[Discuss] Preventing Spam in phpBB3

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Scam Warning
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
Locked
User avatar
TheSnake
Registered User
Posts: 483
Joined: Wed Aug 09, 2006 10:36 pm
Location: Staffordshire, England, UK
Contact:

Re: [Discuss] Preventing Spam in phpBB3

Post by TheSnake »

InfoSecSual69 wrote:...
Pit$Bull wrote:Have you considered these may be human spammers and not bots.
What do you mean?
spammers are always human
Or, I missed notification of the world's conquer by machines

They might use or not bots (scripts) to automatize posting.

Anything that can't be accomplished by scripts can be done by bot operator,
if they are interested, for example:
  • to register manually and continue massively posting by bots
    (and you cannot detect it in any way if the spammers are not too stupid)
  • putting human answers to scraped questions into bot's database then continuing to use bots for registering
    (the same for patterns of music or paintings)
  • etc.
...
Actually, you have it slightly wrong, Spammers & Bots are theoretically the same thing. What Pit$Bull was saying is the difference between "Human" & Automated. In this context, a Bot is a script that SPAMS websites, a Human Spammer SPAMS websites, the same thing, the only difference is how the SPAM is actually performed, Human Spammer vs BOT Spammer.

Pony99CA
Registered User
Posts: 4783
Joined: Thu Sep 30, 2004 3:13 pm
Location: Hollister, CA
Name: Steve
Contact:

Re: [Discuss] Preventing Spam in phpBB3

Post by Pony99CA »

TheSnake wrote:Actually, you have it slightly wrong, Spammers & Bots are theoretically the same thing. What Pit$Bull was saying is the difference between "Human" & Automated. In this context, a Bot is a script that SPAMS websites, a Human Spammer SPAMS websites, the same thing, the only difference is how the SPAM is actually performed, Human Spammer vs BOT Spammer.
As I pointed out previously, there are hybrids where the human registers (or at least solves the CAPTCHA) and the bot does the spamming. In that case, how the spam is posted is not the difference.

In fact, with User Activation, spamming is a three-part process anyway -- the registration, the activation and the posting.

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

User avatar
InfoSecSual69
Registered User
Posts: 31
Joined: Sun May 29, 2011 12:11 pm
Location: Novosibirsk, Russia
Name: Gennady FUBARed
Contact:

Re: [Discuss] Preventing Spam in phpBB3

Post by InfoSecSual69 »

TheSnake wrote:Actually, you have it slightly wrong, Spammers & Bots are theoretically the same thing. What Pit$Bull was saying is the difference between "Human" & Automated. In this context, a Bot is a script that SPAMS websites, a Human Spammer SPAMS websites, the same thing, the only difference is how the SPAM is actually performed, Human Spammer vs BOT Spammer.
Spammers and Bots are not the same either theoretically or practically.

Using the bots is not synonym of spamming
All my tweets are automatically re-published to my Facebook account. It is the in-built into twitter functionality.
As well as they can be (and sometimes are being) also re-published to my (and others) blogs and to statuses (microblogs) of, for example, of my accounts in forums based on IPB

Does not bot send you notifications about replies to your forum posts?

Aren't all internet based on bots and automated scripts?

The SPAM is not determined in any way by how it is being performed.
Posting by bots (scripts) is not spamming
Spamming always involves humans. The frequently mused notion of spam by pure machines is anti-productive nonsense leading to crazy solutions and discussions

IMO, SPAM is being defined as unwarranted (unasked) communication uncontrollable by its recipient
(which he cannot unsubscribe, close, ignore, etc.)

The problem is that it is senseless to fight spam when you cannot even define it.

And this situation confusion is beneficial only to spammers and criminals
Last edited by InfoSecSual69 on Sat Jan 21, 2012 3:17 pm, edited 1 time in total.

User avatar
Martin Truckenbrodt
Registered User
Posts: 3045
Joined: Sun Mar 23, 2003 6:22 pm
Location: Franconia
Name: Martin Truckenbrodt
Contact:

Re: [Discuss] Preventing Spam in phpBB3

Post by Martin Truckenbrodt »

Hello,
BTW: IMO the phpbb.com anti-spam discussion is a bad story. It's been fighted like a wholy war and discussed in a too much theoretically and too much unfriendly way with too less tolerance in others opinions and experiences.

