Preventing Spam in phpBB 3.0.6 and Above [*Read First Post*]

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Anti-Spam Guide
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
Locked
User avatar
Brf
Support Team Member
Support Team Member
Posts: 52050
Joined: Tue May 10, 2005 7:47 pm
Location: {postrow.POSTER_FROM}
Contact:

Re: Preventing Spam in phpBB 3.0.6 [*Read First Post*]

Post by Brf »

Spam making false or deceptive claims is illegal -- at least here in the US.
Spam for legitimate, legal products is usually legal.
az2000
Registered User
Posts: 37
Joined: Mon Dec 14, 2009 10:54 pm

Re: Preventing Spam in phpBB 3.0.6 [*Read First Post*]

Post by az2000 »

Brf wrote:Spam making false or deceptive claims is illegal -- at least here in the US.
Spam for legitimate, legal products is usually legal.
It seems like spam could be considered a violation of hacking and DCMA laws in the US. My reasoning: If I put in my ToS that the user agrees not to post off-topic nor commercial posts, and a spammer agrees to that, and proceeds to goes out of their way to defeat measures to prevent autobot registrations, that seems like something between hacking (entering a system they aren't welcome to) and reverse engineering trade secrets (investigating board procedures to circumvent them to the detriment of the board).

I agree that email spam is different. The spammer can conceivably argue they don't know the recipient's desires. But, agreeing to a ToS with the intent to violate it seems a lot like activities we've already criminalized. A very clear intention to misuse property which they aren't entitled to use, and which they agreed not to misuse.
User avatar
Cpt. Blackbeard
Registered User
Posts: 443
Joined: Sat Oct 31, 2009 4:39 am
Location: USA
Contact:

Re: Preventing Spam in phpBB 3.0.6 [*Read First Post*]

Post by Cpt. Blackbeard »

az2000 wrote:
Brf wrote:Spam making false or deceptive claims is illegal -- at least here in the US.
Spam for legitimate, legal products is usually legal.
It seems like spam could be considered a violation of hacking and DCMA laws in the US. My reasoning: If I put in my ToS that the user agrees not to post off-topic nor commercial posts, and a spammer agrees to that, and proceeds to goes out of their way to defeat measures to prevent autobot registrations, that seems like something between hacking (entering a system they aren't welcome to) and reverse engineering trade secrets (investigating board procedures to circumvent them to the detriment of the board).

I agree that email spam is different. The spammer can conceivably argue they don't know the recipient's desires. But, agreeing to a ToS with the intent to violate it seems a lot like activities we've already criminalized. A very clear intention to misuse property which they aren't entitled to use, and which they agreed not to misuse.
That is pretty much my point. By using such methods as CAPTCHA you are clearly stating that SPAM posts are not allowed on your Forum, intentionally bypassing it to make posts that are clearly posted not permitted should be illegal.
User avatar
xymox
Registered User
Posts: 63
Joined: Thu Jan 07, 2010 12:20 am

Re: Preventing Spam in phpBB 3.0.6 [*Read First Post*]

Post by xymox »

Is there a RBL ( real time block list ) for pbpbb ? This would make lots of sense.

Im sure its easy to implement. Just like using a RBL for email spam control. A mod or plugin that does a dns query of a user created list of RBL sites. This would be done on the IP of the poster and/or during registration. Im sure there is a direct correlation between email spammers and forum spammers IP addresses.

Creating a RBL just for forum spammers would be even more handy. This could even include a lookup for known bad users and users who are abusive.

Spamassassin. Someone needs to port this over to phpbb. Each post could be pushed thru it.

I think all the current advanced tools for fighting email spam could be used very easily to fight forum spam..
User avatar
Brf
Support Team Member
Support Team Member
Posts: 52050
Joined: Tue May 10, 2005 7:47 pm
Location: {postrow.POSTER_FROM}
Contact:

Re: Preventing Spam in phpBB 3.0.6 [*Read First Post*]

Post by Brf »

az2000 wrote: It seems like spam could be considered a violation of hacking and DCMA laws in the US. My reasoning: If I put in my ToS that the user agrees not to post off-topic nor commercial posts, and a spammer agrees to that, and proceeds to goes out of their way to defeat measures to prevent autobot registrations, that seems like something between hacking (entering a system they aren't welcome to) and reverse engineering trade secrets (investigating board procedures to circumvent them to the detriment of the board).
Violating a TOS is not violating the law, it just gives you a valid reason for deleting and/or blocking their account.
Tonttu
Registered User
Posts: 17
Joined: Sat Aug 08, 2009 7:34 am

Re: Preventing Spam in phpBB 3.0.6 [*Read First Post*]

Post by Tonttu »

Mixstar wrote:IMO, there should be no need to use third party add-ons. If you follow the first post in this topic specifically Knowledge Base - Custom Profile Fields as an Anti-Spammer Tool, you should be able to stop any unwanted bot attacks. I have not had one successful attempt since I installed custom profile fields over a year ago.
I have had regular spammer registrations after I implemented a custom profile field question. Yesterday I switched to a new question and during the night a spammer still got through. So either they use the human labor services or an easily customizable spamming software. The profile field question is very good in limiting the amount of spam to a manageable amount, but that's all.
User avatar
Brf
Support Team Member
Support Team Member
Posts: 52050
Joined: Tue May 10, 2005 7:47 pm
Location: {postrow.POSTER_FROM}
Contact:

Re: Preventing Spam in phpBB 3.0.6 [*Read First Post*]

Post by Brf »

The Q&A captcha is more effective than the custom profile field method, assuming you can ask a question that your target audience can answer, that is not easily findable in Google.
Darth Wong
Registered User
Posts: 2398
Joined: Wed Jul 03, 2002 5:20 am
Location: Toronto, Canada
Contact:

