Why are we still moving the mountain to Mohammed ?

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Scam Warning
Philthy
Registered User
Posts: 210
Joined: Tue Dec 27, 2005 10:05 am
Location: Dawlish, Devon
Contact:

Why are we still moving the mountain to Mohammed ?

Post by Philthy » Sat Nov 20, 2010 9:45 pm

http://www.phrases.org.uk/meanings/if-t ... ammad.html

This isn't intended as a rant, nor as a way of plugging my unapproved mod.

For years, we have all been plagued by spammers, both bots and human. The battle to stay in front, is ongoing. This thread has some excellent advice and observations, but for me, misses the point:
http://www.phpbb.com/community/viewtopi ... &t=1861645
It discusses, in great length, how to prevent spammers registering, and how to to deal with them from there on. IMHO, the point is being missed.
Let us ask ourselves, "why does spam exist"?
Bringing it down to a basic level, it is simply a form of advertising, either by mentioning the goods/services they intend to promote, or much more commonly by posting a link to it. These links are also spidered by google et al, and may count towards a sites page ranking. In my experience, the latter is almost always the case, regardless of the post being made by human, or bot.
Let us ask ourselves the further question "what can I do to dissuade the spammers"?
Perhaps, one answer is to simply remove the ability to post the link they want/need?
Let them register, let them jump through hoops to sign up, and then simply deny them the ability to post those links. We can work on all the fancy captcha modules, and ip blocking mods, ask them what colour grass is, and still they will get through, especially humans.
Let them do all this, and allow them to copy and paste the text with the link into the text box, and then BAM ! Error message!
They will squirm, and try to work around the block, but in doing so, will still not get the link/s they cherish so much.
Isn't this easier ?
Surely, it can't be that difficult to get something like this very simple mod approved/updated, and give forum owners another option to try:
http://www.phpbb.com/community/viewtopi ... &t=2096637
My mod, and others like it, deny them those links.
So far, they have given up, and I don't really see things changing that.
Imagine how pissed off the spammer who has sat typing in all his false details, gone through verification, and evaded the various ingenious methods at blocking him is, when his post is denied because it contains www. .com or .net, or whatever?
Maybe I'm being simplistic, but I really do think we are looking at things the wrong way round?
Maybe it's time for Mohammed to go to the mountain?
Go on ! it's not as steep as it looks.....

User avatar
3Di
Former Team Member
Posts: 14381
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milan (IT) Frankfurt (DE)
Name: Marco
Contact:

Re: Why are we still moving the mountain to Mohammed ?

Post by 3Di » Sat Nov 20, 2010 10:31 pm

Bah.. it depends. I have a my own small and clever MODification (one line) that stopped everything since phpBB2. :)
Please PM me only to request paid works. Thx.
Want to compensate me for my interest? Donate
My development's activity º PhpStorm's proud user
Extensions, Scripts, MOD porting, Update/Upgrades
✒️ Black Friday 2019 @ The Studio ▪️◾️

User avatar
/a3
Registered User
Posts: 411
Joined: Sun Sep 19, 2010 9:08 am
Location: /dev/random

Re: Why are we still moving the mountain to Mohammed ?

Post by /a3 » Sun Nov 21, 2010 4:57 am

Philthy wrote:Let us ask ourselves, "why does spam exist"?
Because so many webmasters are lazy. :(
Philthy wrote:Perhaps, one answer is to simply remove the ability to post the link they want/need?
Let them register, let them jump through hoops to sign up, and then simply deny them the ability to post those links.
But how would you detect that they are a spammer in the first place? Blacklist particular keywords or domains? Something like Akismet? :)
$ git commit -m "YOLO"

Philthy
Registered User
Posts: 210
Joined: Tue Dec 27, 2005 10:05 am
Location: Dawlish, Devon
Contact:

Re: Why are we still moving the mountain to Mohammed ?

Post by Philthy » Sun Nov 21, 2010 10:23 am

/a3 wrote: But how would you detect that they are a spammer in the first place? Blacklist particular keywords or domains?
This is my point! Why bother? This plan of action will never end..
Let them mess about answering stupid questions about the colour of grass or recognising apples, then just deny them the ability to post a link.

Am I being too simplistic?
Go on ! it's not as steep as it looks.....

