Spam attacks

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Scam Warning
User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: Spam attacks

Post by callumacrae »

Soon the spam bots will catch up with the humans, then we WILL be screwed :D

~Callum
macr.ae = my website. you probably won't like it.
Proud user ofProud user of

Pony99CA
Registered User
Posts: 4783
Joined: Thu Sep 30, 2004 3:13 pm
Location: Hollister, CA
Name: Steve
Contact:

Re: Spam attacks

Post by Pony99CA »

Callum95 wrote:I need a robot to do the captchas for me, they're too difficult for me :(
Q&A CAPTCHAs shouldn't be too difficult for most people. The distorted printing ones are horrible.

I wonder how well the FUDForum block letter CAPTCHA works. It's certainly easy enough to read.

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

User avatar
Erik Frèrejean
Former Team Member
Posts: 9899
Joined: Tue Oct 09, 2007 9:09 am
Location: The Netherlands, 3.0.x Support Forum
Name: Erik Frèrejean
Contact:

Re: Spam attacks

Post by Erik Frèrejean »

Pony99CA wrote:I wonder how well the FUDForum block letter CAPTCHA works. It's certainly easy enough to read.
Yah its clear to read, but there is also a clear distinct between the characters and background. I expect that, that one will be pretty easy broken. But as with all anti-spam measures, as long as they are unique to your site (and your site isn't big enough to be specifically targeted) those kind of captchas will most likely do.
Support Toolkit | Support Request Template | Knowledge Base | phpBB 3.0.x documentation
I don't give support via PM or IM! (all unsolicited pms will be trashed!)

User avatar
Boardtalk.net
Registered User
Posts: 1212
Joined: Fri Jun 05, 2009 8:12 pm
Location: Ireland
Name: Colette
Contact:

Re: Spam attacks

Post by Boardtalk.net »

Am very interested to read how everyone else is having the same problem as I. This past week or two quite a number have registered on a few boards that I have. I’ve seen them coming from Latvia, China, Russian, Ukraine plus a few other places.

Have changed over to Sortables CAPTCHA Plugin and so far so good.

They are so annoying! :evil:

User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: Spam attacks

Post by callumacrae »

I saw someone say that they want to block those countries (I can't remember where), but phpBB can't do it. Surely it's possible to add them to the firewall though?

~Callum
macr.ae = my website. you probably won't like it.
Proud user ofProud user of

User avatar
Boardtalk.net
Registered User
Posts: 1212
Joined: Fri Jun 05, 2009 8:12 pm
Location: Ireland
Name: Colette
Contact:

Re: Spam attacks

Post by Boardtalk.net »

That would be a great idea, is it possible and how is it done to ban an entire Nation IP?

User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: Spam attacks

Post by callumacrae »

I don't know about firewall, but I found this, it may help you find what country your user is in from the code - http://ipinfodb.com/ip_location_api.ph

~Callum
macr.ae = my website. you probably won't like it.
Proud user ofProud user of

Pony99CA
Registered User
Posts: 4783
Joined: Thu Sep 30, 2004 3:13 pm
Location: Hollister, CA
Name: Steve
Contact:

Re: Spam attacks

Post by Pony99CA »

Callum95 wrote:I saw someone say that they want to block those countries (I can't remember where), but phpBB can't do it. Surely it's possible to add them to the firewall though?
You can block entire countries' E-mail domains (.ru, .cn, .ua, for example), and I do. Unfortunately, most spammers seem to use GMail, Yahoo and other free E-mail services now.

The problem with blocking IP addresses at the firewall is the same as blocking them in phpBB -- you'd need a list of all IP address ranges in that country (and they aren't contiguous). There was at least one initiative here to block China, but I'm not sure how well it did.

Maybe there's some Web service out there that takes an IP address and returns the associated country, so you could create a MOD that uses that and blocks countries you don't want, but I haven't seen it.

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: Spam attacks

Post by callumacrae »

Read up, I just linked to it xD

Also, I just found http://www.stopforumspam.com/contributions

~Callum
macr.ae = my website. you probably won't like it.
Proud user ofProud user of

User avatar
Dog Cow
Registered User
Posts: 2495
Joined: Fri Jan 28, 2005 12:14 am
Contact:

Re: Spam attacks

Post by Dog Cow »

Christian 2.0 wrote: Surely bots aren't sophisticated enough to drag n' drop, or even work out what needs to be dragged where.
Don't count on it. If I were to write a bot to break drag and drop, I'd merely scrape the page for the necessary inputs, arrange them, then submit the POST request.

Requiring Javascript dragging is just a red herring.

