phpBB 3.0.8 Spambots getting past Re-Capture registration

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Get Involved

phpBB 3.0.8 Spambots getting past Re-Capture registration

Postby Terminal-Access » Wed Jan 19, 2011 10:55 am

phpBB Version: phpBB 3.0.8
Boards URL: http://stargate4bf2.co.uk
Board Host: Privatly Hosted.
Board Instalation Type: Fresh Install from phpBB.com download page.
Bord Registration Type: Re-Capture with User Activation.
Board Style: DVGFX2 (Customised Look)
Board Language: English
Board Database: MySQL 5
Board Mods:
  • Prime Trash Bin Version 1.0.10a
  • phpBB Gallery Version 1.0.5.1


Administrator Level of Experiance: Advanced User
When did your problem begin: Start of the Year (January 2011)

Description of Problem:

As stated above the board we are using is a Fresh install of phpBB 3.0.8 with user registrations enabled using the Re-Capture anti-spam countermeasure and requiring user activation once registerd.

We have our own unique set of API keys for Re-Capture.

Since the start of the new year we have noticed a lot of spambot have been able to register on the forums, although they are unable to post due to the newly registerd users group being highely restricted, their porfiles and signatures are filled in usually full of spam links.

Some how they are either by-passing the spam bot countermeasure and user activation.

Any help or advice would be greatly appreciated.

Thank you
Terminal-Access

P.S As of this post i have tempoeraly changed the user registration over to Admin Aproval to prevent any further spambot incursions on to our board.
Last edited by Terminal-Access on Wed Jan 19, 2011 10:57 am, edited 1 time in total.
Terminal-Access
Registered User
 
Posts: 8
Joined: Mon Nov 23, 2009 12:43 pm

Re: phpBB 3.0.8 Spambots getting past Re-Capture registratio

Postby Kevin Clark » Wed Jan 19, 2011 10:56 am

Recaptcha appears to have been beaten. There are several similar topics on this if you scan down the forum.

Try the Q&A captcha instead.
User avatar
Kevin Clark
Support Team Member
Support Team Member
 
Posts: 59471
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK

Re: phpBB 3.0.8 Spambots getting past Re-Capture registratio

Postby Terminal-Access » Wed Jan 19, 2011 11:00 am

Kevin Clark wrote:Recaptcha appears to have been beaten. There are several similar topics on this if you scan down the forum.

Try the Q&A captcha instead.


Firstly thank you for the extreamly fast responce, i have just been discussing the Q&A captcha option with the other board administrators and we are going to give that a try.
Terminal-Access
Registered User
 
Posts: 8
Joined: Mon Nov 23, 2009 12:43 pm

Re: phpBB 3.0.8 Spambots getting past Re-Capture registratio

Postby PaveFE » Mon Feb 28, 2011 1:10 am

I hope you guys can figure something out. I'm sick and tired of these damn spambots getting through. My settings are so high, my users can't even read the image! Yet, spambots continue. I swear I'd like to beat the ever living crap out of the people who create that stuff.

PaveFE
You have never lived until you have almost died and for those who fight for it, life has a flavor the protected will never know.
Honoring America's Hereos: Plummer, Howie, Scooter, Tom
PaveFE
Registered User
 
Posts: 50
Joined: Fri Aug 06, 2004 5:24 pm

Re: phpBB 3.0.8 Spambots getting past Re-Capture registratio

Postby Kevin Clark » Mon Feb 28, 2011 10:11 am

PaveFE wrote:I hope you guys can figure something out. I'm sick and tired of these damn spambots getting through. My settings are so high, my users can't even read the image! Yet, spambots continue. I swear I'd like to beat the ever living crap out of the people who create that stuff.

PaveFE

Have you tried Q&A? I get maybe one a month (human spammer) and no bots.
User avatar
Kevin Clark
Support Team Member
Support Team Member
 
Posts: 59471
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK

Re: phpBB 3.0.8 Spambots getting past Re-Capture registratio

Postby PaveFE » Mon Feb 28, 2011 12:28 pm

Just switched to it. We'll see how this will last.

