Fight the spam registration bots!

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Locked
espicom
Registered User
Posts: 17905
Joined: Wed Dec 22, 2004 1:14 am
Location: Woodstock, IL

Fight the spam registration bots!

Post by espicom »

After cleaning out another round of spam registrations from our forums, I decided to make a subtle change to the worst-hit boards to screw up the "registration bots" used for this. In some cases, you can not take advantage of v2.0.11's "visual confirmation", which also stops the bots, but this should work.

It is a simple fix, but I will not post it as a regular MOD, because customization is the key here. The RegBots work by going directly to the submission of the form information, bypassing the various agreement screens by simply setting "agreed=true". Fortunately, web form variables are CasE-sEnsiTivE, so simply changing the all-lower-case name "agreed" to mixed-case will still allow manual registrations to work, but will simply present a bot's request with the COPPA form, and not make any entries into your users table.

The affected files are:

admin/admin_users.php
includes/usercp_avatar.php
includes/usercp_register.php

With a text editor, search for "agreed", and replace it with your own choice of mixed case, or even something like "IAmInAgreement". As long as all references to this variable are identical, registration and profile changes work as before... except for those trying to bypass the system.

Note to those using VI to do this on a Linux/Unix box... VI will only replace the FIRST occurance of a string on a line when using ":%s/agreed/AgReEd", and there are some instance where "agreed" occurs twice on the same line. Do the replace twice to make sure all occurances are changed.

EDIT: A change of heart... ConfusaBOT Lite is a simplified version of ConfusaBOT ACP. "Lite" lets you change the "agreed" and "coppa" variables by editing your includes/constants.php file, while the "ACP" version gives you control over them through the Admin Control Panel, General Configuration menu.

A further change of heart - I no longer recommend either version of the "ConfusaBOT" MOD; it simply is not effective against spam registrations anymore. However, other MODs that are still effective are described later in this topic, as well as in this additional topics:

Preventing SPAM - Bots and Humans
Anti-Spam Thread

Effective immediately, there is no support for either version of ConfusaBOT in this topic! Use the appropriate MOD thread, please!

Remember that the "validated" version of this MOD is the ACP version. This only means that the PHPBB MOD group has checked that it doesn't do anything obviously harmful, and meets PHPBB standards for coding.
Last edited by espicom on Thu Apr 26, 2007 6:09 am, edited 5 times in total.
Frold
Registered User
Posts: 447
Joined: Sat Nov 02, 2002 8:19 am

Post by Frold »

great idea I give it a test :D

Hope that I will not see bots on my memberlist any more :D
User avatar
CTCNetwork
Former Team Member
Posts: 15424
Joined: Fri Dec 19, 2003 3:50 am
Location: In that Volvo behind you!
Contact:

Post by CTCNetwork »

Hi,

You may also wish to consider the "Instant Ban" MOD. This will ban bots when they attempt to make entries in the web page field and signature field.

More details and download are Here.

Hope this helps,

Des. . . :wink:
Density:- Not just a measurement~Its a whole way of Life.! ! !
| Welcome! | RTFM!!! | Search! It's Easy! | Problem? | Spam? | Advice! |
espicom
Registered User
Posts: 17905
Joined: Wed Dec 22, 2004 1:14 am
Location: Woodstock, IL

Post by espicom »

Well, mine's a bit simpler to install... :)

But, I have added "InstaBan" to one of the sites that I use as the abuse subject, as well as mine, and we'll see how things go. That site hasn't been the target of the spam bots yet, but it should be getting that way relatively soon... It's making its way up the GOOGLE rankings.
skiba
Registered User
Posts: 15
Joined: Fri Oct 22, 2004 7:06 pm

Post by skiba »

Do I have to install the visual confirmation mod before applying the above changes?

also I have 2.0.11 and i dont see an option for visual confirmation :(
espicom
Registered User
Posts: 17905
Joined: Wed Dec 22, 2004 1:14 am
Location: Woodstock, IL

Post by espicom »

Visual confirmation is not a requirement for either my modification or Instant Ban. The work equally well with versions pre-dating 2.0.11.

If you can not see the Visual Confirmation setting in the Administrative Control Panel, it may be that your theme has not been updated to match the new capabilities. Try setting your theme to "subSilver" and checking again.

