Page 23 of 41

Re: Custom profile field ends up in profile page, not regist

Posted: Thu Jan 06, 2011 10:44 am
by Pony99CA
AlternativePhoto wrote:I've read the article here:
http://www.phpbb.com/kb/article/custom- ... mmer-tool/
And set up 2 Custom profile fields, one yes/no question like described and one textfield with the question "What is the name of this website".
The fields does not end up on the registration page, but in the profile page.
The question is: How do i make the fields appear on the registration page?
As you might have noticed, that article is out-of-date (it shows radio buttons for the Visibility options instead of check boxes).

You want to ensure that both the Display on registration screen and Required field options are checked. I also suggest checking Hide profile field and unchecking all of the other options -- there's no need for users to ever see the anti-spam fields.

Steve

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Posted: Thu Jan 06, 2011 10:00 pm
by stephenn
I am running 3.0.7 (thanks for work.. it is fantastic)
i use the captcha - very effective against spammers
I set the NEW USER to 1 post - this gives me a chance to delete any botted or person done suspect content posts (gives me an edge to a clean spam free board, although I have to manually admin this bit)

I have a question please:
when someone registers - even if they don't post - they are still able to place a website and ICQ information in their profile, that will sit for all (registered members) to see in the members list... SO...
... is there a setting that will limit the profile info available to fill out at time of registration - or visible when at NEW REG MEMBER status?

appreciate any thoughts and/or info on this matter

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Posted: Fri Jan 07, 2011 8:44 am
by AlternativePhoto
I added two custom boxes to the registration:
Are you a spammer? Yes / No
What is the name of this website (textfield)
Before this i had about 5 spammers a day registering, I've only run this for a day, but no spammers yet. Could be worth trying.

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Posted: Fri Jan 07, 2011 10:00 am
by Pony99CA
AlternativePhoto wrote:I added two custom boxes to the registration:
Are you a spammer? Yes / No
What is the name of this website (textfield)
Before this i had about 5 spammers a day registering, I've only run this for a day, but no spammers yet. Could be worth trying.
I think it is. As I said in a post here on January 3, since I switched to phpBB 3.x and started using just one custom profile field, I've gotten zero bot registrations (and probably less than a dozen human spammers) even though I've turned off the CAPTCHA.

And, yes, I do get spam bots at my board. In fact, I actually conducted an experiment where I first turned off the old CAPTCHA and later turned off the custom profile field (so people could register without any anti-spam measures). Read about the results there.

Steve

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Posted: Fri Jan 07, 2011 1:09 pm
by AlternativePhoto
Interesting... thank you for sharing. I may just turn off the captcha too then!

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Posted: Fri Jan 07, 2011 5:54 pm
by callumacrae
stephenn wrote:I am running 3.0.7 (thanks for work.. it is fantastic)
i use the captcha - very effective against spammers
I set the NEW USER to 1 post - this gives me a chance to delete any botted or person done suspect content posts (gives me an edge to a clean spam free board, although I have to manually admin this bit)

I have a question please:
when someone registers - even if they don't post - they are still able to place a website and ICQ information in their profile, that will sit for all (registered members) to see in the members list... SO...
... is there a setting that will limit the profile info available to fill out at time of registration - or visible when at NEW REG MEMBER status?

appreciate any thoughts and/or info on this matter
Firstly, update to phpBB 3.0.8.

Yes, it is possible to stop the Newly Registered group from having signatures:

ACP -> Permissions -> Groups’ permissions -> Newly Registered -> Advanced Permissions

Set "Can use signature" to never.

I dont know how to stop them linking to websites though.

~Callum

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Posted: Fri Jan 07, 2011 11:03 pm
by Pony99CA
Callum95 wrote:I dont know how to stop them linking to websites though.
Maybe the Authorized for URLs MOD. ;) I recall seeing another, more extensive one, but didn't find it in my two searches.

Steve

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Posted: Sat Jan 08, 2011 10:38 am
by mkruer
Yeah I am looking into that as well.

