Spam attacks

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Suggested Hosts
Ozo
Registered User
Posts: 330
Joined: Mon Dec 13, 2010 7:57 pm

Re: Spam attacks

Post by Ozo »

t_backoff wrote:It seems recaptcha is not useful anymore. The same goes for Q&A - spam bot authors seem to be preprogramming key words to break it.
I also bealive this is becoming true, unfortunately. my reCaptcha is getting bypassed.

I want to think it's human bots and sometimes they are, but I think it's the bots who've gotten smarter once agian.

Years ago, I was surprised on how a "bot" was able to automatically register and post random links. I can just imagine what has improved since then. heck, we're seeing that already. the whole "great article, but did you check out my page yadda yadda.com" :!:

User avatar
A_Jelly_Doughnut
Former Team Member
Posts: 34457
Joined: Sat Jan 18, 2003 1:26 am
Location: Where the Rivers Run
Contact:

Re: Spam attacks

Post by A_Jelly_Doughnut »

http://www.h-online.com/security/news/i ... 92621.html

Its my preference to believe security researchers when they say something like this -- especially when users are having experiences that verify the findings.

:roll: in Google's general direction for not using their massive resources to do something.
A Donut's Blog
"Bach's Prelude (Cello Suite No. 1) is driving Indiana country roads in Autumn" - Ann Kish

Welsh-80
Registered User
Posts: 232
Joined: Wed Jun 24, 2009 6:06 pm

Re: Spam attacks

Post by Welsh-80 »

i use questions and then admin activation incase they get through

the mod to prevent new members posting url's is a good idea too

User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 51087
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: Spam attacks

Post by stevemaury »

Welsh-80 wrote: the mod to prevent new members posting url's is a good idea too
No need for a MOD. That capability is built into phpBB via the Newly registered users group
For REALLY good and VERY inexpensive hosting CLICK HERE

I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)

Pony99CA
Registered User
Posts: 4783
Joined: Thu Sep 30, 2004 3:13 pm
Location: Hollister, CA
Name: Steve
Contact:

Re: Spam attacks

Post by Pony99CA »

stevemaury wrote:
Welsh-80 wrote: the mod to prevent new members posting url's is a good idea too
No need for a MOD. That capability is built into phpBB via the Newly registered users group
Where? There's the Allow links in posts/private messages option in the Post settings section of the Board Configuration group of the General tab, but that appears to be all-or-nothing, affecting all users everywhere. You can also ban BBCodes via permissions, but that affects all BBCodes (and may not affect auto-magic links). There are targeted permissions for IMG and FLASH, but not for URL.

However, I can't find anything to prevent only links based on a group.

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

Welsh-80
Registered User
Posts: 232
Joined: Wed Jun 24, 2009 6:06 pm

Re: Spam attacks

Post by Welsh-80 »

i think what he's saying is create a group for new members and use the permission settings to disallow them from posting links while they are a member of that group ;)

User avatar
AdamR
Former Team Member
Posts: 9731
Joined: Tue Mar 02, 2004 5:40 pm
Location: Tampa, Florida
Name: Adam Reyher
Contact:

Re: Spam attacks

Post by AdamR »

Welsh-80 wrote:i think what he's saying is create a group for new members and use the permission settings to disallow them from posting links while they are a member of that group ;)
There's no reason to create a new group. phpBB 3.0.6 and later include the "Newly Registered Users" group out of the box. By default, every user who registered on the board is placed into this group until they've reached a configured number of posts.

- Adam
phpBB Support: Welcome | Userguide | Knowledge Base | Search
Honored supporter of the phpBB Group!
"If I have seen a little further it is by standing on the shoulders of Giants." - Isaac Newton

Pony99CA
Registered User
Posts: 4783
Joined: Thu Sep 30, 2004 3:13 pm
Location: Hollister, CA
Name: Steve
Contact:

Re: Spam attacks

Post by Pony99CA »

Welsh-80 wrote:i think what he's saying is create a group for new members and use the permission settings to disallow them from posting links while they are a member of that group ;)
The point I'm making is that, as far as I know, there's no permission to prevent a group (or user) from posting just links. You can prohibit all users from posting links, and you can prohibit some groups from using all BBCodes, but you can't prohibit some groups from just posting links (without a MOD).