The problem is, if using subSilver makes the VC setting appear, your regular theme will need updating to make the Visual Confirmation graphic appear during registration. I haven't looked around at the other themes, so I've got no idea what is involved with that.
Jeff
Fixing 1016/1030/1034 Errors | (obsolete link) | MySQL 4.1/5.x Client Error | phpBBv2 Logo in ACP
Support requests via PM are ignored!
"To be fully alive is to feel that everything is possible." - Eric Hoffer
ropost
Registered User
Posts: 5
Joined: Tue Feb 15, 2005 1:13 pm

Post by ropost »

Code: Select all

$coppa = ( ( !$HTTP_POST_VARS['coppa'] && !$HTTP_GET_VARS['coppa'] ) || $mode == "register") ? 0 : TRUE;

			$s_hidden_fields = '<input type="hidden" name="mode" value="edit" /><input type="hidden" name="agreed" value="true"  /><input type="hidden" name="coppa" value="' . $coppa . '" />';
			$s_hidden_fields .= '<input type="hidden" name="id" value="' . $user_id . '" />';

Code: Select all

{
		$s_hidden_fields = '<input type="hidden" name="mode" value="save" /><input type="hidden"  name="agreed" value="true"  /><input type="hidden" name="coppa" value="' . $coppa . '" />';
		$s_hidden_fields .= '<input type="hidden" name="id" value="' . $this_userdata['user_id'] . '" />';

		if( !empty($user_avatar_local) )

S if I uderstand it well
It is just a matter of "find an replace ALL" in the the files

like

Code: Select all

{
		$s_hidden_fields = '<input type="hidden" name="mode" value="save" /><input type="hidden" [color=red]name="AgrEEd" value="true" [/color]/><input type="hidden" name="coppa" value="' . $coppa . '" />';
		$s_hidden_fields .= '<input type="hidden" name="id" value="' . $this_userdata['user_id'] . '" />';

		if( !empty($user_avatar_local) )
Right

Sorry but I'am verry new to this all and ower site suffers from all this Sh...t

Cheers
Robert
rreptile
Registered User
Posts: 166
Joined: Wed Oct 06, 2004 12:51 pm
Location: Canada

Post by rreptile »

espicom wrote: Visual confirmation is not a requirement for either my modification or Instant Ban. The work equally well with versions pre-dating 2.0.11.
[snip]
The problem is, if using subSilver makes the VC setting appear, your regular theme will need updating to make the Visual Confirmation graphic appear during registration. I haven't looked around at the other themes, so I've got no idea what is involved with that.


I use the Classic theme and after doing a patch upgrade from 2.0.10 to 2.0.11, I was not seeing the Visual Confirmation setting in the admin area nor was 2.0.11 appearing at the bottom of my forum index. So I uploaded the patched board_config_body.tpl to "templates/Classic/admin/" and both Visual Confirmation setting appeared in the admin area and the 2.0.11 was at the bottom of my forum index.

If you are using another theme than subSilver, you should probably check to make sure that board_config_body.tpl is basically the same as the subSilver admin file though.

As for whether the modification and/or instant Ban will work on earlier versions, it seems like a moot point. It would be better to upgrade to 2.0.11. Take a look at:
http://www.phpbb.com/phpBB/viewtopic.php?t=244451
espicom
Registered User
Posts: 17905
Joined: Wed Dec 22, 2004 1:14 am
Location: Woodstock, IL

Post by espicom »

It is just a matter of "find an replace ALL" in the the files?


Yes, so long as you're doing a case-sensitive find/replace. Some editors will go kind of wacko if you don't specify that. :)

Also, vi will not replace two occurances on the same line, so you have to repeat the replace on one of the files... the one that has 6 occurances.
Jeff
Fixing 1016/1030/1034 Errors | (obsolete link) | MySQL 4.1/5.x Client Error | phpBBv2 Logo in ACP
Support requests via PM are ignored!
"To be fully alive is to feel that everything is possible." - Eric Hoffer
ropost
Registered User
Posts: 5
Joined: Tue Feb 15, 2005 1:13 pm

Post by ropost »

Thanx
I give it a tray
Cheers
Robert
luzi82
Registered User
Posts: 3
Joined: Tue Feb 22, 2005 2:43 pm

Re: Fight the spam registration bots!

