[2.0.13] disable spambots

The cleanup is complete. This forum is now read only.
Post Reply

Rating:

Excellent!
17
47%
Very Good
3
8%
Good
8
22%
Fair
2
6%
Poor
6
17%
 
Total votes: 36

caped_crusader
Registered User
Posts: 41
Joined: Fri Jul 16, 2004 6:13 pm

Post by caped_crusader » Tue Jan 31, 2006 5:04 pm

magenta wrote: No idea. Make sure you put the code in the right place, since if it's not in the right place it might apply to posts but not to edits or something. You may want to try reverting to the unmodified code and trying again, or better yet, just disable anonymous posting (via forum permissions) since like the last page or so of this thread has been about, this mod is no longer effective.


Thank you for such a quick and helpful reply! :wink: I already reverted and will go to permissions. Cheers!

NightProwler
Registered User
Posts: 13
Joined: Wed May 12, 2004 12:27 am

Post by NightProwler » Wed Feb 01, 2006 2:06 am

This might or might not be a factor into this thread, so please keep that into consideration.

I'm not totally sure what you're talking about with the captchas. Are those the image boxes that appear on registration forms to prevent automatic registrations? I read in an earlier post that "captchas are extremely easily defeated." Is that a problem? I'm not good at PHP but I know my share. Just being bored, I made this simple script that generates a random number on-the-fly (determined by the date on the server; that was easiest to do) and then requires the same generated number for verification purposes. The simple script I made:

Code: Select all

<?php

// The following is used for the purpose of declaring values for the user-confirmation box.

$second=date(s);
$minute=date(m);
$hour=date(h);


$set1=$second * 25;
$set2=$minute * 33;
$set3=$hour * 2;
$set4=$second * 33;
$set5=$minute * 11;
$set6=$hour * 3;


$totals1=$set1 + $set2 + $set3;
$totals2=$set4 + $set5 + $set6;

$confirm=$totals1.$totals2;

echo $confirm;


?>

<form method=post action=page.php>
<input type="hidden" name="confirm" value="<?php echo $totals1.$totals2; ?>">
<INPUT TYPE="text" NAME="user_defined_confirm" SIZE="30">
<p>
<INPUT TYPE="submit">
</form>
When the code is placed in a PHP page, it generates a 8-9 digit number that the user must type into a form. On the results page, using an if/else statement, content displays according to what the user types in the verification box. I have a copy running at www.ozzyasylum.com/verification.php I have no idea if this could help but I'm thinking it just might be a decent way to trick spambots, as the numbers are generated by the time on a server and are very random. I dunno if this post helps any but I figured that by using this, this script of yours or one like it could be made fairly safe from spambots. Again, I dunno a lot about PHP so there could be errors or whatnot in this idea.

Maybe a good MOD would be to add something similar to this on all post pages when viewed by an unregistered user ie If a guest wants to post, he/she would have to fill out a verification box to send their post to the server. Maybe this MOD already exists. I dunno. I'm just trying to be helpful with what little I know :)

User avatar
magenta
Registered User
Posts: 80
Joined: Thu Jun 05, 2003 12:16 am
Location: Seattle
Contact:

Post by magenta » Wed Feb 01, 2006 5:04 am

http://en.wikipedia.org/wiki/Captcha

Also, the method you describe is extremely trivial to defeat, seeing as how the number they need to enter is already in the form. They don't even need to scrape the page. The disable_spambots mod already does more to defeat spambots; the reason it fails is because spammers are using humans to do their dirty work now.

spacetrace
Registered User
Posts: 24
Joined: Tue May 24, 2005 12:43 pm
Location: Kiel
Contact:

Post by spacetrace » Wed Feb 01, 2006 7:22 am

magenta wrote: the reason it fails is because spammers are using humans to do their dirty work now.
so what do you think about my solution against manually entered spam?

i also created a mod with an alternate phpBBimage, that includes the host-domain of the server it is supposed to be shown on so this version would look strange to visitors then:
www.winfreestuff.be

my mod is here:
http://www.phpbb.com/phpBB/viewtopic.php?t=362561
cool space online game:
www.spacetrace.org

User avatar
magenta
Registered User
Posts: 80
Joined: Thu Jun 05, 2003 12:16 am
Location: Seattle
Contact:

Post by magenta » Wed Feb 01, 2006 7:27 am

I think it's an extremely shortsighted temporary solution, which would yield way too many false positives.

antd2000
Registered User
Posts: 1
Joined: Mon Feb 06, 2006 11:04 am

Post by antd2000 » Mon Feb 06, 2006 11:11 am

Disable-Spambots very cool mod !
I setup it mod and bots no more write in my forum.

BUT...

Bots continue to _register_ in forum and appear in userlist :(
(a not like visual confirmation and not setup it)

How a can install this mod (or use this principe/ideology - "hidden fields in forms") for _disable_to_register_ for bots ?

Thanx.