User avatar
Erik Frèrejean
Former Team Member
Posts: 9899
Joined: Tue Oct 09, 2007 9:09 am
Location: The Netherlands, 3.0.x Support Forum
Name: Erik Frèrejean
Contact:

Re: Why are we still moving the mountain to Mohammed ?

Post by Erik Frèrejean » Sun Nov 21, 2010 11:06 am

On one of my boards we post a lot of links to all kinds of different sites, how are you going to handle this? You're going to basically ban the ability to post links for all your users because "posting a link" isn't really a definitive way to recognize a spammer.
An other problem with this kind of spam prevention is that once it gets used a lot spammers will simply post stuff without back links, or broken back links and than you can also start from the beginning. Spammers really don't care whether the posts are blocked or not, otherwise some of my boards wouldn't be bombarded with spam as they all disappear in the MQ and are trashed without anyone looking at it.
Support Toolkit | Support Request Template | Knowledge Base | phpBB 3.0.x documentation
I don't give support via PM or IM! (all unsolicited pms will be trashed!)

Steamsheds
Registered User
Posts: 81
Joined: Sun Oct 17, 2010 2:18 pm

Re: Why are we still moving the mountain to Mohammed ?

Post by Steamsheds » Sun Nov 21, 2010 11:52 am

Surely by allowing them to register your user database is going to become enormous potentially crippling your board.
If you prune your users with 0 posts then you may well prune other genuine users.

User avatar
KevC
Support Team Member
Support Team Member
Posts: 69430
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Why are we still moving the mountain to Mohammed ?

Post by KevC » Sun Nov 21, 2010 12:19 pm

I would much rather stop them registering in the first place than let them in and then deal with them.

I find the built in options work extremely well and I only deal with about one human registration every 6 weeks or so. I can cope with that as they are identified within minutes and binned.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"

Pony99CA
Registered User
Posts: 4783
Joined: Thu Sep 30, 2004 3:13 pm
Location: Hollister, CA
Name: Steve
Contact:

Re: Why are we still moving the mountain to Mohammed ?

Post by Pony99CA » Mon Nov 22, 2010 4:05 am

Erik Frèrejean wrote:On one of my boards we post a lot of links to all kinds of different sites, how are you going to handle this? You're going to basically ban the ability to post links for all your users because "posting a link" isn't really a definitive way to recognize a spammer.
You make it a permission that becomes available after a certain number of posts. In phpBB, you could use the Newly Registered Users group if there was a Can post links permission. (Personally, I think that group is far too limited. I would rather see different user-defined groups that you automatically got promoted into with different numbers of posts; basically a setting when creating a group that lists the number of posts required to be auto-promoted into that group, with zero meaning no auto-promotion. That would eliminate the one-trick group.)
Erik Frèrejean wrote:An other problem with this kind of spam prevention is that once it gets used a lot spammers will simply post stuff without back links, or broken back links and than you can also start from the beginning. Spammers really don't care whether the posts are blocked or not, otherwise some of my boards wouldn't be bombarded with spam as they all disappear in the MQ and are trashed without anyone looking at it.
You're partially correct. If spammers can't post links, they may try something else, but at least Google won't index it. Human spammers may give up.

However, the OP is wrong about spammers getting upset. Bots don't get upset; they just fail and move on. Only human spammers might get upset.

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

User avatar
/a3
Registered User
Posts: 411
Joined: Sun Sep 19, 2010 9:08 am
Location: /dev/random

Re: Why are we still moving the mountain to Mohammed ?

Post by /a3 » Mon Nov 22, 2010 5:44 am

Just reading on an XRumer website (not the official one), you can get your domain "blacklisted" so that your board is not spammed with XRumer. AFAIK phpBB.com is blacklisted which is why there isn't much bot spam here. Here's what the site wrote:
This blacklist has been compiled from abuse emails, and the stopforumspam contributors list.
So either abuse them ( :lol: ) or use the StopForumSpam MOD for phpBB and get on the contributors' page. ;)
$ git commit -m "YOLO"

ckwalsh
Former Team Member
Posts: 1837
Joined: Wed Mar 15, 2006 1:50 am
Location: Seattle, USA
Name: Cullen Walsh
Contact:

Re: Why are we still moving the mountain to Mohammed ?