What's the recent situation?
Q&A is the officially 1st solution to fight spam. One good working feature (CAPTCHA - till the plug-ins have been broken), one feature to prevent some spam account registrations (UTC-12) and one feature to manage newly regsitered user accounts manually by administrators (Newly Registered Users Group) also are recommended.
But spammers strategy seems to be changing and Q&A's efficiency in preventing spambots and human spammers is decreasing and also generally related to the Q and the A and the native language of human spammers.
Some people still are trying to get it with banning as fall back solution.

Spammers can not be identified by their behaviour?
Perhaps not all, but it's possible - one example: http://bad-behavior.ioerror.us/
Another example: http://www.phpbb.com/customise/db/mod/j ... _anti_bot/

But most of spammers - spambots and human spammers - are well known! ...

Bye Martin
Free tutorial: Installing MODs in phpBB 3.0
Advanced Block MOD - Prevent spam on your phpBB 3.0 board with Stop Forum Spam, BotScout, Akismet, Project Honey Pot and several IP-RBL and Domain-RBL DNS blacklists!
My MODs
Use the official phpBB Ideas to vote missing core features!!!

User avatar
L33t_Of_Lag
Registered User
Posts: 143
Joined: Sun Nov 08, 2009 3:12 am
Location: Australia

Re: [Discuss] Preventing Spam in phpBB3

Post by L33t_Of_Lag »

Hey guys. Although Q&A is a good way to prevent spam, i found this abandoned thing called [ABD] SFS Anti-Spam Registration. It auto check all registrations against the sfs database. If something is identified (email,username,ip) it will not allow them to register.

I installed this on my board today, and have also check it works on all 3.0.4 and above. It works perfectly with no issues. I personally have removed the username check, as i dont think it is needed. The only drawback to this is, no acp at all, just code to add to existing files. And everytime it blocks a registration, it logs to the admin log. But other than that, works like a charm, and NOT ONE spam account since.

Link is here, happy hunting. http://www.phpbb.com/community/viewtopi ... &t=1352315

User avatar
Mick
Support Team Member
Support Team Member
Posts: 22053
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket.

Re: [Discuss] Preventing Spam in phpBB3

Post by Mick »

L33t_Of_Lag wrote:[ABD] SFS Anti-Spam Registration.
Please note, you should NOT be installing MODs marked as abandoned or suggesting that people should use such MODs, especially ones from 2008. If you do and you have problems you will be on your own.
"The more connected we get the more alone we become" - Kyle Broflovski

Please read: “Am I In The Right Place?” before posting.

User avatar
Martin Truckenbrodt
Registered User
Posts: 3045
Joined: Sun Mar 23, 2003 6:22 pm
Location: Franconia
Name: Martin Truckenbrodt
Contact:

Re: [Discuss] Preventing Spam in phpBB3

Post by Martin Truckenbrodt »

Hello L33t_Of_Lag,
yes, SFS is a good database in my experience, too. But it is not catching all spammers. (I'm not using Q&A.) This is caused by some SFS restrictions:
  1. They don't allow automatically reporting. - So it needs some time till new spammers are reported.
  2. ip, username and emil address are required to report new spammers. - This is good to reduce the number of false postives. But so it can not been used for all applications - e.g. phpBB doesn't require an email address for guest postings (by default).
BTW: I've heard that another MOD with full SFS support will be released next time. It will also have included a feature to report spam to SFS database, too.

Bye Martin
Free tutorial: Installing MODs in phpBB 3.0
Advanced Block MOD - Prevent spam on your phpBB 3.0 board with Stop Forum Spam, BotScout, Akismet, Project Honey Pot and several IP-RBL and Domain-RBL DNS blacklists!
My MODs
Use the official phpBB Ideas to vote missing core features!!!