Code: Select all

		<div class="attachbox" style="clear:none; *width:20em;"><!-- *width:20em; is for nub IE-only -->
		<strong><!-- IF SORTABLES_NAME_LEFT -->{SORTABLES_NAME_LEFT}<!-- ELSE -->{L_COLUMN_LEFT}<!-- ENDIF --></strong><hr />
		<ul id="sortable1" class="connectedSortable" style="min-height: 100px; min-width:100px; list-style-type: none; padding: 0 5px 5px 5px;">
		<!-- IF SORTABLES_DEFAULT_SORT == 'LEFT' -->
			<!-- BEGIN options -->
			<li class="bg2" style="cursor:move; margin: 5px 0 5px 0; padding: 5px;" id="answer_{options.ID}">{options.TEXT}</li>
			<!-- END options -->
		<!-- ENDIF -->
		</ul>
		</div>
		
		<div class="attachbox" style="clear:none; *width:20em;"><!-- *width:20em; is for nub IE-only -->
		<strong><!-- IF SORTABLES_NAME_RIGHT -->{SORTABLES_NAME_RIGHT}<!-- ELSE -->{L_COLUMN_RIGHT}<!-- ENDIF --></strong><hr />
		<ul id="sortable2" class="connectedSortable" style="min-height: 100px; min-width:100px; list-style-type: none; padding: 0 5px 5px 5px;">
		<!-- IF SORTABLES_DEFAULT_SORT == 'RIGHT' -->
			<!-- BEGIN options -->
			<li class="bg2" style="cursor:move; margin: 5px 0 5px 0; padding: 5px;" id="answer_{options.ID}">{options.TEXT}</li>
			<!-- END options -->
		<!-- ENDIF -->
		</ul>
		</div>
		
		<input type="hidden" name="sortables_confirm_id" id="confirm_id" value="{SORTABLES_CONFIRM_ID}" />
		<div id="sortables_options_left"></div>
		<div id="sortables_options_right"></div>
sortables_options_left, sortables_options_right are the two inputs. Two template loops output the data.

Easy.
Moof!
Mac GUI Vault: Retro Apple II & Macintosh computing archive.
Inside Allerton bookMac GUIMac 512K Blog

User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: Spam attacks

Post by callumacrae »

How about a CAPTCHA form that is sent over AJAX? It would certainly slow them down for a few weeks

~Callum
macr.ae = my website. you probably won't like it.
Proud user ofProud user of

User avatar
Phil
Former Team Member
Posts: 10403
Joined: Sat Nov 25, 2006 4:11 am
Name: Phil Crumm
Contact:

Re: Spam attacks

Post by Phil »

Callum95 wrote:How about a CAPTCHA form that is sent over AJAX? It would certainly slow them down for a few weeks

~Callum
What about users who have javascript disabled?
Moving on, with the wind. | My Corner of the Web

User avatar
AdamR
Former Team Member
Posts: 9731
Joined: Tue Mar 02, 2004 5:40 pm
Location: Tampa, Florida
Name: Adam Reyher
Contact:

Re: Spam attacks

Post by AdamR »

Callum95 wrote:How about a CAPTCHA form that is sent over AJAX? It would certainly slow them down for a few weeks

~Callum
There would still have to be PHP on the server end to process that AJAX request. And the data, no matter whether it's sent via JS or from the page DOM, is still all POSTs and GETs. Yes, it would slow them down for a bit, but only because it's different, not because it's technically more complex.

- Adam
phpBB Support: Welcome | Userguide | Knowledge Base | Search
Honored supporter of the phpBB Group!
"If I have seen a little further it is by standing on the shoulders of Giants." - Isaac Newton

User avatar
Christian 2.0
Former Team Member
Posts: 4551
Joined: Wed Nov 04, 2009 11:16 pm
Location: UK
Name: Christian
Contact:

Re: Spam attacks

Post by Christian 2.0 »

Phil wrote:
Callum95 wrote:How about a CAPTCHA form that is sent over AJAX? It would certainly slow them down for a few weeks

~Callum
What about users who have javascript disabled?
A kind <noscript>Please enable JavaScript to continue registration</noscript>?

With a lot of smaller-scale sites these days it's safe to assume nearly nobody will JavaScript disabled. In 2010 exactly 2 people out of 45,000 Uniques that visited my site had JavaScript disabled.

User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: Spam attacks

Post by callumacrae »

Christian 2.0 wrote:
Phil wrote:
Callum95 wrote:How about a CAPTCHA form that is sent over AJAX? It would certainly slow them down for a few weeks

~Callum
What about users who have javascript disabled?
A kind <noscript>Please enable JavaScript to continue registration</noscript>?

With a lot of smaller-scale sites these days it's safe to assume nearly nobody will JavaScript disabled. In 2010 exactly 2 people out of 45,000 Uniques that visited my site had JavaScript disabled.
Off topic: I want 45,000 visitors!

On topic: The spam seems to have slowed down on my forum, a bit. Maybe they noticed that I don't actually care that much and manually approve everything?

~Callum
macr.ae = my website. you probably won't like it.
Proud user ofProud user of

Post Reply

Return to “phpBB Discussion”