Post by ckwalsh » Mon Nov 22, 2010 9:51 pm

/a3 wrote:Just reading on an XRumer website (not the official one), you can get your domain "blacklisted" so that your board is not spammed with XRumer. AFAIK phpBB.com is blacklisted which is why there isn't much bot spam here. Here's what the site wrote:
This blacklist has been compiled from abuse emails, and the stopforumspam contributors list.
So either abuse them ( :lol: ) or use the StopForumSpam MOD for phpBB and get on the contributors' page. ;)
I'm not a huge fan or trusting xrumer to blacklist forums. Looking at it another way, it is also a verified list of active forums that have potentially targettable userbases.

The reason you do not see much (any?) bot spam on phpBB.com is that we require the first post to be approved before users can post unrestricted. There have been several bots that have made 20+ posts, all of which were caught by the moderation queue and were never seen by the community.
Where to post what | Forum Rules | The Dos and Don'ts of General Discussion
In Seattle and want to meet, chat, or have a coffee? Drop me a PM.

User avatar
3Di
Former Team Member
Posts: 14381
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milan (IT) Frankfurt (DE)
Name: Marco
Contact:

Re: Why are we still moving the mountain to Mohammed ?

Post by 3Di » Tue Nov 23, 2010 12:17 am

You need some help here..
Please PM me only to request paid works. Thx.
Want to compensate me for my interest? Donate
My development's activity º PhpStorm's proud user
Extensions, Scripts, MOD porting, Update/Upgrades
✒️ Black Friday 2019 @ The Studio ▪️◾️

User avatar
/a3
Registered User
Posts: 411
Joined: Sun Sep 19, 2010 9:08 am
Location: /dev/random

Re: Why are we still moving the mountain to Mohammed ?

Post by /a3 » Tue Nov 23, 2010 2:08 am

ckwalsh wrote:The reason you do not see much (any?) bot spam on phpBB.com is that we require the first post to be approved before users can post unrestricted. There have been several bots that have made 20+ posts, all of which were caught by the moderation queue and were never seen by the community.
Keep in mind that XRumer is not the only program that is used for forum spamming. You might want to read this page (not on the XRumer site I was talking about): Why phpBB and PHP-Nuke developers are not bothered by spam.
$ git commit -m "YOLO"

User avatar
A_Jelly_Doughnut
Former Team Member
Posts: 34457
Joined: Sat Jan 18, 2003 1:26 am
Location: Where the Rivers Run
Contact:

Re: Why are we still moving the mountain to Mohammed ?

Post by A_Jelly_Doughnut » Tue Nov 23, 2010 4:14 am

Most of us do run our own forums, so even if that were true, we wouldn't be completely in the dark about spam.
A Donut's Blog
"Bach's Prelude (Cello Suite No. 1) is driving Indiana country roads in Autumn" - Ann Kish

User avatar
/a3
Registered User
Posts: 411
Joined: Sun Sep 19, 2010 9:08 am
Location: /dev/random

Re: Why are we still moving the mountain to Mohammed ?

Post by /a3 » Tue Nov 23, 2010 10:31 am

A_Jelly_Doughnut wrote:Most of us do run our own forums, so even if that were true, we wouldn't be completely in the dark about spam.
I forgot, my apologies. :)
$ git commit -m "YOLO"

User avatar
Dog Cow
Registered User
Posts: 2495
Joined: Fri Jan 28, 2005 12:14 am
Contact:

Re: Why are we still moving the mountain to Mohammed ?

Post by Dog Cow » Tue Nov 23, 2010 11:43 pm

Machine bots are rather simple to defeat, and detect. Just look in your HTTP access logs for IP hits on your login or registration page which aren't loading any images, CSS, or other resources. Once detected, making changes to the captcha, HTML source, or adding timers, are two easy ways to defeat machines.

Human bots (!) are a little bit trickier to detect, since they may well be using an "ordinary" web browser, and thus, loading images and resources.

Either way, scanning for message content is a good way to go. You, the forum master, should have a pretty good idea about what people are talking, and that about which your users don't usually talk.

On my forums, while I no longer get automated registrations, I do occasionally receive overtures from human spammers. :lol:
Moof!
Mac GUI Vault: Retro Apple II & Macintosh computing archive.
Inside Allerton bookMac GUIMac 512K Blog

Post Reply

Return to “phpBB Discussion”