User avatar
L33t_Of_Lag
Registered User
Posts: 143
Joined: Sun Nov 08, 2009 3:12 am
Location: Australia

Re: [Discuss] Preventing Spam in phpBB3

Post by L33t_Of_Lag »

Oh that sounds good. And as for the ABD mod, sorry, but i thouroughly checked it out before posting it here.

Anywho, yes i know SFS doesn't catch all spammers, one or two may slip through, that's why i am still using admin activation. Yet to get another spam account though :( i miss them :P

User avatar
InfoSecSual69
Registered User
Posts: 31
Joined: Sun May 29, 2011 12:11 pm
Location: Novosibirsk, Russia
Name: Gennady FUBARed
Contact:

Re: [Discuss] Preventing Spam in phpBB3

Post by InfoSecSual69 »

Volksdevil wrote:Cheers Robert, it was all just a quick/random idea I had. And we have just had 3 attempted registrations from .CN IP's which were...
You will block only legit users by IP address blocking not spammers.
Spammers use compromized computers of unaware victimes and which are being changed
Volksdevil wrote:which were... previously getting in and posting links everywhere
If they aim to spam for promoting inserted links, then neither posts nor links are duplicated on the same forum nor under gibberish and/or bad English texts

If you see this, then it is done for the purposes of:
  • compromising, anti-promoting the sites (URLs) of competitors
  • or vandalism-hooliganism-provocation
  • to put into blacklists of search engines unfavorable or negative feedback on promoted resources, products
    I know a captcha, antispam providers doing it on resources that uninstalled its antispam protection or wrote negative feedback.
  • etc.


One simply cannot detect professional spam with the use of preofessional spambots and most frequently ppl start participating (discussing, replying) in such spam-posts

User avatar
InfoSecSual69
Registered User
Posts: 31
Joined: Sun May 29, 2011 12:11 pm
Location: Novosibirsk, Russia
Name: Gennady FUBARed
Contact:

Re: [Discuss] Preventing Spam in phpBB3

Post by InfoSecSual69 »

Martin Truckenbrodt wrote:Hello,
BTW: IMO the phpbb.com anti-spam discussion is a bad story. It's been fighted like a wholy war and discussed in a too much theoretically and too much unfriendly way with too less tolerance in others opinions and experiences
I disagree.

By fighting spam and spammers without understanding the basic and simplest notions of what and how are going on, webmasters (resource owners) shoot themselves and their users instead of spammers into their feet

User avatar
Martin Truckenbrodt
Registered User
Posts: 3045
Joined: Sun Mar 23, 2003 6:22 pm
Location: Franconia
Name: Martin Truckenbrodt
Contact:

Re: [Discuss] Preventing Spam in phpBB3

Post by Martin Truckenbrodt »

Hello Gennady,
I think it's absolutely not important to know the whole technical and theoretical background. I think it's okay just to know how to prevent spam or at least how to manage spam.

What's the definition of forum spam?
Spam guest posts, spam user accounts and spam posts posted by spam user accounts. That's what I'm seeing. And that's what I want to prevent. For me this means that's what I want to block. In this point I don't need more background.

What's a forum spammer?
I think the answer is very simple, too:
  1. spambot - That's a machine running a special ecommerce software like XRumer. A human is managing, configureing and starting the campaigns. For more details look at the XRumer features.
    Or it's a infected machine doing this job e.g. as member of a botnet. Bot I don't know whether forum spam is really done by this way.
  2. human spammer - In phpbb.com language this means that a person is sitting on a machine and is filling out CAPTCHAs, registration forms, guestbooks, blogs and similar things manually. Perhaps this prodecure is started like a campaign, too. I don't know.
In some details I'm not absolutely sure. But for it doesn't matter what's really acting. I see and I know what I want to fight. That's enough for me.

Bye Martin
Last edited by Noxwizard on Mon Jan 23, 2012 6:01 am, edited 1 time in total.
Reason: Removed link
Free tutorial: Installing MODs in phpBB 3.0
Advanced Block MOD - Prevent spam on your phpBB 3.0 board with Stop Forum Spam, BotScout, Akismet, Project Honey Pot and several IP-RBL and Domain-RBL DNS blacklists!
My MODs
Use the official phpBB Ideas to vote missing core features!!!