User avatar
magenta
Registered User
Posts: 80
Joined: Thu Jun 05, 2003 12:16 am
Location: Seattle
Contact:

Post by magenta » Mon Feb 06, 2006 4:49 pm

There's another quick hack I posted somewhere else which disables incomplete registrations from appearing, but it's not too useful unless you also enable admin activation of accounts since the spammers are able to complete registrations pretty accurately now even with the CAPTCHA enabled.

Rep
Registered User
Posts: 317
Joined: Sat Jan 15, 2005 11:19 pm

Post by Rep » Sun Feb 19, 2006 2:21 pm

Casino bots have discovered my board.

I examined this mod and found the author, after much work, and BTW appreciated by all of us, to indicate the mod is not effetive any longer. Bot technology gained a step I quess.

So I changed the permissions to post to private but would like to allow guests to post. Is there anoter solution out there for me?

Thanks for you work.

User avatar
magenta
Registered User
Posts: 80
Joined: Thu Jun 05, 2003 12:16 am
Location: Seattle
Contact:

Post by magenta » Sun Feb 19, 2006 5:04 pm

There might be some sort of moderation queue for guests, but personally I think any solution which requires manual review of a lot of comments is broken, since whether or not you get a lot of spam, it generates a LOT of work for people.

wchen
Registered User
Posts: 2
Joined: Sun Mar 12, 2006 11:46 pm

Post by wchen » Sun Mar 12, 2006 11:51 pm

magenta wrote: Uh, you can disable anonymous users from posting by just setting the forum permissions to require login.

Also, the entire point to this mod was that I <em>didn't</em> want to disable anon posts - that's the easiest way to drive away potential commenters.


I installed the mod and it seems to work fine. However, it doesn't work for anonymous posts. I tried a few without logging in, it doesn't take me to the preview page. I also don't want to force my vistors to login to post a message. How can I fix it?

okeezes
Registered User
Posts: 1
Joined: Fri Mar 24, 2006 5:28 pm

Post by okeezes » Fri Mar 24, 2006 5:29 pm

antd2000 wrote: Bots continue to _register_ in forum and appear in userlist :(
(a not like visual confirmation and not setup it)

How a can install this mod (or use this principe/ideology - "hidden fields in forms") for _disable_to_register_ for bots ?

Thanks

I would also like to know

deros
Registered User
Posts: 7
Joined: Tue Apr 29, 2003 4:14 pm
Location: UK
Contact:

Post by deros » Fri Mar 24, 2006 6:49 pm

at the moment i am getting this error message when i go to post or create a new topic. i followed the information completely, so i am unsure, and know next to nothing about php code:

Code: Select all

Parse error: parse error, unexpected ';', expecting ')' in /.../httpdocs/phpBB2/posting.php on line 53
Deros
Deros

lewko
Registered User
Posts: 10
Joined: Thu May 11, 2006 8:21 am

Post by lewko » Fri May 12, 2006 11:43 pm

spacetrace wrote: i have a solution against manually entered spam:

if a user is registered new and makes his first post in the forum, there could be a check, if in the post he is making, there is an URL included - if so, then this user is deleted immediately, (or better after a timeout of a few minutes, so the user doesent notice, that he fails ;) )

I have no idea of the technical requirements, but as a concept, this strikes me as an excellent idea.

The other idea I have had, based on Slashdot's self-moderation, is for registered users to be able to flag spam or offensive messages. Then, any message which has been flagged according to various thresholds (e.g. more than two flags by members with trust level higher than x) would see the message quarantined or deleted.

From a security standpoint, the goal is to make spamming more expensive than the potential revenue it generates.

Vcoder
Registered User
Posts: 1
Joined: Thu Jun 01, 2006 7:55 am

This Mod is Amazing, it saved the day

Post by Vcoder » Thu Jun 01, 2006 8:02 am

I had been getting maybe 100 spam registers a day and it was really doing my head in.

I installed this mod which for me that isnt that good on php.
I found it easy to install and now i have no spam!!

So i think this is a great mod. The second file that need to have code put in was the silverblue template file? I am currently using a another template do i need to alter that file as well?

Thanks V

User avatar
Tudorius
Registered User
Posts: 7
Joined: Fri Jun 16, 2006 1:06 pm

Post by Tudorius » Sun Jun 18, 2006 5:35 pm

Does it work for boards lower than v 2.013?

Greetz,

Tudorius.
Vcoder wrote: The second file that need to have code put in was the silverblue template file? I am currently using a another template do i need to alter that file as well?

Yes. If you use another theme you also have to edit the tpl's for that theme, i've been told. In fact, in that case the subsilver tpl's does not have to be modded at all. But I gues it's a good thing to do anyway, in case you have to switch to another theme if you have some problems with the selected one.

Post Reply

Return to “[2.0.x] MOD Database Cleanup”

Who is online

Users browsing this forum: No registered users and 6 guests