[Discuss] Preventing Spam in phpBB3

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Anti-Spam Guide
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
Pony99CA
Registered User
Posts: 4783
Joined: Thu Sep 30, 2004 3:13 pm
Location: Hollister, CA
Name: Steve

Re: [Discuss] Preventing Spam in phpBB3

Post by Pony99CA »

lucilledesign wrote:And as to having a question with three possible answers, the major problem with that
is that all the bot need to do is to try 3 times, and they are in.
As I posted in response to a similar comment, they also have to be able to parse the question first to understand that those are the only options. In my experience, bots aren't that smart yet (otherwise I'd have gotten spam long ago). And I still haven't gotten any spam since changing my question from one similar to that to another similar to that but with different words.

Did you actually try the question before criticizing it?

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.
User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 52797
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve

Re: [Discuss] Preventing Spam in phpBB3

Post by stevemaury »

phpBB developers understand exactly how spambots work and exactly how ot stop them for the moment. But everyone seems set on banning this, that or the other thing.

One more time - good Q&A that may have to be changed periodically and approval of first post using the NRU group. Done. Honest.
I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)
User avatar
Oyabun1
Former Team Member
Posts: 23162
Joined: Sun May 17, 2009 1:05 pm
Location: Australia
Name: Bill

Re: [Discuss] Preventing Spam in phpBB3

Post by Oyabun1 »

Pony99CA wrote:they also have to be able to parse the question first to understand that those are the only options. In my experience, bots aren't that smart yet (otherwise I'd have gotten spam long ago)
There were numerous posts relating to the last major round of spam attacks that strongly suggested at least one spambot can now parse questions to a limited extent. Questions like "what are the first, middle, or last 3 characters in some random string" no longer seem to be effective.

Since many questions are no more than 10 words It wouldn't be too hard or wasteful for a spambot to try every word in a question as the answer, no real need to understand the question.
                      Support Request Template
3.0.x: Knowledge Base Styles Support MOD Requests
3.1.x: Knowledge BaseStyles SupportExtension Requests
User avatar
millipede
Registered User
Posts: 208
Joined: Mon Feb 25, 2008 5:13 am

Re: [Discuss] Preventing Spam in phpBB3

Post by millipede »

Please don't take this personally but I have to say this.
Some of you moderators, I don't know if you're over stressed or over worked or what, but you seem to take some things rather personally on here. Topics get locked SO quickly because there are other topics similar to it.
That other spam topic was more specifically about recent attacks. I'm not sure I agree it needed to be locked but, whatever I guess.
I do have something rather important to add though. When locking a topic, please don't simply say "hey, there's another topic like this somewhere, go find it". This is a HUGE board and finding just the right topic is NOT always very easy. I've seen two topics locked just today that were locked for that reason with NO link to where to go to find the help someone needed.
YOU are familiar with this board. You know where those helpful topics are. But some people can't find them so easily. Some people also don't know whether to start a new one or not.
I realize you're dealing with a LOT of people on there but, I feel a little tension in some of the replies from the moderators that I don't think is necessary.
Anyway... I again want to ask that you don't take even this response personally. I'm just sharing my concern. Searching for JUST the right help on here can be overwhelming to people that aren't on here every day, that don't know their way around as well. Some people need to give a little more grace or slack or whatever I think. Just my opinion.
Back on topic(just in case this reply doesn't get deleted)

About the q&a. I stated in the other topic that some people would get frustrated with any question if it is tricky enough to fool a bot... A moderator replied "you think so?" and proceeded to tell me to look at all the thousands of forums that have plenty of registrations and use the Q&A.
This of course proves nothing as you cannot see any data on anyone that might pass the site by because of a tricky question.
However, I didn't get to give my reply in the other topic because it got locked.
Yes. Yes, I do believe people will get frustrated. This is how the average internet user works. They want things simple. MOST(general term but mostly accurate) internet users are careless. I work on computers(just a little) cleaning up viruses and doing other repairs. People end up in a mess because the AntiVirus software that came with their new computer expired and they didn't do ANYTHING about it. Because people want things simple. People click on any thing they see on facebook, believe everything they read, etc. People want things simple. I do believe this to be VERY much true.
I have changed my question and the spam has stopped... for today. But, I HATE trying to come up with some new, clever thing to put on there. Anything difficult to fool a bot might be tricky for an actual human. A potential user isn't going to want to find their dictionary and find the second meaning to a word or some crazy thing like that. It HAS to be simple enough they can get it instantly. But just about anything that simple will be cracked.
I know that somewhere in your head you understand that frustration.
The response from a few mods is "hey, this Q&A is the best thing, you can do it, it's fine". Almost with a little attitude.
Mods, I am NOT complaining to you. You didn't create the Q&A, you aren't spamming my board(at least I hope not), you didn't write phpbb. You're a moderator. I'm not holing you responsible. I am simply frustrated with the situation. I hope you understand that much.
If Q&A is the best thing I can do right now, then that's what I'll work with. I'll deal with it. But... I, personally, get frustrated trying to do that JUST right. I personally know people that would simply walk away from registration if they could not figure out the answer within a second or two. I don't want to turn real people away in that way. This is the frustration I am working with. Not with phpbb or the moderators here. Just the situation.
heh... whenever I do ban email or IP addresses... "reason to show banned user" I put "Spam is bad for you..."
It's bad for me at least. :/ (I still have a couple hundred users to delete I think.)
Anyway... I hope you understand my frustration is with the spam and my own trying to make it work JUST right. I also hope you'll leave this whole long reply up. :)
no hard feelings...
User avatar
Edward572
Registered User
Posts: 192
Joined: Wed Aug 03, 2005 12:37 am
Location: Calgary, Alberta, Canada
Name: Edward

