Spam attacks

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Scam Warning
Post Reply
User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Spam attacks

Post by callumacrae »

I have seen more than a few people commenting that the amount of spam being posted to their forums has surged in the past few days, and I am included. Anyone else noticing this, and does anyone know how or why?

This isn't support, I'm just interested.

~Callum
macr.ae = my website. you probably won't like it.
Proud user ofProud user of
User avatar
tbackoff
Former Team Member
Posts: 7068
Joined: Thu Jun 04, 2009 1:41 am
Location: cheerleading practice
Name: Tabitha Backoff

Re: Spam attacks

Post by tbackoff »

It seems recaptcha is not useful anymore. The same goes for Q&A - spam bot authors seem to be preprogramming key words to break it.
Flying is the second best thrill to cheerleaders; being caught is the first.
User avatar
Lumpy Burgertushie
Registered User
Posts: 69223
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Spam attacks

Post by Lumpy Burgertushie »

I doubt they can break the Q&A like that.

the recent problem has been with spammers trying to brute force passwords to get logged in.

they are not having any luck as far as I know, but they just keep trying.
It seems to be a new bot or something that is making the rounds right now.

the problem of human spammers does seem to be getting worse.

apparently they hire people to just go around and register on phpbb ( and other ) boards.

then , they go back later and post spam and/or urls in the profile etc.

not much you can do other than use the built in spam protections and use the newly registered users group etc.


robert
Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
User avatar
Phil
Former Team Member
Posts: 10403
Joined: Sat Nov 25, 2006 4:11 am
Name: Phil Crumm
Contact:

Re: Spam attacks

Post by Phil »

Lumpy Burgertushie wrote:I doubt they can break the Q&A like that.
Several forums I am responsible for have had considerable volumes of spam over the several days despite using the Q&A CAPTCHA (and, similarly, reCAPTCHA). Granted, they are using simple questions ("What color is the sky?" "2+2=?", etc.), however this shows that there has been some success in circumventing the technique.
Moving on, with the wind. | My Corner of the Web
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72343
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Spam attacks

Post by KevC »

Yeah I've also seen a big hit on my Q&A in the last 10 days. Changing the 'key word' didn't stop it but I've had some limited success with rewording my 'question'.

It would be nice to have an option in the ban section where you can just say stop everything from .ru although I've also been getting Belize, the Philippines and Latvia a lot lately too.
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: Spam attacks

Post by callumacrae »

Would enabling email activation help?

~Callum
macr.ae = my website. you probably won't like it.
Proud user ofProud user of
User avatar
lurttinen
Translator
Posts: 4728
Joined: Tue Sep 21, 2004 12:05 pm

Re: Spam attacks

Post by lurttinen »

Callum95 wrote:Would enabling email activation help?

~Callum
Probably not. Smart bots can check their email and have been doing that since phpBB2 days. :)

I had to dump reCAPTCHA because of all the spam it let through. :(
So far my Q&A holds, but it is written in Finnish anyway.
Signature is here
User avatar
Erik Frèrejean
Former Team Member
Posts: 9899
Joined: Tue Oct 09, 2007 9:09 am
Location: The Netherlands, 3.0.x Support Forum
Name: Erik Frèrejean
Contact:

Re: Spam attacks

Post by Erik Frèrejean »

lurttinen wrote:
Callum95 wrote:Would enabling email activation help?

~Callum
Probably not. Smart bots can check their email and have been doing that since phpBB2 days. :)
Funny thing is that this wave doesn't appear to do so, one of my boards have been bombarded with spam registrations over the last couple of weeks but non of them has activated the account yet.
Support Toolkit | Support Request Template | Knowledge Base | phpBB 3.0.x documentation
I don't give support via PM or IM! (all unsolicited pms will be trashed!)
User avatar
PlanetStyles.net
Former Team Member
Posts: 4809
Joined: Wed Nov 04, 2009 11:16 pm
Location: Way up in the sky close to the stars
Name: Christian
Contact:

Re: Spam attacks

Post by PlanetStyles.net »

As somebody who will be opening a large site within the next few months, which essentially revolves around the community forum - the recent spam "outbreak" is something of a concern.

Does anybody have any experience with the more fancy CAPTCHAs which featured in last year's CAPTCHA competition? Derky's Sortables CAPTCHA plugin and mtotheikle's Fancy jQuery CAPTCHA specifically.

Surely bots aren't sophisticated enough to drag n' drop, or even work out what needs to be dragged where. Needless to say that won't stop human spam registrations, though as we've already established those are impossible to stop whilst letting legitimate users in.
Last edited by PlanetStyles.net on Fri Jan 07, 2011 3:31 pm, edited 1 time in total.
User avatar
keitzy
Registered User
Posts: 359
Joined: Thu Nov 12, 2009 6:32 am
Location: Esperance, Western Australia
Contact:

Re: Spam attacks

Post by keitzy »

What about a custom profile field. I use one for ausgamingcore.

Kinda hard though trying to find what all your users have in common.

With mine I did a custom profile on registration - PROFILE_STEAM_ID in admin section and did a preg match to make sure the exact STEAM_0:bal:bla was input.

That halted all spam.

May be a bit much though. Just a thought.
Image
chrissomerville
Registered User
Posts: 1
Joined: Fri Jan 07, 2011 4:05 pm

Re: Spam attacks

Post by chrissomerville »

I too have experienced similar attempts. I have email activation required, and I am deleting around 50 bogus applications per day. The usernames appear to be random generations. I have CAPTA activated so assume these are people not robots? Is that naive? Last week the IPs were nearly all China, with a few Korea. The last few days they have all been Russian, except for two Ukraine.
It would be nice if we could block via country codes!
Anyone any bright ideas?
Chris
User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: Spam attacks

Post by callumacrae »

keitzy wrote:What about a custom profile field. I use one for ausgamingcore.

Kinda hard though trying to find what all your users have in common.

With mine I did a custom profile on registration - PROFILE_STEAM_ID in admin section and did a preg match to make sure the exact STEAM_0:bal:bla was input.

That halted all spam.

May be a bit much though. Just a thought.
From your post and sig, I gather that your site is about steam? That's a great idea, but it EOULDNT wok on most peoples forums as a lot of people don't have steam.

~Callum
macr.ae = my website. you probably won't like it.
Proud user ofProud user of
User avatar
Erik Frèrejean
Former Team Member
Posts: 9899
Joined: Tue Oct 09, 2007 9:09 am
Location: The Netherlands, 3.0.x Support Forum
Name: Erik Frèrejean
Contact:

Re: Spam attacks

Post by Erik Frèrejean »

chrissomerville wrote:The usernames appear to be random generations. I have CAPTA activated so assume these are people not robots? Is that naive?
Yes, some spammers will be humans but spam bots can also solve captcha's.
Support Toolkit | Support Request Template | Knowledge Base | phpBB 3.0.x documentation
I don't give support via PM or IM! (all unsolicited pms will be trashed!)
User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: Spam attacks

Post by callumacrae »

I need a robot to do the captchas for me, they're too difficult for me :(

~Callum
macr.ae = my website. you probably won't like it.
Proud user ofProud user of
User avatar
keitzy
Registered User
Posts: 359
Joined: Thu Nov 12, 2009 6:32 am
Location: Esperance, Western Australia
Contact:

Re: Spam attacks

Post by keitzy »

Callum95 wrote:I need a robot to do the captchas for me, they're too difficult for me :(

~Callum
I know how you feel. I'm forever failing the captcha code test on submit.
Image
Post Reply

Return to “phpBB Discussion”