Preventing Spam in phpBB 3.0.6 and Above [*Read First Post*]

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Scam Warning
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
Locked
User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: spambot or human

Post by callumacrae »

J_M wrote:how do you know if a post or registration has been placed by a human or a spambot?

thanks
You can generally tell whether a post has been made by a bot or a human, as bots will post something completely off topic, and humans will post something kinda related but still spam. I'm assuming you were talking about different types of spam, not spam vs no spam?

~Callum
macr.ae = my website. you probably won't like it.
Proud user ofProud user of

J_M
Registered User
Posts: 263
Joined: Wed Jul 20, 2005 12:26 pm

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by J_M »

>I'm assuming you were talking about different types of spam,

yes, I was just wondering if there was a clue as to the origin of a spam post, human or bot.

I am testing the Q&A type login versus the re-captcha, I assume that a bot can get past the re-captcha but not past a Q&A, is that true?

thanks again.

User avatar
Martin Truckenbrodt
Registered User
Posts: 3045
Joined: Sun Mar 23, 2003 6:22 pm
Location: Franconia
Name: Martin Truckenbrodt
Contact:

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by Martin Truckenbrodt »

Hello J_M,
if you are using default settings for the Q&A then they will get it.

Bye Martin
Free tutorial: Installing MODs in phpBB 3.0
Advanced Block MOD - Prevent spam on your phpBB 3.0 board with Stop Forum Spam, BotScout, Akismet, Project Honey Pot and several IP-RBL and Domain-RBL DNS blacklists!
My MODs
Use the official phpBB Ideas to vote missing core features!!!

J_M
Registered User
Posts: 263
Joined: Wed Jul 20, 2005 12:26 pm

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by J_M »

how do they get the answer?

User avatar
Martin Truckenbrodt
Registered User
Posts: 3045
Joined: Sun Mar 23, 2003 6:22 pm
Location: Franconia
Name: Martin Truckenbrodt
Contact:

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by Martin Truckenbrodt »

Hello J_M,
there are humans needed to program the bots.

Bye Martin
Free tutorial: Installing MODs in phpBB 3.0
Advanced Block MOD - Prevent spam on your phpBB 3.0 board with Stop Forum Spam, BotScout, Akismet, Project Honey Pot and several IP-RBL and Domain-RBL DNS blacklists!
My MODs
Use the official phpBB Ideas to vote missing core features!!!

J_M
Registered User
Posts: 263
Joined: Wed Jul 20, 2005 12:26 pm

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by J_M »

Hi Martin

So if I create a custom question someone has to take the time to plug this info into the spambot.... that sounds like a lot of work and not very bot-like. Since the site that I am maintaining is relatively small hopefully they won't want to go through that effort.

I checked the antispam mod in your signature, I'd go for it but it seems to be beyond my skills, but if the bots win I will probably give it a try.

thanks again,

j

pennycsf
Registered User
Posts: 152
Joined: Mon Feb 01, 2010 6:29 pm
Location: Pyrenees-Orientales, South of France
Name: Frank Parkinson
Contact:

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by pennycsf »

I am no php programmer but I found the code submitted by Recif on the StopForumSpam forum works well for me on my phpBB 3.0.8 board.

I have started to research php, and I have added a "mail" function to alert me when anyone tries to Register on my board. This is purely for information - since I implemented the code to check the SFS database I have no idea who is trying to spam the site.

I know that this is only workable when the board is small - if I get too many attempts I will change it to a count which I can interrogate.

I am posting the code in the knowledge that it is far from perfect, but maybe others can improve on it and give the spammers a hard time!!!!

The code was inserted in ucp_register.php after line 321 - immediately before

Code: Select all

// Register user...
                $user_id = user_add($user_row, $cp_data);

The code I use is:-

Code: Select all

// code inserted from StopForumSpam 8.1.2011 by Frank Parkinson            
                
                
     // Verifier si spammeur via le site stopforumspam.com            
function objectsIntoArray($arrObjData, $arrSkipIndices = array())
{
    $arrData = array();
   
    // if input is object, convert into array
    if (is_object($arrObjData)) {
        $arrObjData = get_object_vars($arrObjData);
    }
   
    if (is_array($arrObjData)) {
        foreach ($arrObjData as $index => $value) {
            if (is_object($value) || is_array($value)) {
                $value = objectsIntoArray($value, $arrSkipIndices);
            }
            if (in_array($index, $arrSkipIndices)) {
                continue;
            }
            $arrData[$index] = $value;
        }
    }
    return $arrData;
}
$verifip = $user->ip;
   // old code was:  $xmlUrl = "http://www.stopforumspam.com/api?username=".$data['username']."&ip=$verifip&f=xmldom";




$xmlUrl = "http://www.stopforumspam.com/api?username=".$data['username']."&ip=$verifip&email=".$data['email']."&f=xmldom";

$xmlStr = file_get_contents($xmlUrl);
$xmlObj = simplexml_load_string($xmlStr);
$arrXml = objectsIntoArray($xmlObj);
   //    old code was:  $checkusername = $arrXml[username][appears];
$checkemail = $arrXml[email][appears];
$checkip = $arrXml[ip][appears];
if ($checkemail > 0 || $checkip > 0) {
    mail("youremail@youremail.com","Failed Registration Attempt",$data['email']);
    header('Location: http://spammerbegone.com');
    exit;
}

    // end of inserted StopForumSpam code



Because the amended "ucp_register.php" mails me all failed attempts to register on the forum, I can see that during the 24 hour period of January 11th there were 39 attempts. Each one failed to get through to the board, and while I don't know which were spam bots and which were human spammers, I hope that I have wasted the time of at least some w**kers!