Re: [Discuss] Preventing Spam in phpBB3

Post by Edward572 »

Hello,

I try to backup at least once a week, so to get rid of the crap quickly I just restored db to last week. Lost some posts but quick, changed all my questions and answers after the restore and seems to be slowing to "0".

I have a few boards and most had 5-6 questions and they got through. But one of my boards had 12 or more questions and the board did not get hit, although I changed all question today just in case.

Good question?
What is the first 2, 3, or 4 characters and the last 2,3 or 4 of FgTr34235;()&$23Ee ?
And change it up 2, or 3 at beginning etc at the end, I use a VB2012 software to generate that random code for the question, I wrote it, it uses all characters available on a standard keyboard. Just makes it quick to get the question, and since one character is randomized at a time for say 20 characters, it very random

(PM) if anyone wants this software (rangen)

Cheers
Ed

PS: Currently writing vb2012 that randomly generates a question and the answer with regards to above post. Just need to copy the question and answer in to Q&A countermeasures, the software does the rest. So if there is a registration spam that happens, you just delete old question and randomize the new question. If you backup weekly or daily you can just restore db and delete old questions, add new ones, Bobs you Uncle!
See & Download from this thread first post
viewtopic.php?f=46&t=2213626
Cheers!

I was bored and sick of retyping questions, no worries free of virus and spyware, scan the ZIP if your worried...
Last edited by Edward572 on Wed Nov 27, 2013 1:40 am, edited 4 times in total.
Cheers All, Have A Good One
StormerSoft.Com
User avatar
Oyabun1
Former Team Member
Posts: 23162
Joined: Sun May 17, 2009 1:05 pm
Location: Australia
Name: Bill

Re: [Discuss] Preventing Spam in phpBB3

Post by Oyabun1 »

millipede wrote:Anyway... I hope you understand my frustration is with the spam and my own trying to make it work JUST right. I also hope you'll leave this whole long reply up.
If you had better spent the time you used to have a whinge to look at the topic that this topic is about, Preventing Spam in phpBB3, you would see there is a link to the Anti-Spam section of the Customisation Database that provides a range different of CAPTCHA plugins.

No one is forcing you to use the Q&A CAPTCHA, it is just that many people have found it highly effective.
                      Support Request Template
3.0.x: Knowledge Base Styles Support MOD Requests
3.1.x: Knowledge BaseStyles SupportExtension Requests
User avatar
millipede
Registered User
Posts: 208
Joined: Mon Feb 25, 2008 5:13 am

Re: [Discuss] Preventing Spam in phpBB3

Post by millipede »

thanks again for another moderator getting short with me. You people are misreading me... that is, if you read the whole thing I wrote.
User avatar
Mess
Registered User
Posts: 985
Joined: Wed Jul 01, 2009 6:37 am
Name: Kim

Re: [Discuss] Preventing Spam in phpBB3

Post by Mess »

millipede wrote:thanks again for another moderator getting short with me. You people are misreading me... that is, if you read the whole thing I wrote.
Sorry Millipede, but you're wall of text didn't have anything to answer. Try rereading what you wrote, you might have meant to put in a question, but you didn't, or I couldn't find it.
If you take out the mod baiting, you're frustrations, and random ramblings you're left with nothing.

I'm gonna guess that you need a good Q&A question for your site.
I would not feel safe with your current.
please type the word you see(use lowercase): 1903 S 45 M 72....
I'm no expert in spambots but I would avoid using trigger words like "lowercase/uppercase/numbers" ect in my question. A bot would only have to exclude or include lowercase letters to get in. 50% chance. Not only that, its also annoying as a human to guess.

I would ask something about your logo like: "What type of animal is on the forum logo". Its easy and fast to answer but very hard for a bot.