User avatar
jsebean
Registered User
Posts: 378
Joined: Sat Dec 12, 2009 3:20 pm
Location: Atlantic Canada
Name: Jonah
Contact:

Re: [Discuss] Preventing Spam in phpBB3

Post by jsebean »

Martin Truckenbrodt wrote: BTW: IMO it makes no sense to use blacklists/databases like SFS to check for email addresses or usernames. I'm quite sure that this causes a lot of false positives. Just check for ip addresses and you will be happy. The combination of ip address, email address and username will show you always the same spammer. So you can look just for the ip address, too. (At the WWW) IP addresses can not been faked like email addresses and usernames can been faked.
Bye Martin
Hey Martin,
I think it would be bad to use SFS to check usernames, but I am not sure i fully agree with you on the email addresses part. If you make a script to query SFS for blacklisted email address, and set it to block if it's been reported say, 3 times. then I think you got a very low chance of having a false positive.

Checking IPs, I have done that in the past using your mod and also a code modification I made to AntiSpam ACP to query stopforumspam.com and I do get false positives with it. If I set the "weight" too high then the mods are simply useless, if set too low, people who use dialup for example and the IP is dynamic, or satellite internet, get lots of issues registering and frustrates them.

Between this captcha plugin and checking SFS against emails reported more than once, it is a great combination, i get no complaints, and you rarely get spammers at all.
-Jonah
-Jonah
:lol:

User avatar
Martin Truckenbrodt
Registered User
Posts: 3045
Joined: Sun Mar 23, 2003 6:22 pm
Location: Franconia
Name: Martin Truckenbrodt
Contact:

Re: [Discuss] Preventing Spam in phpBB3

Post by Martin Truckenbrodt »

Hello Jonah,
I'm always interested in feedback. But feedback is only usefull and helpfull then it comes promptly.
The MOD/discussion forum is the right place for detailed feedback and feature requests and discussion.
Bye Martin
Free tutorial: Installing MODs in phpBB 3.0
Advanced Block MOD - Prevent spam on your phpBB 3.0 board with Stop Forum Spam, BotScout, Akismet, Project Honey Pot and several IP-RBL and Domain-RBL DNS blacklists!
My MODs
Use the official phpBB Ideas to vote missing core features!!!

User avatar
jsebean
Registered User
Posts: 378
Joined: Sat Dec 12, 2009 3:20 pm
Location: Atlantic Canada
Name: Jonah
Contact:

Re: [Discuss] Preventing Spam in phpBB3

Post by jsebean »

Martin Truckenbrodt wrote:Hello Jonah,
I'm always interested in feedback. But feedback is only usefull and helpfull then it comes promptly.
The MOD/discussion forum is the right place for detailed feedback and feature requests and discussion.
Bye Martin
Regarding the weight I got it backwards if referring to your mod in the above post but I think I made my point? I was basically talking about IP blacklisting check against in general, which is also what your mod does, no, checking against a number of DNS blacklists?

PS I replied to your PM.
-Jonah
:lol:

User avatar
Martin Truckenbrodt
Registered User
Posts: 3045
Joined: Sun Mar 23, 2003 6:22 pm
Location: Franconia
Name: Martin Truckenbrodt
Contact:

Re: [Discuss] Preventing Spam in phpBB3

Post by Martin Truckenbrodt »

Hello Jonah,
yes, you are right.
I've had some bad experiences in general discussions about DNS Blacklists here. And I don't want to be too much off-topic here. So please let us discuss per PM or at the MOD support/discussion forum.
Bye Martin
Free tutorial: Installing MODs in phpBB 3.0
Advanced Block MOD - Prevent spam on your phpBB 3.0 board with Stop Forum Spam, BotScout, Akismet, Project Honey Pot and several IP-RBL and Domain-RBL DNS blacklists!
My MODs
Use the official phpBB Ideas to vote missing core features!!!

Locked

Return to “[3.0.x] Support Forum”