Incidentally, during just over 17 hours today there was one genuine registration and there were 25 spam registration attempts; one spammer got through, presumably the StopForumSpam site was down at the time because the spammer email address is definitely in SFS database.

My coding skills are not great, and I know the code lacks sophistication to handle "SFS database unavailable" or just "slow response" situations, but it certainly seems to provide a wonderful tool.
It's a poor day when you don't learn something!

User avatar
darkhorn
Registered User
Posts: 46
Joined: Sat Mar 31, 2007 2:46 am
Contact:

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by darkhorn »

I have forum where anonymous visitors can make a post. It ends with 2-3 spams daily. Mostly from the Netherlands and Russia.

I think to add a custom question field next to the reCAPTCA, such as üzüm kelimesinin ilk harfi?
It will prevent almost all the spams since they won't know that language.
I was unable to find such custom question antispam mod. Is there any?

Ozo
Registered User
Posts: 330
Joined: Mon Dec 13, 2010 7:57 pm

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by Ozo »

Anyone know if it's possible to prohibit all email domains for being used in registration except for admin defined and allowed emails? I think this would save us a lot of time then looking for the "perfect" anti bot solution.

Pony99CA
Registered User
Posts: 4783
Joined: Thu Sep 30, 2004 3:13 pm
Location: Hollister, CA
Name: Steve
Contact:

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by Pony99CA »

Ozo wrote:Anyone know if it's possible to prohibit all email domains for being used in registration except for admin defined and allowed emails? I think this would save us a lot of time then looking for the "perfect" anti bot solution.
I haven't tried it, but you could try banning "*@*.*" in the Ban e-mails ACP section, then un-ban the domains that you want from the same place by setting Exclude from banning to Yes.

However, unless you're going to ban gmail.com, yahoo.com and hotmail, com, I'm not sure how much it will help.

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

emcha
Registered User
Posts: 165
Joined: Fri Dec 31, 2010 7:25 am

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by emcha »

Would I be able to use the Q&A mod with a question about my modified user agreement? If that is possible, what would be the html coding to have the Q&A change question randomly? Would that be even possible?

User avatar
/a3
Registered User
Posts: 411
Joined: Sun Sep 19, 2010 9:08 am
Location: /dev/random

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by /a3 »

emcha wrote:Would I be able to use the Q&A mod with a question about my modified user agreement?
I don't see why not - you can change the questions to whatever you wish to.
emcha wrote:If that is possible, what would be the html coding to have the Q&A change question randomly? Would that be even possible?
The Q&A CAPTCHA is already random, as you can include more than one question in the configuration. :)

However, you cannot change the HTML coding in the Q&A CAPTCHA, as it changes < and > and & to entities.
$ git commit -m "YOLO"

User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by callumacrae »

darkhorn wrote:I have forum where anonymous visitors can make a post. It ends with 2-3 spams daily. Mostly from the Netherlands and Russia.

I think to add a custom question field next to the reCAPTCA, such as üzüm kelimesinin ilk harfi?
It will prevent almost all the spams since they won't know that language.
I was unable to find such custom question antispam mod. Is there any?
You can use the custom profile fields to do this

~Callum
macr.ae = my website. you probably won't like it.
Proud user ofProud user of

Pony99CA
Registered User
Posts: 4783
Joined: Thu Sep 30, 2004 3:13 pm
Location: Hollister, CA
Name: Steve
Contact:

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by Pony99CA »

Callum95 wrote:
darkhorn wrote:I have forum where anonymous visitors can make a post. It ends with 2-3 spams daily. Mostly from the Netherlands and Russia.

I think to add a custom question field next to the reCAPTCA, such as üzüm kelimesinin ilk harfi?
It will prevent almost all the spams since they won't know that language.
I was unable to find such custom question antispam mod. Is there any?
You can use the custom profile fields to do this
Do required custom profile fields show up on guest posts, too? I thought they only showed on the registration screen.

UPDATE: I just tested it and they don't. My Q&A CAPTCHA showed up (as expected), but the custom profile field did not -- which makes sense as guests don't have profiles. (I know that the Anonymous user that all guests use probably does have a profile, but it's not one that users can see.)

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

User avatar
wmtipton
Registered User
Posts: 564
Joined: Thu Apr 26, 2007 8:16 pm
Contact:

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by wmtipton »

Q&A CAPTCHA - Allows you to define a "Question" and a possible "Answer" in order to determine if a user is a bot. Questions should be easily recognizable and not ambiguous, and preferably not easily found using a search engine (like arithmetic). This CAPTCHA plugin is generally more suitable to niche forums. While it is possible to use a more common question ("What colour is the sky?" "What is 2+2"), there are other CAPTCHA plugins that are preferable to this if such questions are necessary.
This one worked really well.
"What is the third word in this sentence?"
That seems to have stopped the spambots for now. And not too hard for a real person to figure out the answer to. :)
mysql database backup software - mysql Workbench

Locked

Return to “[3.0.x] Support Forum”