Spam attacks

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Scam Warning
User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: Spam attacks

Post by callumacrae »

How about forcing say, a 5 second wait on the registration page? Some people do it by jsing the submit button, but what about sending the CAPTCHA over ajax and putting a sleep(5); before sending the CAPTCHA? It wouldn't stop them, but it would certainly slow them down.

~Callum
macr.ae = my website. you probably won't like it.
Proud user ofProud user of

User avatar
Phil
Former Team Member
Posts: 10403
Joined: Sat Nov 25, 2006 4:11 am
Name: Phil Crumm
Contact:

Re: Spam attacks

Post by Phil »

Then you'll just need to disable Javascript (most bots don't bother to parse it anyway--what's the point?), and you'll be back to square one ;)
Moving on, with the wind. | My Corner of the Web

User avatar
Lumpy Burgertushie
Registered User
Posts: 67046
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Spam attacks

Post by Lumpy Burgertushie »

plus, the bots are smart enough to wait the five seconds anyway.


robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If a tree falls in the forest and nobody is there, does it make a sound?

User avatar
Dog Cow
Registered User
Posts: 2495
Joined: Fri Jan 28, 2005 12:14 am
Contact:

Re: Spam attacks

Post by Dog Cow »

Callum95 wrote:How about forcing say, a 5 second wait on the registration page? Some people do it by jsing the submit button, but what about sending the CAPTCHA over ajax and putting a sleep(5); before sending the CAPTCHA?
Right idea, wrong implementation. Check out how phpBB 3 enforces minimum form submission times.
Lumpy Burgertushie wrote:plus, the bots are smart enough to wait the five seconds anyway.
That's contrary to what my HTTP access logs show.
Moof!
Mac GUI Vault: Retro Apple II & Macintosh computing archive.
Inside Allerton bookMac GUIMac 512K Blog

User avatar
Erik Frèrejean
Former Team Member
Posts: 9899
Joined: Tue Oct 09, 2007 9:09 am
Location: The Netherlands, 3.0.x Support Forum
Name: Erik Frèrejean
Contact:

Re: Spam attacks

Post by Erik Frèrejean »

Dog Cow wrote:
Lumpy Burgertushie wrote:plus, the bots are smart enough to wait the five seconds anyway.
That's contrary to what my HTTP access logs show.
Not doing it is something else than not able to ;). Yes if you implement it on your board its probably going to work, but if released as a MOD, or when your site is large enough to be targeted specifically its rather trivial to change a bot so it waits for x seconds (sleep(5); ;))
Support Toolkit | Support Request Template | Knowledge Base | phpBB 3.0.x documentation
I don't give support via PM or IM! (all unsolicited pms will be trashed!)

User avatar
Lumpy Burgertushie
Registered User
Posts: 67046
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Spam attacks

Post by Lumpy Burgertushie »

Erik Frèrejean wrote:
Dog Cow wrote:
Lumpy Burgertushie wrote:plus, the bots are smart enough to wait the five seconds anyway.
That's contrary to what my HTTP access logs show.
Not doing it is something else than not able to ;). Yes if you implement it on your board its probably going to work, but if released as a MOD, or when your site is large enough to be targeted specifically its rather trivial to change a bot so it waits for x seconds (sleep(5); ;))
yep, that was my point. I don't know anything about how these scripts work, but I know that the people that do, could do the sleep thing with no problem.


robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If a tree falls in the forest and nobody is there, does it make a sound?

User avatar
Dog Cow
Registered User
Posts: 2495
Joined: Fri Jan 28, 2005 12:14 am
Contact:

Re: Spam attacks

Post by Dog Cow »

Two things:
1.) A normal registration takes longer than 5 secs. I've timed myself and others registering at my site. I know.
2.) If I've forced a spam bot slow down, them mission accomplished, as far as I'm concerned. :?
Moof!
Mac GUI Vault: Retro Apple II & Macintosh computing archive.
Inside Allerton bookMac GUIMac 512K Blog

User avatar
Timmer
Registered User
Posts: 112
Joined: Fri Sep 24, 2004 4:21 pm
Location: Portland, OR
Contact:

Re: Spam attacks

Post by Timmer »

As a user of phpBB for something like 7 years now, I'm feeling pretty helpless. I don't have the time to research and manually delete 5 to 10 fake registrations a day.

I wish there was a more proactive approach to this problem. As far as I can tell, reCaptcha is totally useless now.

