New board being spammed with new user registrations.

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Anti-Spam Guide
Post Reply
Lyndka
Registered User
Posts: 12
Joined: Sat May 02, 2009 2:12 pm
Contact:

New board being spammed with new user registrations.

Post by Lyndka »

OK - first off - this isn't bugging me except to figure out why/how it's happening...

I've just installed my first phpBB board for about 7 years (fresh install & new domain for it) & whilst I was spending my time remembering how to do the basic admin setup (and installing a couple of extensions - thanks Rmcgurr!!) I had 3 new user registrations & one guest post... :lol:

The board is going to be "admin" only authorisation of users as it's a knowledgebase for a small community & I've not submitted it's domain to Google or anyone else - it doesn't need to be publically known, new users will be given the URL for the site.

So my question is this.... How do the spammers find the board (they're all typically in Hanoi and using fake eMail addresses)? Is there a "directory" of phpBB boards or is my board advertising it's presence to the world some other way?

Like I say - not overly bothered, I'm getting about 8 spam signup attempts per day (and yes - I've banned some obviously fake email domains) but I'm curious as to the mechanism being used to discover my board. Any idea's anyone?
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72343
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: New board being spammed with new user registrations.

Post by KevC »

As soon as you register a domain name it's public knowledge. Also their bots search hosting company servers on a regular basis so you're just another URL on the server with many others and they can easily find you.
Lyndka wrote: Tue Aug 17, 2021 1:39 pm new users will be given the URL for the site.
In that case I would use the built in Q&A antispam.

Set it to
Q: enter the code you have been emailed
A: <some random string - not a dictionary word>

That way if you don't know the answer, you cannot register. Only the people you send the URL to will be able to create an account because you will then also tell them the code to sign in with.
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
Lyndka
Registered User
Posts: 12
Joined: Sat May 02, 2009 2:12 pm
Contact:

Re: New board being spammed with new user registrations.

Post by Lyndka »

Yeah that makes some sort of sense - like I say, not bothered about it but curious that they'd be attempting registrations literally within minutes of installing the forum ;)
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72343
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: New board being spammed with new user registrations.

Post by KevC »

But if you let them sign up they know it's somewhere they can get in to and they'll swamp you sooner or later so it's better to stop it now before it gets bad. Q&A will do that. Banning doesn't really help. They rarely use the same account name twice, there are hundreds of email accounts they can make and the bigger your ban list is the slower your registration page gets as it has to check the info on the real people when they're signing up against a huge ban list.
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 5871
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.
Contact:

Re: New board being spammed with new user registrations.

Post by thecoalman »

Lyndka wrote: Tue Aug 17, 2021 1:39 pm The board is going to be "admin" only authorisation of users as it's a knowledgebase for a small community & I've not submitted it's domain to Google or anyone else - it doesn't need to be publically known, new users will be given the URL for the site.
Since it's non public If you want a simple way to stop all bots password protect it with .htaccess password. You should be able to do this through your hosting control panel. The user is presented with dialog box before the page loads, you can keep the username and password simple. The browser will store these passwords and they should not be presented with another dialog box unless they clear the browser cache. You can even direct them to HTML page with username and password published they can bookmark for later reference.
So my question is this.... How do the spammers find the board (they're all typically in Hanoi and using fake eMail addresses)? Is there a "directory" of phpBB boards or is my board advertising it's presence to the world some other way?
Most bots are going to find pages. Is the forum in the root of the domain? Instead of the root did you install in a common directory (e.g. yourdomain.com/forum)? Are you blocking that directory with robots.txt? The downside to robots.txt is rogue bots will utilize it to find things that you don't want indexed. Did one of your users post a link elsewhere?
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”

Attributed - Thomas Edison
Lyndka
Registered User
Posts: 12
Joined: Sat May 02, 2009 2:12 pm
Contact:

Re: New board being spammed with new user registrations.

Post by Lyndka »

thecoalman wrote: Tue Aug 17, 2021 8:50 pm Most bots are going to find pages. Is the forum in the root of the domain? Instead of the root did you install in a common directory (e.g. yourdomain.com/forum)? Are you blocking that directory with robots.txt? The downside to robots.txt is rogue bots will utilize it to find things that you don't want indexed. Did one of your users post a link elsewhere?
To be honest it's in the default install directory for the domain and I get the point about robots.txt too. There's no users registered so far apart from myself and a friend who's testing the board, it's not being linked to by the users. I'm guessing from the first reply that somewhere there's a couple of DNS servers with scripts attached to flag up new DN tables.

I did find an extension that refers against an external spam lookup database that seems to be catching all attempts now, I'm going to leave that "in situ" for a while then I might go the Q&A route once we open the board up to more users (again taking on board the comments about slowing look ups with logins).

I find it interesting that a phpBB board attracts so much attention from spammers but the couple of sites I maintain with WordPress never seem to attract as much attention. Not sure it speaks to the security merits of either platform to be frank, perhaps just a mindset "thing" on the part of the folks who are doing the spamming.

Thanks for the replies and hints anyway - I found it intriguing more than anything but the reasons I've seen do make sense :)
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26505
Joined: Fri Aug 29, 2008 9:49 am

Re: New board being spammed with new user registrations.

Post by Mick »

A good Q&A CAPTCHA (none searchable) + an active NRU will put a stop to the majority of that.
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72343
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: New board being spammed with new user registrations.

Post by KevC »

Lyndka wrote: Wed Aug 18, 2021 6:06 pm Not sure it speaks to the security merits of either platform to be frank,
No. Spam is not a security issue. They are people or bots registering just like a genuine person would. They are not bypassing anything to get in. It's just one of those things that every software with a registraion page has to deal with. It's a constant game of cat and mouse to produce something the bots can't solve.
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
Post Reply

Return to “phpBB Discussion”