Is there an option so the site will not even list newly registered users until x number of posts and a way to autoprune register but not active users after 3 days.

Finally is there a way to double up on a CAPTCHA like like GD 3D Image + Question.

Recently it looks like the reCAPTCHA has been cracked, as in the last 3 days I have gotten more spam then I have in the last two months.

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Posted: Sat Jan 08, 2011 11:25 am
by callumacrae
mkruer wrote:Recently it looks like the reCAPTCHA has been cracked, as in the last 3 days I have gotten more spam then I have in the last two months.
reCAPTCHA has been cracked for ages

~Callum

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Posted: Sat Jan 08, 2011 1:39 pm
by stephenn
Thanks for thoughts so far on my bit - still havnt figured it can be done:
when someone registers - even if they don't post - they are still able to place a website and ICQ information in their profile, that will sit for all (registered members) to see in the members list... SO...
... is there a setting that will limit the profile info available to fill out at time of registration - or visible when at NEW REG MEMBER status?
I'm working on the thinking that they (people spammers) will be less bothered if their info never gets to be seen.

I'm using the NEW Register Group as default now and 1 post (needing admin approval) - so at the momment the numptys are removed before showing on the boards - BUT...
... If they just simply register, they still get to be displayed in the members list (list only seen by registered members - but still seen) and in this list they can show website and ICQ info

:arrow: I would like to set the boards so any of these can happen:
* user told can fill out rest of profile (website ICQ etc) later (when they are not a Newly Reg
* newly reg users are not displayed in members list at all
* other way you can think of ;)

'''''''''''''''''''''''''''''''''''''''''''''''''''''''
just for info.... look at this... i put a custom requirement on the registration page... and when an undesired registered i looked at the profile (admin can see the custom bit) and saw this...
custom profile - cracked.jpg
custom profile - cracked.jpg (11.71 KiB) Viewed 1050 times
:?: the correct letters are not needed :?:

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Posted: Sat Jan 08, 2011 10:44 pm
by Pony99CA
mkruer wrote:Is there an option so the site will not even list newly registered users until x number of posts and a way to autoprune register but not active users after 3 days.
There's no option that I'm aware to prevent displaying Newly registered users in the Members list, but I can't imagine that it would be difficult to add via a code change. They already filter Bots.

However, remember that, by default, the Bots group can't see profiles or the Members list, so the only users who could see their links are Guests (maybe) and Registered users or above (probably). If you have a good list of search bots (see my manage_bots script), spammers won't get the search engine credit anyway, so they'll be mere annoyances to hopefully real people.

As for an automatic user pruning option, I don't know of one, but it's a good idea. You could probably write a PHP script to do it and run it as a CRON job.
mkruer wrote:Finally is there a way to double up on a CAPTCHA like like GD 3D Image + Question.
Sort of. Use whatever CAPTCHA you prefer and use required custom profile fields for the question.

Steve

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Posted: Sat Jan 08, 2011 10:59 pm
by Pony99CA
stephenn wrote:I'm working on the thinking that they (people spammers) will be less bothered if their info never gets to be seen.

I'm using the NEW Register Group as default now and 1 post (needing admin approval) - so at the momment the numptys are removed before showing on the boards - BUT...
... If they just simply register, they still get to be displayed in the members list (list only seen by registered members - but still seen) and in this list they can show website and ICQ info

:arrow: I would like to set the boards so any of these can happen:
* user told can fill out rest of profile (website ICQ etc) later (when they are not a Newly Reg
* newly reg users are not displayed in members list at all
* other way you can think of ;)
See my previous post. Even if the user is registered, search bots won't see their links unless they actually post and use a signature link. If you use the Newly registered users group, nobody will see their signatures unless you've approved their posts.

As long as your users aren't foolish enough to troll the Members list looking for people with zero posts and clicking on the Web links, I'm not sure you really need those changes.
stephenn wrote: just for info.... look at this... i put a custom requirement on the registration page... and when an undesired registered i looked at the profile (admin can see the custom bit) and saw this...
custom profile - cracked.jpg
:?: the correct letters are not needed :?:
It seems that you've set the field up incorrectly. Post your profile question's settings screen so we can tell.