The fake registrations hitting my site come from something like 10 different countries. I'm going to start researching those blocks of IP addresses and adding them to my .htaccess file with DENY. It is possible I might miss out on some valid traffic with this approach, but I don't know what else to do.

dncollins
Registered User
Posts: 127
Joined: Sat Feb 14, 2009 9:06 am

Re: Spam attacks

Post by dncollins »

So far I've had as many as five in a day, but usually just one or two. So far I've been blocking by IP to see if there is any effect: If IP is a.b.c.d, I block a.b.c.* ... If I subsequently receive, say, a reg attempt from from an adjacent ip range owned by the same network ... a.b.c+2.y for example I expand my block to a.b.*.* (building up my own dnsbl so to speak)

Over time I'm thinking I'll build up immunity to most of the spam bots.

I have a small board for members of my fishing club and I activate manually.

Am I spitting into the wind or is there some hope for this method to eventually have some success?

User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: Spam attacks

Post by callumacrae »

dncollins wrote:So far I've had as many as five in a day, but usually just one or two. So far I've been blocking by IP to see if there is any effect: If IP is a.b.c.d, I block a.b.c.* ... If I subsequently receive, say, a reg attempt from from an adjacent ip range owned by the same network ... a.b.c+2.y for example I expand my block to a.b.*.* (building up my own dnsbl so to speak)

Over time I'm thinking I'll build up immunity to most of the spam bots.

I have a small board for members of my fishing club and I activate manually.

Am I spitting into the wind or is there some hope for this method to eventually have some success?
If you know all the members beforehand, set up a whitelist, and only allow users from your own country

~Callum
macr.ae = my website. you probably won't like it.
Proud user ofProud user of

Pony99CA
Registered User
Posts: 4783
Joined: Thu Sep 30, 2004 3:13 pm
Location: Hollister, CA
Name: Steve
Contact:

Re: Spam attacks

Post by Pony99CA »

dncollins wrote:So far I've had as many as five in a day, but usually just one or two. So far I've been blocking by IP to see if there is any effect: If IP is a.b.c.d, I block a.b.c.* ... If I subsequently receive, say, a reg attempt from from an adjacent ip range owned by the same network ... a.b.c+2.y for example I expand my block to a.b.*.* (building up my own dnsbl so to speak)
Of course, doing that can block people outside of those IP groups. Blocking a.b.c.* blocks 256 IP addresses, but some networks have fewer than 256. Blocking a.b.*.* makes that outcome more likely.

ISPs (and I suspect countries) can be split across Class B or Class C IP ranges.

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 25653
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: Spam attacks

Post by Paul »

Class B and Class C type network are old terms, and not really in use anymore. They are assigned via a subnetwork now (/8, /16, /24 etc).
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development

Pony99CA
Registered User
Posts: 4783
Joined: Thu Sep 30, 2004 3:13 pm
Location: Hollister, CA
Name: Steve
Contact:

Re: Spam attacks

Post by Pony99CA »

Paul wrote:Class B and Class C type network are old terms, and not really in use anymore. They are assigned via a subnetwork now (/8, /16, /24 etc).
That's irrelevant to what I said. Blocking a.b.*.* blocks an entire Class B network. Blocking a.b.c.* blocks an entire Class C network.

The point is that such blocking can span companies, ISPs and probably even countries. Or are you saying that's incorrect?

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

User avatar
AdamR
Former Team Member
Posts: 9731
Joined: Tue Mar 02, 2004 5:40 pm
Location: Tampa, Florida
Name: Adam Reyher
Contact:

Re: Spam attacks

Post by AdamR »

Pony99CA wrote:The point is that such blocking can span companies, ISPs and probably even countries. Or are you saying that's incorrect?
This concept is correct. Your terminology is not. :)

Classful networking != a.b.c.d octets

- Adam
phpBB Support: Welcome | Userguide | Knowledge Base | Search
Honored supporter of the phpBB Group!
"If I have seen a little further it is by standing on the shoulders of Giants." - Isaac Newton

arod-1
Registered User
Posts: 1327
Joined: Mon Sep 20, 2004 1:33 pm

Re: Spam attacks

Post by arod-1 »

dncollins wrote:I have a small board for members of my fishing club and I activate manually.

Am I spitting into the wind or is there some hope for this method to eventually have some success?
for this type of board, my experience is that Q&A works the best.
it is very easy to make up a question which will be a no-brainer for any person you actually want on your board, and practically impossible to answer for spammers ("who got drunk at the last meeting/your club presindent nickname/George's boat name" etc. etc.).

do not ask "how many cookies in a baker dozen" or "how many inches in a mile" - google can answer those in a jiffy (just type "inches in a mile" to google search box)

for any well-defined community, Q&A with community specific question is the way to go, IMO.
actually, in my experience it works so well that you can even allow anonymous posting (with "answer captcha to post" option).

peace.

Post Reply

Return to “phpBB Discussion”