Good luck.
Last edited by Mess on Tue Nov 26, 2013 8:56 am, edited 1 time in total.
5hocK
Registered User
Posts: 3149
Joined: Wed Nov 23, 2011 7:00 pm
Location: UK

Re: [Discuss] Preventing Spam in phpBB3

Post by 5hocK »

....and the general consensus is one question is better than lots, so we all know which question was beaten? Is this the more accepted answer? It's the one I've gone with.
FWIW I reckon this topic should have it's own forum - there must be dozens of topics all in this one topic: Who is going to read the whole thing from start to finish?
Edit: Atleast people could discuss the various methods without topics getting locked and being referred to one sticky and one mile long topic.
User avatar
Mess
Registered User
Posts: 985
Joined: Wed Jul 01, 2009 6:37 am
Name: Kim

Re: [Discuss] Preventing Spam in phpBB3

Post by Mess »

5hocK wrote:....and the general consensus is one question is better than lots, so we all know which question was beaten? Is this the more accepted answer? It's the one I've gone with.
FWIW I reckon this topic should have it's own forum - there must be dozens of topics all in this one topic: Who is going to read the whole thing from start to finish?
Edit: Atleast people could discuss the various methods without topics getting locked and being referred to one sticky and one mile long topic.
Just read the single sticky at the top of this forum? No reason to make it harder than it is.

viewtopic.php?f=46&t=2122696

The only reason you are confused is because you a trying to read everything posts about the topic. I don't see how having a forum full of confusion is gonna help you.
The guide says make a question, not questions. ;)
User avatar
Oyabun1
Former Team Member
Posts: 23162
Joined: Sun May 17, 2009 1:05 pm
Location: Australia
Name: Bill

Re: [Discuss] Preventing Spam in phpBB3

Post by Oyabun1 »

5hocK wrote:....and the general consensus is one question is better than lots, so we all know which question was beaten?
Statistically and in terms of beating spam the more questions the better. However, on the practical side, since phpBB doesn't track which questions were answered correctly or incorrectly if you have multiple questions and one is beaten you have no way of knowing which one it was so you then need to change all the questions. Therefore, it is easier to have just one question.
5hocK wrote:Edit: Atleast people could discuss the various methods without topics getting locked and being referred to one sticky and one mile long topic.
What is wrong with referring people to a sticky that has the basic information in it and links to other sources? Not sure having 1000 topics largely saying the same things would be any easier than 1 long topic.
                      Support Request Template
3.0.x: Knowledge Base Styles Support MOD Requests
3.1.x: Knowledge BaseStyles SupportExtension Requests
5hocK
Registered User
Posts: 3149
Joined: Wed Nov 23, 2011 7:00 pm
Location: UK

Re: [Discuss] Preventing Spam in phpBB3

Post by 5hocK »

The sticky is fine, shouldn't have mentioned it. Discussing various methods all in one topic can lead to more topics as not everyone will read, find or search the whole topic; surely that's the idea of topics? - Could actually start a topic about whether a forum would be a good idea but it's not worth it, chances of it getting locked in a forum further down the board are high :mrgreen:
User avatar
Oyabun1
Former Team Member
Posts: 23162
Joined: Sun May 17, 2009 1:05 pm
Location: Australia
Name: Bill

Re: [Discuss] Preventing Spam in phpBB3

Post by Oyabun1 »

5hocK wrote:Could actually start a topic about whether a forum would be a good idea
Maybe in General Discussion. It would almost certainly be locked here because it is not a Support question.
                      Support Request Template
3.0.x: Knowledge Base Styles Support MOD Requests
3.1.x: Knowledge BaseStyles SupportExtension Requests
HMRS webmaster
Registered User
Posts: 29
Joined: Mon Aug 09, 2010 10:07 pm

Re: [Discuss] Preventing Spam in phpBB3

Post by HMRS webmaster »

Our board (for our Society members only) has also suffered a tremendous increase in spam registration attempts in the last few days - changes in the Q&A options or Captcha use have only managed to reduce the volume. The last attempt was to use a Q&A requiring three words from a specific place in our Newsletter which I thought would be very difficult for a spam bot to crack. I have wondered about two further options:
1. restrict registration to be by invitation from admin only (this has been asked before but I did not notice a reply)
2. require the user id to be in a structured format that would be announced in our Newsletter and tested by a regular expression as the spam bots seem to use near random name generation systems. (For example "family name in lower case"-"membership number"-"first name in capitals" .) I think this should be straightforward but I am not confident that I can find the right place in the right script to include the test.

I'd very much appreciate any help that any of you could give.
Regards,

Andrew Nummelin
HMRS Webmaster
http://www.hmrs.org.uk
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72667
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK

Re: [Discuss] Preventing Spam in phpBB3

Post by KevC »

HMRS webmaster wrote:The last attempt was to use a Q&A requiring three words from a specific place in our Newsletter which I thought would be very difficult for a spam bot to crack.
More likely is that a person has found out the answer and added it to their 'list'. You could just change the words in the result and it will be fine for another year or more.
HMRS webmaster wrote:1. restrict registration to be by invitation from admin only (this has been asked before but I did not notice a reply)
You can certainly set account activation to 'by admin' meaning you will get an email when someone registers, allowing you to check the IP first before activation. So anything from the usual suspects like China, Russia, Thailand, Vietnam etc can just be deleted.
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"

Return to “[3.0.x] Support Forum”