Re: Preventing Spam in phpBB 3.0.6 [*Read First Post*]

Post by Darth Wong »

Brf wrote:The Q&A captcha is more effective than the custom profile field method, assuming you can ask a question that your target audience can answer, that is not easily findable in Google.
I've mentioned this already, but it bears repeating that so far, simple mathematical word problems in the Q&A module seem impenetrable to bots. I still get human spammers (really, nothing can realistically stop that), but the bots just don't get in. Technically, it's possible that humans who have utterly abysmal math skills would also fail, but I would tend to think that any adult who's mentally competent should be able to do simple grade 8 or 9 level mathematical word problems.
Not a three-foot tall green gnome in real-life: My home page.
My wretched hive of scum and villainy: http://bbs.stardestroyer.net/
User avatar
Brf
Support Team Member
Support Team Member
Posts: 52050
Joined: Tue May 10, 2005 7:47 pm
Location: {postrow.POSTER_FROM}
Contact:

Re: Preventing Spam in phpBB 3.0.6 [*Read First Post*]

Post by Brf »

Darth Wong wrote: I still get human spammers (really, nothing can realistically stop that),
A proper Q&A question might stop the human spammers, as I am trying to explain. I have had no human spammers either.
Darth Wong
Registered User
Posts: 2398
Joined: Wed Jul 03, 2002 5:20 am
Location: Toronto, Canada
Contact:

Re: Preventing Spam in phpBB 3.0.6 [*Read First Post*]

Post by Darth Wong »

Brf wrote:
Darth Wong wrote: I still get human spammers (really, nothing can realistically stop that),
A proper Q&A question might stop the human spammers, as I am trying to explain. I have had no human spammers either.
How can you stop human spammers in an automated fashion? A human being can sign up on any forum by simply being as competent as any other would-be new user. Even admin registration and moderation queues won't necessarily stop human spammers; they need only pretend to be legitimate users until they decide to advertise their service or website. Hell, I've had human spammers sign up and actually post some on-topic discussion material (to get past the moderation queue) before posting spammy "come visit my website" threads.
Not a three-foot tall green gnome in real-life: My home page.
My wretched hive of scum and villainy: http://bbs.stardestroyer.net/
User avatar
Brf
Support Team Member
Support Team Member
Posts: 52050
Joined: Tue May 10, 2005 7:47 pm
Location: {postrow.POSTER_FROM}
Contact:

Re: Preventing Spam in phpBB 3.0.6 [*Read First Post*]

Post by Brf »

OK. I will reply to that after I have deleted my first human spammer.
Tonttu
Registered User
Posts: 17
Joined: Sat Aug 08, 2009 7:34 am

Re: Preventing Spam in phpBB 3.0.6 [*Read First Post*]

Post by Tonttu »

With a tricky captcha, the bot operator only needs human input in the captcha solving phase. The human services offered are easy to link to normal spamming software, because they provide an API. Cheap remote workers in developing countries process the captchas as the requests arrive.
The bot doesn't need any help in posting sufficiently on-topic material after it has done its AI analysis, because that's what it does anyway. Of course, if the pay is low enough in a certain country, a person could offer more complex spamming services, like those mentioned by Darth Wong.
The highly specialized Q&A captchas only work for boards with a very specific range of topics and an enthusiast community. Even then a human worker might find the answer quickly with a search engine and the bot user could log it and update his input fields so he wouldn't need the worker all the time for that board.
In my case, for a board specifying in a certain style of art, I can't for the life of me think of a theme-fitting anti-bot question that wouldn't piss the heck out of registering users. The reason being the fact that there are still many subgenres and mediums and different levels of knowledge.
az2000
Registered User
Posts: 37
Joined: Mon Dec 14, 2009 10:54 pm

Re: Preventing Spam in phpBB 3.0.6 [*Read First Post*]

Post by az2000 »

Brf wrote:
Darth Wong wrote: I still get human spammers (really, nothing can realistically stop that),
A proper Q&A question might stop the human spammers, as I am trying to explain. I have had no human spammers either.
Are you emphasizing proprietary questions? Like, let's say I have a web forum catering to city planners. I would have questions concerning "the IETF definition of the third-level strat density for proper compaction of clay soils in Zone3 altitudes, when tertiary methods are not available?"

Something only a city planner would know?

Mark
az2000
Registered User
Posts: 37
Joined: Mon Dec 14, 2009 10:54 pm

Re: Preventing Spam in phpBB 3.0.6 [*Read First Post*]

Post by az2000 »

Tonttu wrote:Cheap remote workers in developing countries process the captchas as the requests arrive.
That's why there should also be a relatively short time-limit on any captchas. 30-60 seconds. If a captcha doesn't grow stale, it invites that kind of hand-off to a human.

Mark
az2000
Registered User
Posts: 37
Joined: Mon Dec 14, 2009 10:54 pm

Re: Preventing Spam in phpBB 3.0.6 [*Read First Post*]

Post by az2000 »

Darth Wong wrote:, simple mathematical word problems in the Q&A module seem impenetrable to bots.
I liked your suggestion and recommended it earlier in this topic. I think it makes a lot of sense. ("Mary buys 4 candy bars, gives away one, and already has a case of 24 at home. How many candy bars does Mary have?").

It might be overkill, but presenting such a wordy math question in the Crazy Maths plugin (a Latex-generated image instead of text) would eliminate any possibility of a bot scrapping the text from the screen and developing solutions. (Maybe not "eliminate." But, they'd have to OCR it. An additional hurdle.).

Mark
Locked

Return to “[3.0.x] Support Forum”