Thanks,

PaveFE
You have never lived until you have almost died and for those who fight for it, life has a flavor the protected will never know.
Honoring America's Hereos: Plummer, Howie, Scooter, Tom
PaveFE
Registered User
 
Posts: 50
Joined: Fri Aug 06, 2004 5:24 pm

Re: phpBB 3.0.8 Spambots getting past Re-Capture registratio

Postby GoldenMoney » Tue Apr 12, 2011 3:33 pm

We have 2 months old forum. No actual users have been registered, but about 30-40 spambots register every day, ignoring Q&A, re-captcha and any other built in security measures. Nice forum interface, but useless because of security issues. In addition it is impossible to delete bulk spambots accounts and their messages. I had to go through by deleting them one by one. Deleting spambots from SQL leaves their traces in actual forum registration. If phpBB was build for users, why following is not implemented:

1. Security against spambots
2. Deleting Spambots names in bulk through "checkboxes"
3. Deleting spam messages in bulk through "checkboxes"

If phpBB was build to allow spambot advertising, it has been successful:

1. Spambots easy penetrate registration
2. Post multiple threads and creating nightmare for admin to delete
3. Registering in bulk, creating nightmare for admin to select them in bulk and delete

I had included /forum/ in robots.txt so it is not indexed by search engines, but bots do not really care. Is there a real solution to the issue. I am tired of receiving 40 e-mail from bot registration every day.

Serge
GoldenMoney
Registered User
 
Posts: 3
Joined: Tue Apr 12, 2011 1:35 pm

Re: phpBB 3.0.8 Spambots getting past Re-Capture registratio

Postby Kevin Clark » Tue Apr 12, 2011 3:44 pm

GoldenMoney wrote:Nice forum interface, but useless because of security issues.

It's not a security issue. They are registering like real people do.
If they are getting through your Q&A question then you need something better. Don't ask things that can be googled like what is 2+2 or what colour is the sky.

GoldenMoney wrote:In addition it is impossible to delete bulk spambots accounts and their messages.

You can do it in the prune users option in users and groups.

GoldenMoney wrote:1. Spambots easy penetrate registration

They do what humans do. It's not easy on any forum software to create something that a human can do but an automated bot can't. There are some more effective ways than others and the built in Q&A works very well so far if you choose your question carefully.

GoldenMoney wrote:2. Post multiple threads and creating nightmare for admin to delete

The built in newly registered users group stops that.

GoldenMoney wrote:3. Registering in bulk, creating nightmare for admin to select them in bulk and delete

Prune users does that.

GoldenMoney wrote:Is there a real solution to the issue. I am tired of receiving 40 e-mail from bot registration every day.

What's the address of the board? Maybe we can tell you why it's easy to register on it.
User avatar
Kevin Clark
Support Team Member
Support Team Member
 
Posts: 59471
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK

Re: phpBB 3.0.8 Spambots getting past Re-Capture registratio

Postby GoldenMoney » Tue Apr 12, 2011 4:05 pm

address of the board is www.goldenmoney.ca/forum/

Pruning users:

1. When I go to "Prune Users" it asks me to enter their names, rather giving me the list of all registered users I can choose from or registration dates for that matter.
2. If I click link "Find a member", it opens new window where I can select member, but there is no "delete" button. What is the point of selecting them? Taking another look into it, I understand, you have to press "select marked" for them to be entered into into the big box and then prune. Thank you!
3. GoldenMoney wrote: Post multiple threads and creating nightmare for admin to delete
The built in newly registered users group stops that.

If you referring to "do not allow newly registered users to post" for several hours or days, what is the point of the forum. I still do not see how you can simply mark and select message for deletion.

In any case "deletion" is secondary issue and the consequence of "spambot" registration. If we can stop mass registration, we breath easy. If you do not mind checking our website. Suggestions would be really appreciated.

Serge
GoldenMoney
Registered User
 
Posts: 3
Joined: Tue Apr 12, 2011 1:35 pm

Re: phpBB 3.0.8 Spambots getting past Re-Capture registratio

Postby stevemaury » Tue Apr 12, 2011 4:14 pm

You need a better question. Try:

Q:

Type the first five letters of "goldenmoney" in the box to the right.

