Page 1 of 60

[Discuss] Preventing Spam in phpBB3

Posted: Mon Feb 28, 2011 1:10 am
by Phil
Please use this topic to discuss the information located in the spam prevention sticky.

Re: [Discuss] Preventing Spam in phpBB3

Posted: Mon Feb 28, 2011 3:32 am
by John T. Folden
I've had amazingly good results using only the Q&A captcha along with the phpbb Spam Hammer (previously Disable Links) MOD currently in development. Near as I can tell, 99.9% of spambot activity has ceased and a great majority of "human" spammers have been deterred to the point of not posting at all, as well. ...and this is with Guest posting turned on, too!

Re: [Discuss] Preventing Spam in phpBB3

Posted: Mon Feb 28, 2011 7:41 am
by Akea
I recently starting using the Q&A captcha on a board that was overrun with bots. I haven't seen a single bot registration since.

Re: [Discuss] Preventing Spam in phpBB3

Posted: Mon Feb 28, 2011 9:02 am
by jakecat
I agree. Q&A has stopped dead all spam registrations. We were getting 200 to 300 a day.

It should be noted however that the style you use must be compatible with the board s/w rev or the Q&A may not appear during the registration process. I have had to revert to vanilla Prosilver to get Q&A going.

Re: [Discuss] Preventing Spam in phpBB3

Posted: Mon Feb 28, 2011 5:45 pm
by matt74
Hi,
I have been reading that the Q&A CAPTCHA is the best option to go for but I'm having trouble working out how to make the best questions to use.

Is something like this good?
A red car drives past a house. What colour was the car?
A red car drives past a house. What did the car drive past?
I'm thinking that with questions like that you can get a few questions from it so even if the bot sees the question again, it might not be the same answer that they are looking for.

Are these the best type of questions to use?

Thanks

Re: [Discuss] Preventing Spam in phpBB3

Posted: Mon Feb 28, 2011 7:25 pm
by stevemaury
Second is better than first. But in my opinion the best is:

Q: Type 6gh%x@1q in the box
A: 6gh%x@1q

Re: [Discuss] Preventing Spam in phpBB3

Posted: Mon Feb 28, 2011 8:47 pm
by matt74
Thanks Steve.

Are the answers I provide for the system to accept case sensitive? So if I use a mix of upper and lowercase letters and ask the users to type this into the box, is 6gQMm53 different from 6gqmm53 or will both be accepted?

Does including symbols like @ £ % etc make what I ask the user to type stronger against bots than just letters and numbers?

Is there a way to track which questions a bot has managed to defeat?

Re: [Discuss] Preventing Spam in phpBB3

Posted: Mon Feb 28, 2011 8:53 pm
by pennycsf
matt74 wrote:Hi,
I have been reading that the Q&A CAPTCHA is the best option to go for but I'm having trouble working out how to make the best questions to use.

Is something like this good?
A red car drives past a house. What colour was the car?
A red car drives past a house. What did the car drive past?
I'm thinking that with questions like that you can get a few questions from it so even if the bot sees the question again, it might not be the same answer that they are looking for.

Are these the best type of questions to use?

Thanks
I don't know how good your sample questions are, but the type I use, which have a 100% success rate (so far; the bots can always get better) involve a "quality" rather than a definition. Example:- "Which item can move - HouseCarStreetRedColour?"

The answer is provided in the list part of the question, but items are not separated by space or comma.

As I said, it works so far, but my forum is small. Sooner or later the spambots may see enough of this type of question to work out the answers.

Incidentally, to stop human spammers I use a check against StopForumSpam. The full details of this are here:- http://csf-forum.org/viewtopic.php?p=650#p650

Good luck

Frank

Re: [Discuss] Preventing Spam in phpBB3

Posted: Mon Feb 28, 2011 9:51 pm
by rubyandi
i'm hoping someone can help me as i'm trying to set-up q&a captcha but it simply won't let me :evil:
anyone have any idea why?

