Preventing Spam in phpBB 3.0.6 and Above [*Read First Post*]

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Anti-Spam Guide
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
Locked
User avatar
ric323
Former Team Member
Posts: 22909
Joined: Tue Feb 06, 2007 12:33 am
Location: Melbourne, Australia
Name: Ric
Contact:

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by ric323 » Wed Sep 15, 2010 6:28 am

dartiss wrote:Most of the advise in this thread appears to concentrate on the automated spam. However, my board is being plagued by spam created by apparently legitimate sign ups. They are not automated bots, so captcha's don't help, but real people signing up and then posting spam posts en masse.
...
You may be correct, but how do you know they are "real people" ?
The Knowledge Base contains solutions to many common problems!
How to fix "Doesn't have a default value" and "Incorrect string value: xxx for column 'post_text' " errors.
How to do a clean re-install of the latest phpBB3 version.
Problems with permissions? Read phpBB3 Permissions

User avatar
dartiss
Registered User
Posts: 11
Joined: Mon Dec 12, 2005 8:40 pm
Location: Nottingham, UK
Name: David Artiss
Contact:

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by dartiss » Wed Sep 15, 2010 7:05 am

ric323 wrote:You may be correct, but how do you know they are "real people" ?
They're confirming, by email, their registration, setting us signatures, etc.

David,

User avatar
ric323
Former Team Member
Posts: 22909
Joined: Tue Feb 06, 2007 12:33 am
Location: Melbourne, Australia
Name: Ric
Contact:

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by ric323 » Wed Sep 15, 2010 8:51 am

dartiss wrote:
ric323 wrote:You may be correct, but how do you know they are "real people" ?
They're confirming, by email, their registration, setting us signatures, etc.

David,
SPAMbots can do all those things automatically. That is why this topic exists.
The Knowledge Base contains solutions to many common problems!
How to fix "Doesn't have a default value" and "Incorrect string value: xxx for column 'post_text' " errors.
How to do a clean re-install of the latest phpBB3 version.
Problems with permissions? Read phpBB3 Permissions

Pony99CA
Registered User
Posts: 4783
Joined: Thu Sep 30, 2004 3:13 pm
Location: Hollister, CA
Name: Steve
Contact:

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by Pony99CA » Fri Sep 17, 2010 1:55 am

dartiss wrote:Most of the advise in this thread appears to concentrate on the automated spam. However, my board is being plagued by spam created by apparently legitimate sign ups. They are not automated bots, so captcha's don't help, but real people signing up and then posting spam posts en masse.

I've looked into setting up new users so that their initial posts have to be authorised, but the administrator of the board says, because emails for these aren't generated, it's taking up too much of his time to keep his eye on the board for any being posted (he only pops on every day or say - the board isn't *that* busy).
There's no real good way to stop human spammers. Blocking initial posts can help, but a dedicated spammer will post one innocuous post, get it approved, and then spam you like crazy.

You can try banning IP addresses, but if those are shared, you might be banning other people. That said, I've banned IP ranges from my entire Web site; they're in China and have submitted false URLs against my site, so I've blocked them because I really don't care if Chinese users can see my site. Blocking IP ranges in known spam countries (China, Russia, India, Pakistan, etc.) might help if you don't cater to users in those countries.

I've also blocked all *.cn, *.ua and *.ru E-mail addresses and have an extensive list of disallowed names (anything with "viagra", for example).

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

User avatar
Martin Truckenbrodt
Registered User
Posts: 3045
Joined: Sun Mar 23, 2003 6:22 pm
Location: Franconia
Name: Martin Truckenbrodt
Contact:

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by Martin Truckenbrodt » Fri Sep 17, 2010 1:23 pm

Hello,
there is one good way to block human spammers: blocking with DNS (or with HTTP) blacklists. :roll: Just try it!

Bye Martin
Free tutorial: Installing MODs in phpBB 3.0
Advanced Block MOD - Prevent spam on your phpBB 3.0 board with Stop Forum Spam, BotScout, Akismet, Project Honey Pot and several IP-RBL and Domain-RBL DNS blacklists!
My MODs
Use the official phpBB Ideas to vote missing core features!!!

Kerrith
Registered User
Posts: 474
Joined: Mon Mar 28, 2005 10:16 am
Location: Pahoa, Hawaii
Contact:

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by Kerrith » Sat Sep 18, 2010 2:16 am

Can I, as admin, insert URLs in posts but not allow others to insert URLs in their posts or replies?

Thanks,

Kerry
3.0.7-PL1

Kerrith
Registered User
Posts: 474
Joined: Mon Mar 28, 2005 10:16 am
Location: Pahoa, Hawaii
Contact:

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by Kerrith » Sat Sep 18, 2010 2:31 am

I've got a persistent spammer who registers with a different user name each time (such as xmhbfr123) and a different prefix for their email address but the same address each time (for example klmno124@chongsoft.com or hijk@chongsoft.com ) They use @chongsoft.com each time so I can't ban by email address.

Other than this pain-in-the-butt I have very few spammers.

Any suggestion other than setting it to Admin approval for each registration?

