocking an IP might unintentionally block legitimate users.
Whether blacklisting is bad is open for debate, and it's true that an IP doesn't represent a user or even a specific machine in some cases.

However, you already have an option for blacklisting with the Check IP against DNS Blackhole List Security setting, which implies at least somebody supports blacklisting. I think Martin is just asking that the blackist option be made a plug-in (something giving a Yes/No answer for the user in question with input being both the IP address and the E-mail address, perhaps). phpBB would ship with the default plug-in, but others could customize it.

Alternatively, could blacklisting be built into a CAPTCHA plug-in so that no user interaction is required (the "user" input would essentially be the IP address and E-mail address which phpBB already knows)? If so, maybe that would answer Martin's objections (although CAPTCHAs aren't able to be presented for every user that posts, just guest users).

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.
User avatar
Kellanved
Former Team Member
Posts: 2635
Joined: Wed Jan 26, 2005 2:48 pm
Location: Meta-level

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by Kellanved »

Pony99CA wrote:
Alternatively, could blacklisting be built into a CAPTCHA plug-in so that no user interaction is required (the "user" input would essentially be the IP address and E-mail address which phpBB already knows)? If so, maybe that would answer Martin's objections (although CAPTCHAs aren't able to be presented for every user that posts, just guest users).

Steve
This topic is intended to discuss non-invasive anti-bot measures. Chiefly plugins and configuration settings, but not MODs. Packaging a blacklist based CAPTCHA into a plugin is perfectly feasible, but won't be provided as a default plugin.
Nocando is in Idontwanna county. No support via PM
User avatar
Martin Truckenbrodt
Registered User
Posts: 3045
Joined: Sun Mar 23, 2003 6:22 pm
Location: Franconia
Name: Martin Truckenbrodt
Contact:

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by Martin Truckenbrodt »

Hello Steve alias Pony99CA,
my MOD is optimizing the feature behind the Check IP against DNS Blackhole List setting.

CAPTCHA plugins are displayed on the user registration page.

If you have enabled Check IP against DNS Blackhole List and your IP has been blocked then a message has been added to the top of the user registration page that the registration will be blocked. But the registration form still is displayed. At the moment my MOD doesn't change this behaviour.

But IMO this makes no sense. Why to display a user regstration form if the user has been blocked (or banned? )? If this behaviour has been changed then I think it's not more possible to use the CAPTCHA plugin system.
Although IMO it makes no sense to add a plugin for a still included hardcoded phpBB3 core feature.

Sorry for the Off-Topics. But I haven't started it. If support or dev team members are posting off-topic why not to post replys? ;)

Bye Martin
Free tutorial: Installing MODs in phpBB 3.0
Advanced Block MOD - Prevent spam on your phpBB 3.0 board with Stop Forum Spam, BotScout, Akismet, Project Honey Pot and several IP-RBL and Domain-RBL DNS blacklists!
My MODs
Use the official phpBB Ideas to vote missing core features!!!
MarkHoward
Registered User
Posts: 292
Joined: Mon Jun 30, 2008 3:39 am
Location: New Zealand
Contact:

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by MarkHoward »

I've had a 3.0.5 forum for some years. We started getting attacked by dozens of BOT's joining, early in 2009.
We implemented a very simple custom profile field solution with a single text question requiring a single text answer.
It stopped the BOT's instantaneously and permanently.
This was the code we added to includes/functions_profile_fields.php
Find the lines:

Code: Select all

case FIELD_TEXT:
if (empty($field_value) && !$field_data['field_required'])
{
return false;
}
else if (empty($field_value) && $field_data['field_required'])
and changed to:

Code: Select all

case FIELD_TEXT:
if (empty($field_value) && !$field_data['field_required'])
{
return false;
}
else if ($field_data['field_required'] && strtolower($field_value) !== 'kiwi')
I don't want to argue the toss about whether this is a good SpamBOT buster or not.

I want to be able to implement the same method in 3.0.7-PL1 but the code in that part has changed and, since I'm not a php programmer, I would be most grateful if someone could give me the code changes that I now need to implement in the new version.

Thanks very much.
User avatar
onehundredandtwo
Registered User
Posts: 1228
Joined: Fri Nov 14, 2008 8:07 am

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by onehundredandtwo »

I've visited your board, and your custom profile field is similar to the new Q&A CAPTCHA plugin in phpBB 3.0.6 (which is included in phpBB 3.0.6 by default).

Basically, once you've installed phpBB 3.0.6 or later, go to CAPTCHA modules in the ACP > in the dropdown box go to Q&A CAPTCHA > Configure > add one or more questions, Submit. The style you are using will have to be compatible with phpBB 3.0.6 or later for this to work.

Hope that helps. :)
Need help preventing spam? Read Preventing spam in phpBB 3.0.6 and above
MarkHoward
Registered User
Posts: 292
Joined: Mon Jun 30, 2008 3:39 am
Location: New Zealand
Contact:

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by MarkHoward »

Thanks very much 102.
I've entered 4 questions and provided answers. (The preview shows the first question)
I've deactivated the original Custom profile field.
I've then logged out and tried to Register and didn't get asked any question.

This is on my own local computer so you can't try it.

What have I missed, please?
User avatar
onehundredandtwo
Registered User
Posts: 1228
Joined: Fri Nov 14, 2008 8:07 am

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by onehundredandtwo »

Have you downloaded the latest version of the Iconic theme?
http://www.phpbb.com/community/viewtopi ... 5&t=568451

Edit: I only just noticed you've posted in the Iconic style topic. Have you tried using prosilver as your style?
Need help preventing spam? Read Preventing spam in phpBB 3.0.6 and above
MarkHoward
Registered User
Posts: 292
Joined: Mon Jun 30, 2008 3:39 am
Location: New Zealand
Contact:

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by MarkHoward »

No. I'll try that tomorrow and report back. Thanks
MarkHoward
Registered User
Posts: 292
Joined: Mon Jun 30, 2008 3:39 am
Location: New Zealand
Contact:

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by MarkHoward »

I've found the problem.
The first item on the CAPTCHA Module Settings page says:
Enable visual confirmation for registrations:
Requires new users to enter a random code matching an image to help prevent mass registrations.
I took that option at face value and, since I didn't want my users to decipher a garbled random code, set it as disabled.
Enable it and all is well - in the Iconic style as well.
What the text should say is something like:
Enable antispam confirmation for registrations:
Requires new users to pass a human-only test to help prevent mass registrations.
Thanks for your help.
Locked

Return to “[3.0.x] Support Forum”