Re: [Discuss] Preventing Spam in phpBB3

Posted: Mon Feb 28, 2011 10:16 pm
by matt74
Hi rubyandi,
When you say it won't let you, what is/isn't happening?

It should just be a case of ACP>>General Tab>>click Spambot Countermeasures (under Board Configuration)>>select Q&A from the dropdown box of Available Plugins>>then click the configure button to set the questions up.

Re: [Discuss] Preventing Spam in phpBB3

Posted: Mon Feb 28, 2011 10:32 pm
by rubyandi
i was trying to use the recaptcha but i didn't realise it was a grey area - not highlighted :oops:
anyway, what i've done now is... new registrations have to simply write in a word that i have instructed BUT i just tried to register as a test and i haven't received an activation email and i haven't become a member either!
i get loads of spammers, that's why i initially setup the activation email thingy, it's getting very frustrating.

Re: [Discuss] Preventing Spam in phpBB3

Posted: Tue Mar 01, 2011 2:44 am
by ChrisRich
John T. Folden wrote:I've had amazingly good results using only the Q&A captcha along with the phpbb Spam Hammer (previously Disable Links) MOD currently in development. Near as I can tell, 99.9% of spambot activity has ceased and a great majority of "human" spammers have been deterred to the point of not posting at all, as well. ...and this is with Guest posting turned on, too!
If this does what you're implying then you just made my day. The forums I'm working on : http://www.faqsaboutfax.com/forums/ are totally run-over by spam and we're thinking of just re-doing the whole site, but in the mean time I've been delighting myself by using filters to adjust spam words to ruin all the spammer hard work..

All I want is a way to change blocks of text without giving carte blanch access to the database.. ;)

Re: [Discuss] Preventing Spam in phpBB3

Posted: Tue Mar 01, 2011 5:22 am
by John T. Folden
ChrisRich wrote: If this does what you're implying then you just made my day. The forums I'm working on : http://www.faqsaboutfax.com/forums/ are totally run-over by spam and we're thinking of just re-doing the whole site, but in the mean time I've been delighting myself by using filters to adjust spam words to ruin all the spammer hard work..

All I want is a way to change blocks of text without giving carte blanch access to the database.. ;)
Well, Spam Hammer should prevent them from posting their spam entirely by denying posts from new users/guest that contain links and, optionally, a foreign language (such as Cyrillic or Mandarin). It will, also, deny links in signatures until a new user has reached a particular quota of posts... works good, imo, and is mostly transparent to legitimate forum members.

Re: [Discuss] Preventing Spam in phpBB3

Posted: Tue Mar 01, 2011 10:07 pm
by Martin Truckenbrodt
Hello,
the sticky post is ignoring very usefull and powerfull features and MODs and is defaming the time spent by MOD authors and the MOD validation team.
This sticky post is not a complete whitepaper. IMO this should be the aim for a post like this.

E.g. I'm missing:
  • DNSBL check - still the only solution this is catching spambots and human spammers very successfully
  • some general words about user registration and user activation
  • User Activation - to get the spammers which are not using real email addresses
  • Double Activation - to bring the benefits of User Activation and Admin Activation together
  • some general words about blocking and banning
  • some words about guest posting
  • some words about pruning a spammed user database.
  • the StopForumSpam and ATLBL using MODs
Although the UTC-12 check could be done in a better way. Maybe there are some very rare people living in the UTC-12 timezone. ;) Sorry, but for me it's quite funny that the phpBB community is remembering to this feature just then most of the Visual CAPTCHAs have been broken last time.

Sorry, but for me it has a bad taste.

I'm waiting for spammers which are using Q&A databases to hack or to crack the Q&A CAPTCHAs.

Bye Martin

Re: [Discuss] Preventing Spam in phpBB3

Posted: Wed Mar 02, 2011 12:07 am
by Pony99CA
Martin Truckenbrodt wrote:Although the UTC-12 check could be done in a better way. Maybe there are some very rare people living in the UTC-12 timezone. ;)
My understanding is that there are no inhabited locations in the UTC-12 time zone.

Steve