phpBB 3.0.8 Spambots getting past Re-Capture registration

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Scam Warning
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
Terminal-Access
Registered User
Posts: 8
Joined: Mon Nov 23, 2009 12:43 pm

phpBB 3.0.8 Spambots getting past Re-Capture registration

Post by Terminal-Access »

phpBB Version: phpBB 3.0.8
Boards URL: http://stargate4bf2.co.uk
Board Host: Privatly Hosted.
Board Instalation Type: Fresh Install from phpBB.com download page.
Bord Registration Type: Re-Capture with User Activation.
Board Style: DVGFX2 (Customised Look)
Board Language: English
Board Database: MySQL 5
Board Mods:
  • Prime Trash Bin Version 1.0.10a
  • phpBB Gallery Version 1.0.5.1

Administrator Level of Experiance: Advanced User
When did your problem begin: Start of the Year (January 2011)

Description of Problem:

As stated above the board we are using is a Fresh install of phpBB 3.0.8 with user registrations enabled using the Re-Capture anti-spam countermeasure and requiring user activation once registerd.

We have our own unique set of API keys for Re-Capture.

Since the start of the new year we have noticed a lot of spambot have been able to register on the forums, although they are unable to post due to the newly registerd users group being highely restricted, their porfiles and signatures are filled in usually full of spam links.

Some how they are either by-passing the spam bot countermeasure and user activation.

Any help or advice would be greatly appreciated.

Thank you
Terminal-Access

P.S As of this post i have tempoeraly changed the user registration over to Admin Aproval to prevent any further spambot incursions on to our board.
Last edited by Terminal-Access on Wed Jan 19, 2011 10:57 am, edited 1 time in total.
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72339
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: phpBB 3.0.8 Spambots getting past Re-Capture registratio

Post by KevC »

Recaptcha appears to have been beaten. There are several similar topics on this if you scan down the forum.

Try the Q&A captcha instead.
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
Terminal-Access
Registered User
Posts: 8
Joined: Mon Nov 23, 2009 12:43 pm

Re: phpBB 3.0.8 Spambots getting past Re-Capture registratio

Post by Terminal-Access »

Kevin Clark wrote:Recaptcha appears to have been beaten. There are several similar topics on this if you scan down the forum.

Try the Q&A captcha instead.
Firstly thank you for the extreamly fast responce, i have just been discussing the Q&A captcha option with the other board administrators and we are going to give that a try.
PaveFE
Registered User
Posts: 50
Joined: Fri Aug 06, 2004 5:24 pm
Contact:

Re: phpBB 3.0.8 Spambots getting past Re-Capture registratio

Post by PaveFE »

I hope you guys can figure something out. I'm sick and tired of these damn spambots getting through. My settings are so high, my users can't even read the image! Yet, spambots continue. I swear I'd like to beat the ever living crap out of the people who create that stuff.

PaveFE
You have never lived until you have almost died and for those who fight for it, life has a flavor the protected will never know.
Honoring America's Hereos: Plummer, Howie, Scooter, Tom
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72339
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: phpBB 3.0.8 Spambots getting past Re-Capture registratio

Post by KevC »

PaveFE wrote:I hope you guys can figure something out. I'm sick and tired of these damn spambots getting through. My settings are so high, my users can't even read the image! Yet, spambots continue. I swear I'd like to beat the ever living crap out of the people who create that stuff.

PaveFE
Have you tried Q&A? I get maybe one a month (human spammer) and no bots.
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
PaveFE
Registered User
Posts: 50
Joined: Fri Aug 06, 2004 5:24 pm
Contact:

Re: phpBB 3.0.8 Spambots getting past Re-Capture registratio

Post by PaveFE »

Just switched to it. We'll see how this will last.

Thanks,

PaveFE
You have never lived until you have almost died and for those who fight for it, life has a flavor the protected will never know.
Honoring America's Hereos: Plummer, Howie, Scooter, Tom
GoldenMoney
Registered User
Posts: 3
Joined: Tue Apr 12, 2011 1:35 pm

Re: phpBB 3.0.8 Spambots getting past Re-Capture registratio

Post by GoldenMoney »

We have 2 months old forum. No actual users have been registered, but about 30-40 spambots register every day, ignoring Q&A, re-captcha and any other built in security measures. Nice forum interface, but useless because of security issues. In addition it is impossible to delete bulk spambots accounts and their messages. I had to go through by deleting them one by one. Deleting spambots from SQL leaves their traces in actual forum registration. If phpBB was build for users, why following is not implemented:

1. Security against spambots
2. Deleting Spambots names in bulk through "checkboxes"
3. Deleting spam messages in bulk through "checkboxes"

If phpBB was build to allow spambot advertising, it has been successful:

1. Spambots easy penetrate registration
2. Post multiple threads and creating nightmare for admin to delete
3. Registering in bulk, creating nightmare for admin to select them in bulk and delete

I had included /forum/ in robots.txt so it is not indexed by search engines, but bots do not really care. Is there a real solution to the issue. I am tired of receiving 40 e-mail from bot registration every day.