Post by luzi82 »

espicom wrote: With a text editor, search for "agreed", and replace it with your own choice of mixed case, or even something like "IAmInAgreement". As long as all references to this variable are identical, registration and profile changes work as before... except for those trying to bypass the system.


Just thinking it can be easily bypassed by simple checking.
Anyway, it is still a good idea.

How about that...
create a "victim phpBB" and let everyone crack it...
so we can know if the security feature is solid or not...
espicom
Registered User
Posts: 17905
Joined: Wed Dec 22, 2004 1:14 am
Location: Woodstock, IL

Post by espicom »

Just thinking it can be easily bypassed by simple checking.


Quite true. But the bots in question never bother checking such things. Their first entry into the system is to do an HTTP POST to profile.php, with all the right variables filled in. Only, once you've made this simple mod, they're no longer "all the RIGHT variables", because one is wrong. And, ideally, very few boards will do it the same way, so each board's variation needs to be checked.

Plus, combined with the "Instant Ban" MOD, their first attempt will likely be the last one they can manage from that IP...

Layers of protection... Nothing that can't be picked apart by a human or a more intelligent script on the attacking end, but it raises the cost of doing it, just as putting in User Activation and not displaying inactive member profiles.
Jeff
Fixing 1016/1030/1034 Errors | (obsolete link) | MySQL 4.1/5.x Client Error | phpBBv2 Logo in ACP
Support requests via PM are ignored!
"To be fully alive is to feel that everything is possible." - Eric Hoffer
Frold
Registered User
Posts: 447
Joined: Sat Nov 02, 2002 8:19 am

Post by Frold »

Frold wrote: great idea I give it a test :D

Hope that I will not see bots on my memberlist any more :D


well it solved my problems...

After I made the 3-4 file changes I have no new bots registered so that is just great!!
espicom
Registered User
Posts: 17905
Joined: Wed Dec 22, 2004 1:14 am
Location: Woodstock, IL

Post by espicom »

Tacking this information onto this topic so it's a "one stop" thread to fight spam registration bots... This time, by making your forum useless to them.

The spammers are trying to increase their GOOGLE ratings by having their sites linked to on as many boards as possible. They're hoping the trouble they've gone through of automating registration gets them yet another website linking to them. The steps below remove you from their low-life gene pool, so to speak.

First step is to open the Administrative Control Panel, set "Enable User Activation" to "user", to force them to use a valid email address during registration... if they don't, they won't be able to activate their membership.

Next, we make it so that inactive member's records do not appear in the Membership list. Open your memberlist.php file, and go down to line 145. You will find an SQL query being built. The following changes do two things; they remove anyone who hasn't been activated from the list, and they hide ALL websites from the list. The sites are still available if you view an individual profile, but the main list won't have them:

Code: Select all

$sql = "SELECT username, user_id, user_viewemail, user_posts, user_regdate, user_from, \"\" as user_website, user_email, user_icq, user_aim, user_yim, user_msnm, user_avatar, user_avatar_type, user_allowavatar 
	FROM " . USERS_TABLE . "
	WHERE user_id <> " . ANONYMOUS . " AND user_active = 1
	ORDER BY $order_by";
The bits added substitute a blank for the user_website variable, and filter the results based upon whether or not the user is active.

You still have to clean the old spam registrations out of your system. A quick way to do this is to use PHPMyAdmin to browse your phpbb_users table, and sort on the password field. Most of the bots use just a couple of passwords; look for blocks of identical passwords.
Jeff
Fixing 1016/1030/1034 Errors | (obsolete link) | MySQL 4.1/5.x Client Error | phpBBv2 Logo in ACP
Support requests via PM are ignored!
"To be fully alive is to feel that everything is possible." - Eric Hoffer
BlueRook
Registered User
Posts: 2892
Joined: Wed Mar 10, 2004 2:38 am

Post by BlueRook »

Next, we make it so that inactive member's records do not appear in the Membership list.


There are some other changes that should be made as well. Just making them not show up will cause problems with the pagination if you get over one page of users (inactive + active). There are quite a few posts on the forum on how to impliment inactive user hidding and make it so that they don't show up anywhere -- even if you attempt to go to the inactive profile.
Locked

Return to “2.0.x Support Forum”