A:

golde or GOLDE or Golde
For REALLY good and VERY inexpensive hosting CLICK HERE

http://www.stevesstocks.com

All unsolicited PMs will be ignored.
User avatar
stevemaury
Support Team Member
Support Team Member
 
Posts: 44099
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve

Re: phpBB 3.0.8 Spambots getting past Re-Capture registratio

Postby Kevin Clark » Tue Apr 12, 2011 4:33 pm

Yep your Q&A question is no good. Steve's options above will be much more effective.

GoldenMoney wrote:Taking another look into it, I understand, you have to press "select marked" for them to be entered into into the big box and then prune. Thank you!

Correct. You tick all the accounts you want to remove, click select marked, then you'll be taken back to the prune page and they will all be in the box of accounts to remove. Tick the option to also remove their posts and hit submit.

GoldenMoney wrote:If you referring to "do not allow newly registered users to post" for several hours or days, what is the point of the forum. I still do not see how you can simply mark and select message for deletion.

The newly registered users group allows you to set X number of posts to go into the moderation queue.

User registration settings
new member post limit

If you set that to 1, the first post of every new user will be queued. Once you approve it, they will be able to post freely. We use it here. You don't see any spam posts here. Spammers nearly always give themselves away in the first post.
User avatar
Kevin Clark
Support Team Member
Support Team Member
 
Posts: 59471
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK

Re: phpBB 3.0.8 Spambots getting past Re-Capture registratio

Postby newforester » Tue May 03, 2011 2:10 pm

Up until recently I had 30 - 40 spambots a day bombarding my site. I installed captcha (no good), Textual Confirmation (no good) and Administrator only registration which meant I got the emails . However, I realised that the spambots were ignoring the front screen entirely and just submitting a long registration string directly to the main php program. Of course, the filename is available and will receive the info directly!! So, someone, I forget where, came up with a very ingenious one line of code fix. In my list of fields to be passed to the registration program is one for Timezone. The top or first one on the list is GMT-12 which is actually a totally uninhabited region. The other timezones are selected from a drop-down box. It appears that the spambots only select the top entry in a dropdown box so in this case, they will send the Timezone as GMT-12 in the registration string. All you have to do in the main .php registration program is to add a line to check for the Timezone being GMT-12 and if so, exit the process. Since I installed the single line, about 2 months ago, I haven't had a single spambot registration and everyone else can register normally. All Kudos to the person who figured this one out, I forgot where I read it but it does work, for now! :)
newforester
Registered User
 
Posts: 1
Joined: Tue May 03, 2011 2:00 pm

Re: phpBB 3.0.8 Spambots getting past Re-Capture registratio

Postby tonzodehoo » Sun Jan 22, 2012 7:52 pm

newforester wrote:All you have to do in the main .php registration program is to add a line to check for the Timezone being GMT-12 and if so, exit the process. Since I installed the single line, about 2 months ago, I haven't had a single spambot registration and everyone else can register normally. All Kudos to the person who figured this one out, I forgot where I read it but it does work, for now! :)


This sounds promising. Where do I add the timezone? What file? I'll give it a go and see how this works.
Fingers crossed.
User avatar
tonzodehoo
Registered User
 
Posts: 93
Joined: Tue Feb 13, 2007 9:21 pm

Re: phpBB 3.0.8 Spambots getting past Re-Capture registratio

Postby Kevin Clark » Sun Jan 22, 2012 7:59 pm

tonzodehoo wrote:
This sounds promising. Where do I add the timezone? What file? I'll give it a go and see how this works.
Fingers crossed.

See the sticky topic at the top of this forum.
User avatar
Kevin Clark
Support Team Member
Support Team Member
 
Posts: 59471
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK

Re: phpBB 3.0.8 Spambots getting past Re-Capture registratio

Postby tonzodehoo » Sun Jan 22, 2012 8:06 pm

Thanks kevin. NOt sure if I'm having a daft moment but I' can't quite see the sticky topic you mention?
User avatar
tonzodehoo
Registered User
 
Posts: 93
Joined: Tue Feb 13, 2007 9:21 pm

Next

Return to 3.0.x Support Forum

Who is online

Users browsing this forum: No registered users and 52 guests