Thanks
Kerry
phpBB3.0.7-PL1

User avatar
tbackoff
Former Team Member
Posts: 7022
Joined: Thu Jun 04, 2009 1:41 am
Location: cheerleading practice
Name: Tabitha Backoff

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by tbackoff » Sat Sep 18, 2010 2:43 am

Kerrith wrote:different prefix for their email address but the same address each time (for example klmno124@chongsoft.com or hijk@chongsoft.com ) They use @chongsoft.com each time so I can't ban by email address.
You can ban by domain. I would imagine *@chongsoft.com would suffice.
Kerrith wrote:Any suggestion other than setting it to Admin approval for each registration?
If you are not very fond of banning emails, have you tried implementing the Newly Registered Users group and requiring the first x number of posts to be approved?
Flying is the second best thrill to cheerleaders; being caught is the first.

Kerrith
Registered User
Posts: 474
Joined: Mon Mar 28, 2005 10:16 am
Location: Pahoa, Hawaii
Contact:

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by Kerrith » Sat Sep 18, 2010 2:48 am

Hi t_backoff

Will try "banning by domain" and "Newly Registered Users group and requiring the first x number of posts to be approved?"

Thanks,

Kerry

User avatar
noth
Registered User
Posts: 2472
Joined: Fri Jan 07, 2005 7:10 pm
Location: North Surrey
Contact:

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by noth » Sat Sep 18, 2010 8:10 am

Kerrith wrote: (for example klmno124@chongsoft.com or hijk@chongsoft.com ) They use @chongsoft.com each time so I can't ban by email address.

Other than this pain-in-the-butt I have very few spammers.

Any suggestion other than setting it to Admin approval for each registration?

Thanks
Kerry
phpBB3.0.7-PL1
I have set one of my boards to admin approval simply because my members were going nuts about one member turned bad
when banned he opened multiple accounts and found his way around IP

I thought this would cause me huge problems but when you sign up to a board with registration checked by admin approval the user is not ambushed!

they see this
Please note that you will need to enter a valid e-mail address before your account is activated. The administrator will review your account and if approved you will receive an e-mail at the address you specified.
so they KNOW that the acount will be reviewed by an Adminstrator

it's not an ambush where they get told AFTER registering

they get told BEFORE (so many spammers/ idiots decide not to even bother registering there and then!)

the problem with "Admin approval for each registration" is that you begin to wonder if you are "losing members"

what is actually happening is that you are losing a huge amount of spammers and other people who are not that bothered but it's a test of nerves for the Admin

as for chongsoft, jees they should be hunted down by some special spam investigation unit, I think every phpBB forum has seen *@chong* signing up

User avatar
Martin Truckenbrodt
Registered User
Posts: 3045
Joined: Sun Mar 23, 2003 6:22 pm
Location: Franconia
Name: Martin Truckenbrodt
Contact:

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by Martin Truckenbrodt » Sat Sep 18, 2010 8:23 am

Hello,
you can use Double Activation (User+Admin). Then the new users first have to confirm their email addresses. And then Admin have to do a approval. So all users (spammers) with not valid email addresses and all users (spammers) whom are not confirming their email addresses automatically will not been activated automatically.

But if you want to work with IP addresses to get the spammers then you should use DNS blacklists to block them. Why to fill and maintain your own local BAN_TABLE if you could use third party databases maintained by policies automatically insteat?
Then Double Activation is not needed really. Then Double Activation is just a nice-to-have.

Bye Martin
Last edited by Martin Truckenbrodt on Sat Sep 18, 2010 8:50 am, edited 1 time in total.
Free tutorial: Installing MODs in phpBB 3.0
Advanced Block MOD - Prevent spam on your phpBB 3.0 board with Stop Forum Spam, BotScout, Akismet, Project Honey Pot and several IP-RBL and Domain-RBL DNS blacklists!
My MODs
Use the official phpBB Ideas to vote missing core features!!!

User avatar
noth
Registered User
Posts: 2472
Joined: Fri Jan 07, 2005 7:10 pm
Location: North Surrey
Contact:

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by noth » Sat Sep 18, 2010 8:38 am

so if you just set it to ADMIN ...... the user's email address is not validated? :o

User avatar
Martin Truckenbrodt
Registered User
Posts: 3045
Joined: Sun Mar 23, 2003 6:22 pm
Location: Franconia
Name: Martin Truckenbrodt
Contact:

Re: Preventing Spam in phpBB 3.0.6 and Above [*Read First Po

Post by Martin Truckenbrodt » Sat Sep 18, 2010 8:47 am

Hello,
yes. You've got it!

Bye Martin
Free tutorial: Installing MODs in phpBB 3.0
Advanced Block MOD - Prevent spam on your phpBB 3.0 board with Stop Forum Spam, BotScout, Akismet, Project Honey Pot and several IP-RBL and Domain-RBL DNS blacklists!
My MODs
Use the official phpBB Ideas to vote missing core features!!!

User avatar
oriolesprospects
Registered User
Posts: 372
Joined: Mon Jan 25, 2010 10:12 pm

Spam

Post by oriolesprospects » Sun Sep 19, 2010 6:09 am

The spam post stickied to the top is excellent. One additional question.

I have a custom profile field asking for the # of a player & the recaptcha. Do I need both or should the recaptcha work fine on it's own?

User avatar
Mick
Support Team Member
Support Team Member
Posts: 21577
Joined: Fri Aug 29, 2008 9:49 am
Location: Caerdydd

Re: Spam

Post by Mick » Sun Sep 19, 2010 6:42 am

oriolesprospects wrote:I have a custom profile field asking for the # of a player & the recaptcha. Do I need both or should the recaptcha work fine on it's own?
It's whatever works for you and your situation, try it and see what happens ;)
"The more connected we get the more alone we become" - Kyle Broflovski

Locked

Return to “[3.0.x] Support Forum”