Serge
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72339
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: phpBB 3.0.8 Spambots getting past Re-Capture registratio

Post by KevC »

GoldenMoney wrote:Nice forum interface, but useless because of security issues.
It's not a security issue. They are registering like real people do.
If they are getting through your Q&A question then you need something better. Don't ask things that can be googled like what is 2+2 or what colour is the sky.
GoldenMoney wrote:In addition it is impossible to delete bulk spambots accounts and their messages.
You can do it in the prune users option in users and groups.
GoldenMoney wrote:1. Spambots easy penetrate registration
They do what humans do. It's not easy on any forum software to create something that a human can do but an automated bot can't. There are some more effective ways than others and the built in Q&A works very well so far if you choose your question carefully.
GoldenMoney wrote:2. Post multiple threads and creating nightmare for admin to delete
The built in newly registered users group stops that.
GoldenMoney wrote:3. Registering in bulk, creating nightmare for admin to select them in bulk and delete
Prune users does that.
GoldenMoney wrote:Is there a real solution to the issue. I am tired of receiving 40 e-mail from bot registration every day.
What's the address of the board? Maybe we can tell you why it's easy to register on it.
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
GoldenMoney
Registered User
Posts: 3
Joined: Tue Apr 12, 2011 1:35 pm

Re: phpBB 3.0.8 Spambots getting past Re-Capture registratio

Post by GoldenMoney »

address of the board is www.goldenmoney.ca/forum/

Pruning users:

1. When I go to "Prune Users" it asks me to enter their names, rather giving me the list of all registered users I can choose from or registration dates for that matter.
2. If I click link "Find a member", it opens new window where I can select member, but there is no "delete" button. What is the point of selecting them? Taking another look into it, I understand, you have to press "select marked" for them to be entered into into the big box and then prune. Thank you!
3. GoldenMoney wrote: Post multiple threads and creating nightmare for admin to delete
The built in newly registered users group stops that.

If you referring to "do not allow newly registered users to post" for several hours or days, what is the point of the forum. I still do not see how you can simply mark and select message for deletion.

In any case "deletion" is secondary issue and the consequence of "spambot" registration. If we can stop mass registration, we breath easy. If you do not mind checking our website. Suggestions would be really appreciated.

Serge
User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 52768
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: phpBB 3.0.8 Spambots getting past Re-Capture registratio

Post by stevemaury »

You need a better question. Try:

Q:

Type the first five letters of "goldenmoney" in the box to the right.

A:

golde or GOLDE or Golde
I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72339
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: phpBB 3.0.8 Spambots getting past Re-Capture registratio

Post by KevC »

Yep your Q&A question is no good. Steve's options above will be much more effective.
GoldenMoney wrote:Taking another look into it, I understand, you have to press "select marked" for them to be entered into into the big box and then prune. Thank you!
Correct. You tick all the accounts you want to remove, click select marked, then you'll be taken back to the prune page and they will all be in the box of accounts to remove. Tick the option to also remove their posts and hit submit.
GoldenMoney wrote:If you referring to "do not allow newly registered users to post" for several hours or days, what is the point of the forum. I still do not see how you can simply mark and select message for deletion.
The newly registered users group allows you to set X number of posts to go into the moderation queue.

User registration settings
new member post limit

If you set that to 1, the first post of every new user will be queued. Once you approve it, they will be able to post freely. We use it here. You don't see any spam posts here. Spammers nearly always give themselves away in the first post.
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
newforester
Registered User
Posts: 1
Joined: Tue May 03, 2011 2:00 pm

Re: phpBB 3.0.8 Spambots getting past Re-Capture registratio

Post by newforester »

Up until recently I had 30 - 40 spambots a day bombarding my site. I installed captcha (no good), Textual Confirmation (no good) and Administrator only registration which meant I got the emails . However, I realised that the spambots were ignoring the front screen entirely and just submitting a long registration string directly to the main php program. Of course, the filename is available and will receive the info directly!! So, someone, I forget where, came up with a very ingenious one line of code fix. In my list of fields to be passed to the registration program is one for Timezone. The top or first one on the list is GMT-12 which is actually a totally uninhabited region. The other timezones are selected from a drop-down box. It appears that the spambots only select the top entry in a dropdown box so in this case, they will send the Timezone as GMT-12 in the registration string. All you have to do in the main .php registration program is to add a line to check for the Timezone being GMT-12 and if so, exit the process. Since I installed the single line, about 2 months ago, I haven't had a single spambot registration and everyone else can register normally. All Kudos to the person who figured this one out, I forgot where I read it but it does work, for now! :)
User avatar
tonzodehoo
Registered User
Posts: 121
Joined: Tue Feb 13, 2007 9:21 pm

Re: phpBB 3.0.8 Spambots getting past Re-Capture registratio

Post by tonzodehoo »

newforester wrote:All you have to do in the main .php registration program is to add a line to check for the Timezone being GMT-12 and if so, exit the process. Since I installed the single line, about 2 months ago, I haven't had a single spambot registration and everyone else can register normally. All Kudos to the person who figured this one out, I forgot where I read it but it does work, for now! :)
This sounds promising. Where do I add the timezone? What file? I'll give it a go and see how this works.
Fingers crossed.
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72339
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: phpBB 3.0.8 Spambots getting past Re-Capture registratio

Post by KevC »

tonzodehoo wrote:
This sounds promising. Where do I add the timezone? What file? I'll give it a go and see how this works.
Fingers crossed.
See the sticky topic at the top of this forum.
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
User avatar
tonzodehoo
Registered User
Posts: 121
Joined: Tue Feb 13, 2007 9:21 pm

Re: phpBB 3.0.8 Spambots getting past Re-Capture registratio

Post by tonzodehoo »

Thanks kevin. NOt sure if I'm having a daft moment but I' can't quite see the sticky topic you mention?
Locked

Return to “[3.0.x] Support Forum”