Is there already a topic for this? I couldn't find a recent one from searching.
I'm frustrated with the amount of forum spam I get. It's getting quite annoying.
I've read a few times now that the "best" solution is the anti-spam questions.
Well I tried that. I had really good non-trivial questions that can't be found in a web search. They could only be answered by a human. I even tried rotating them every few months. But still spammers get through with ads for sneakers and apparel.
I don't think the security question method is very effective. A human just needs to visit the site once, figure out the answer, and then sell it to hundreds of spammers who then bombard your site. I don't understand why everyone thinks this is the answer.
The spammers are 90% the same pattern too. Username is typically "FirstnameLastname". Usually a name no human would pick. Or Firstname(three random letters). Random emails. Random ISP but usually places like Russia, China, Finland, Holland, India, but sometimes USA.
They usually make 3 posts on the same day and then never return.
How are you guys dealing with this?
Last edited by HiFiKabin on Tue Aug 10, 2021 8:51 am, edited 1 time in total.
Reason:moved to phpbb discussion
A good Q&A (good being one that can’t be googled) + an active NRU group manages quite adequately for the majority of users. Generally, boards that get constantly bombarded with successful spam attacks have holes in their defences. Can you post a link to your board so we can see what’s going on please?
"The good news is hell is just the product of a morbid human imagination.
The bad news is, whatever humans can imagine, they can usually create." - Harmony Cobel
How many sliding doors are there on an Astro/Safari?:
I guess I'ld need no more than 3 tries to get that one correct
Spelling is freeware, which means you can use it for free.
On the other hand, it is not open source, which means you cannot change it or publish it in a modified form.
Time flies like an arrow, but fruit flies like a banana.
There is an extension that filters the registration of users (spam prevention) whose IP addresses, username or e-mail address are blacklisted by the Stop Forum Spam service, it is Stop Spam Register by AlexSheer (works with phpBB 3.3.4)
Sorry for my English ... I do my best!
phpBB: 3.3.11 | PHP: 8.2.16
[Kill spam on phpBB] - [Some Frenchtranslationof extensions] "Mistress, Mistress someone is bothering me in pm"
warmweer wrote: ↑Tue Aug 10, 2021 7:37 amHow many sliding doors are there on an Astro/Safari?:
I guess I'ld need no more than 3 tries to get that one correct
I'm open to suggestions, but as I said, the question doesn't seem to make a difference.
ssl wrote: ↑Tue Aug 10, 2021 8:17 am
Hi
First you have to set up a good Q&A (a question related to the forum, be inventive!) when registering on the forum.
There is an extension that filters the registration of users (spam prevention) whose IP addresses, username or e-mail address are blacklisted by the Stop Forum Spam service, it is Stop Spam Register by AlexSheer (works with phpBB 3.3.4)
Q&A doesn't seem to help for very long.
I'll try the extension. Thanks.
Q&A works fine but it has to be the right kind of question.
Anything you can stick in to google and immediately see the answer for is no good. Most things with a number are no good because you have finite answers and more often than not they're less than 10 so the odds of hitting the right answer are good. Same with colours. You have to think outside the box. Ask something specific about your site or your logo or something that requires some understanding of the question to answer.
-:|:- Support Request Template -:|:- "Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
If you have no registration protection you'll be inundated with spam. People are used to those things in one form or another. They're on every site they ever sign up to.
-:|:- Support Request Template -:|:- "Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
KevC wrote: ↑Wed Aug 25, 2021 6:30 pm
Anything you can stick in to google and immediately see the answer for is no good. Most things with a number are no good because you have finite answers and more often than not they're less than 10 so the odds of hitting the right answer are good. Same with colours. You have to think outside the box. Ask something specific about your site or your logo or something that requires some understanding of the question to answer.
That's what I had initially. It said "what color is the banner". It worked for a while. But like I said, a human only needs to figure out the question once and then feed to answer to thousands of bots.
HiFiKabin wrote: ↑Thu Aug 26, 2021 8:34 am
A link to your board may help us give you a suitable Q&A
If you want to put a halt to the spam look into Cloudflare. You can start with countries (china, India, etc.) either issuing a JS challenge or block them outright. The JS challenge is sufficient to stop the bots and any legitimate user from those counties will only have minor delay. From there you can monitor your server stats for major abusers by IP and start blocking those networks by ASN. e.g. Hosting services like OVH and AWS. Note AWS needs special care as DuckDuckGo uses their services. Same thing applies to any ASN, it's possible legitimate users can be blocked.
CF also has a some built in filters that you can deploy, they have massive network and the data to understand illegitimate traffic.
The spam you'll be left with is typically being routed though VPN's and if it's enough of a nuisance you can issue JS Challenge to them.
CF is not a simple solution but things that work well are usually not easy. There is a lot of benefits using CF besides managing traffic. You need to either configure mod_remoteip on the server(or similar configuration) or use the Cloudflare extension in phpBB's database. All IP's to the server will be from Cloudflare and either will restore the original IP. Ideally mod_remoteip because because that works for everything, server logs for example.
There is other simple tricks that can help, for example the timezone UTC-00:00 is uninhabitable. Some bots will choose this for registration and you can safely drop it. If you search phpbb.com you should find the small edit you need to make.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”