Page 59 of 60

Re: [Discuss] Preventing Spam in phpBB3

Posted: Tue May 24, 2016 12:22 pm
by KevC
Fixed

Re: [Discuss] Preventing Spam in phpBB3

Posted: Sat Jul 16, 2016 12:20 am
by k3lt01
Some time ago I installed phpBB 3.1 and have taught myself my way around the admin and mod sections. The forum is already publicly visible but required admin approval to join. I did this to find patterns in spam and I have noticed many are from IP addresses or email addresses originating in China and Russia. Because my forum is intended to be specifically for the South Pacific region I wonder is there a way I can just block particular regions/countries from trying to join, or even better just allow uses from certain regions/countries to join?

Re: [Discuss] Preventing Spam in phpBB3

Posted: Sat Jul 16, 2016 12:38 am
by Lumpy Burgertushie
possible, but , spammers do not always use the same IP or even those from certain countries.

the best thing to do is simply setup the Q&A with a good non-searchable question/answer that only humans could answer and that will stop all the spam bots in their tracks.


robert

Re: [Discuss] Preventing Spam in phpBB3

Posted: Sun Aug 07, 2016 11:10 pm
by durangod
did not find anything for reCaptcha in the extensions that was downloadable, the one i found was empty. But has anyone used this and can recommend or not recommend it..

https://github.com/secondsparrow/phpbb-3.1-recaptcha

im just weary about putting github files on my site that i know nothing about.

thanks

Re: [Discuss] Preventing Spam in phpBB3

Posted: Mon Aug 08, 2016 9:28 am
by Mick
durangod wrote:has anyone used this and can recommend or not recommend it
Have you contacted the author? As it's third party code that's where you should go in the first place.

Re: [Discuss] Preventing Spam in phpBB3

Posted: Mon Aug 08, 2016 9:53 am
by david63
Just a point of interest - reCaptcha ships with phpBB 3.2

Re: [Discuss] Preventing Spam in phpBB3

Posted: Mon Aug 08, 2016 12:16 pm
by durangod
Thanks david great info :0 )

Re: [Discuss] Preventing Spam in phpBB3

Posted: Wed Oct 26, 2016 8:14 pm
by pjdm
stevemaury wrote:It is senseless and unnecessary to have more than one Q&A question. If a question gets cracked, you will not know which one, so you will have to change all of them. One good question is all that is needed.
Just following up now that I'm preparing to move from 3.0.14 to 3.1.x

My [4-6] questions so far have prevented spammers from joining my site over the last 4 years. Similar sites to mine are littered with comments about spammers and who to trust etc. I found that a series of steps to actively monitor the registrations, asking for unique fields, CAPTCHA questions and checking IP and a few other things has caught all of them so far. I'm going to try and automate some of this now that I have a good procedure that seems to work. Obviously, boards with hundreds of registrations daily can't do this but I get 3-5 and I have 1700 members and so far this has worked. Prior to this implementation I would get dozens of illegitimate registrations daily.

When I notice someone has registered but not been approved and is a spammer (it is obvious) I go back and change my questions. It is not hard in a specific field like mine to develop questions that will survive attack for a few months.

Re: [Discuss] Preventing Spam in phpBB3

Posted: Wed Oct 26, 2016 10:37 pm
by stevemaury
A link to your board, please?

Re: [Discuss] Preventing Spam in phpBB3

Posted: Wed Oct 26, 2016 10:59 pm
by pjdm
LancairTalk.net

Re: [Discuss] Preventing Spam in phpBB3

Posted: Thu Oct 27, 2016 5:59 am
by skybound
Using the simple Captcha together with the StopForumSpam mod does the trick for us. Get the odd one getting by, but are in the region of 1 every two to three months. According to the logs, around 20 registrations prevented per day by StopForumSpam on our board.

Re: [Discuss] Preventing Spam in phpBB3

Posted: Thu Oct 27, 2016 8:25 am
by Mick
I suggest that your Q&A is too simple. Asking for one letter in the site name which happens to be the first letter of the alphabet would be easy to get past for a bot.

Re: [Discuss] Preventing Spam in phpBB3

Posted: Thu Oct 27, 2016 1:43 pm
by stevemaury
Also, I googled the answer to "ADS-7_". Also the answer to "National Transportation Safety __". Again, the problem is that when you get a bot registration, you do not know which question was broken so you have to change them all. Plus, if a bot has problems with one question, it can refresh the page until it gets one it can answer (which seems to be most of them).

ONE GOOD question is all you need.

Re: [Discuss] Preventing Spam in phpBB3

Posted: Thu Oct 27, 2016 2:31 pm
by pjdm
respectfully, I disagree. My results are telling. If you incorporate some of the suggestions by AmigoJack above then bots cannot hammer away indefinitely until they find an answer--they get blocked after [x] attempts. Having more than one question allows my junior members a way to register if they don't know the answer to the first or second question. I want a reasonable test so that all legitimate members can register and it gets a few bots who try but fail on the second and third tests I provide.

For example, some european members might not be as familiar with the questions that north americans would be so I give them a few opportunities. Lastly, bots fill profile fields in a specific manner (at least for me they do) and I can filter those out if they get past the Q&A. Plus, I require a confirming email which bots never do. I filter those out. And, bots have to provide a legit email address which they almost never do. It works well so far.

The singular Q&A might be valid for your purpose of blocking bots but my multiple Q&A allows legit members to get through and that is more important to me. I can handle the bots on my next filtering steps (so far).

[edit: and I really do appreciate the time you take to reply and discuss this issue and others.]

Re: [Discuss] Preventing Spam in phpBB3

Posted: Thu Oct 27, 2016 3:36 pm
by Lumpy Burgertushie
It is very good that you have a method that works for you. however, using the Q&A with a good non searchable question has and is working very well for many many thousands of phpbb users out in the world.
the whole point is to find a question that any human can answer but no bot can find the answer for.
usually it seems to work best if the question is something about the website like what is the person in the logo holding etc. you give multiple possible answers in case of misspelling or language things etc. but only the one question.

you can't have yes/no, what color is?, math questions etc. all of those types are either easy to find in google or to guess etc.


robert