Steve

An Anti Spam using StopForumSpam

Posted: Sun Jan 09, 2011 9:00 am
by pennycsf
I am running phpBB 3.0.8

The board is very small but was plagued with spammers. I use ReCaptcha and require email authentication, but still they came.

I found the StopForumSpam site and I have used PHP code posted on the StopForumSpam forum by Recif, but with a slight modification so that only IP address and e-mail address were checked. The check is made at User Registration, so is not making great demands on the StopForumSpam database. Incidentally, the check is made after the RECaptcha check, which wastes a little more of a human spammers time!

I am not a PHP programmer, so I have added the code I used below. It seems to be working very well - the number of spammers joining the board has reduced to nearly zero!! However, if anyone can see weaknesses in the code, please tell me!

The code was inserted in ucp_register.php after line 321 - immediately before

Code: Select all

// Register user...
                $user_id = user_add($user_row, $cp_data);

The code used is:-

Code: Select all

// code inserted from StopForumSpam 8.1.2011 by Frank Parkinson            
                
                
     // Verifier si spammeur via le site stopforumspam.com            
function objectsIntoArray($arrObjData, $arrSkipIndices = array())
{
    $arrData = array();
   
    // if input is object, convert into array
    if (is_object($arrObjData)) {
        $arrObjData = get_object_vars($arrObjData);
    }
   
    if (is_array($arrObjData)) {
        foreach ($arrObjData as $index => $value) {
            if (is_object($value) || is_array($value)) {
                $value = objectsIntoArray($value, $arrSkipIndices);
            }
            if (in_array($index, $arrSkipIndices)) {
                continue;
            }
            $arrData[$index] = $value;
        }
    }
    return $arrData;
}
$verifip = $user->ip;
   // old code was:  $xmlUrl = "http://www.stopforumspam.com/api?username=".$data['username']."&ip=$verifip&f=xmldom";

$xmlUrl = "http://www.stopforumspam.com/api?username=".$data['username']."&ip=$verifip&email=".$data['email']."&f=xmldom";

$xmlStr = file_get_contents($xmlUrl);
$xmlObj = simplexml_load_string($xmlStr);
$arrXml = objectsIntoArray($xmlObj);
   //    old code was:  $checkusername = $arrXml[username][appears];
$checkemail = $arrXml[email][appears];
$checkip = $arrXml[ip][appears];
if ($checkemail > 0 || $checkip > 0) {
    header('Location: http://spammerbegone.com');
    exit;
}

    // end of inserted StopForumSpam code

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Posted: Sun Jan 09, 2011 9:41 am
by stephenn
Pony99CA wrote:It seems that you've set the field up incorrectly. Post your profile question's settings screen so we can tell.
field type: single text field
field id: promise
public display: NO

display on reg screen: CHECKED
required field: CHECKED
hide profile field: CHECKED
custom profile - details1.jpg
custom profile - details1.jpg (31.7 KiB) Viewed 993 times
custom profile - details2.jpg
custom profile - details2.jpg (17.1 KiB) Viewed 993 times
hope this is info needed. thanks for time

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Posted: Sun Jan 09, 2011 11:32 am
by Martin Truckenbrodt
Hello pennycsf,
StopForumSpam is sharing its database with the DNS blacklist opm.tornevall.org. Another very successfull DNS blacklist especially to get forum spammers is access.atlbl.net. The advantage of DNS blacklists is that you don't need an account for this service and the DNS requests are working faster. If you want to use more blacklists you can use the Advanced Block MOD. If you are set Account Acticaton to User or User+Admin (Double Activation) then you will have some successfull registrations of spammers. But in my experience these spammers are not confirm their email addresses. So you can prune them very easily. If you want ot prune them automatically - e.g. after 6 weeks - then you can use the Advanced Double Activation Pack for this job, too.

Bye Martin