If I'm wrong, I'd love to know how to do it (as I'm sure a lot of people here would).

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

Welsh-80
Registered User
Posts: 232
Joined: Wed Jun 24, 2009 6:06 pm

Re: Spam attacks

Post by Welsh-80 »

I'm pretty sure without checking, that you can edit the permissions of the newly reg'd users group so that the group cannot post links

or am i wrong??

User avatar
KevC
Support Team Member
Support Team Member
Posts: 69628
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Spam attacks

Post by KevC »

Welsh-80 wrote:I'm pretty sure without checking, that you can edit the permissions of the newly reg'd users group so that the group cannot post links

or am i wrong??
There's no specific permission for [url] denial.

You could do a more blanket permission by stopping all BBcode for that group but not just url. Probably because they would still post it, it just wouldn't be clickable so it's probably a bit of a moot point to deny it. I'd rather stop them getting in at all.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"

dncollins
Registered User
Posts: 127
Joined: Sat Feb 14, 2009 9:06 am

Re: Spam attacks

Post by dncollins »

Callum95 wrote: If you know all the members beforehand, set up a whitelist, and only allow users from your own country
This could work if (1)There is a shorthand way of listing the IP addresses used exclusively in the USA, and (2) phpBB has a way of whitelisting IP addresses ... I only see a way of blacklisting them.

I purposely avoided putting a list of all club members in my db which I could then use to verify new registrations. This is a security measure that makes the placing of any personal information online completely opt-in.

But if (1) and (2) above are true, I could use IP whitelisting because it's unlikely that we'd have non-US members.

dncollins
Registered User
Posts: 127
Joined: Sat Feb 14, 2009 9:06 am

Re: Spam attacks

Post by dncollins »

arod-1 wrote:
dncollins wrote:I have a small board for members of my fishing club and I activate manually.
for this type of board, my experience is that Q&A works the best.
That's a damn good suggestion (he said, slapping his forehead). There is certainly a potential for new members who don't have fly fishing experience to be befuddled by questions that require too much knowledge about our sport .... but I could, for example, ask questions for which the answers could be found some place else on our website ... like 'who is the current club president?'

Surely, if the problem is bots, this'll do the job.

I apologize for generating a debate about IP address terminology :(

User avatar
drake ShinRa
Registered User
Posts: 36
Joined: Wed Dec 08, 2010 11:01 am
Location: Raftel
Contact:

Re: Spam attacks

Post by drake ShinRa »

i used recaptcha before and spammers keep coming..
and now i use Q&A captcha in my language and the spammers are gone :)
need new style

User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: Spam attacks

Post by callumacrae »

dncollins wrote:
Callum95 wrote: If you know all the members beforehand, set up a whitelist, and only allow users from your own country
This could work if (1)There is a shorthand way of listing the IP addresses used exclusively in the USA, and (2) phpBB has a way of whitelisting IP addresses ... I only see a way of blacklisting them.

I purposely avoided putting a list of all club members in my db which I could then use to verify new registrations. This is a security measure that makes the placing of any personal information online completely opt-in.

But if (1) and (2) above are true, I could use IP whitelisting because it's unlikely that we'd have non-US members.
1 - get them to email it to you
2 - you can in htaccess or the firewall

~Callum
macr.ae = my website. you probably won't like it.
Proud user ofProud user of

User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 51087
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: Spam attacks

Post by stevemaury »

dncollins wrote:
Callum95 wrote: If you know all the members beforehand, set up a whitelist, and only allow users from your own country
This could work if (1)There is a shorthand way of listing the IP addresses used exclusively in the USA, and (2) phpBB has a way of whitelisting IP addresses ... I only see a way of blacklisting them.

I purposely avoided putting a list of all club members in my db which I could then use to verify new registrations. This is a security measure that makes the placing of any personal information online completely opt-in.

But if (1) and (2) above are true, I could use IP whitelisting because it's unlikely that we'd have non-US members.
A waste of time and completely unnecessary.
For REALLY good and VERY inexpensive hosting CLICK HERE

I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)

Post Reply

Return to “phpBB Discussion”