[Discuss] Preventing Spam in phpBB3

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Get Involved
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72343
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: [Discuss] Preventing Spam in phpBB3

Post by KevC »

Fixed
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
k3lt01
Registered User
Posts: 5
Joined: Fri Nov 13, 2015 3:46 am

Re: [Discuss] Preventing Spam in phpBB3

Post by k3lt01 »

Some time ago I installed phpBB 3.1 and have taught myself my way around the admin and mod sections. The forum is already publicly visible but required admin approval to join. I did this to find patterns in spam and I have noticed many are from IP addresses or email addresses originating in China and Russia. Because my forum is intended to be specifically for the South Pacific region I wonder is there a way I can just block particular regions/countries from trying to join, or even better just allow uses from certain regions/countries to join?
User avatar
Lumpy Burgertushie
Registered User
Posts: 69223
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: [Discuss] Preventing Spam in phpBB3

Post by Lumpy Burgertushie »

possible, but , spammers do not always use the same IP or even those from certain countries.

the best thing to do is simply setup the Q&A with a good non-searchable question/answer that only humans could answer and that will stop all the spam bots in their tracks.


robert
Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
User avatar
durangod
Registered User
Posts: 789
Joined: Tue Nov 03, 2009 1:26 pm
Location: USA East Texas
Name: Dave

Re: [Discuss] Preventing Spam in phpBB3

Post by durangod »

did not find anything for reCaptcha in the extensions that was downloadable, the one i found was empty. But has anyone used this and can recommend or not recommend it..

https://github.com/secondsparrow/phpbb-3.1-recaptcha

im just weary about putting github files on my site that i know nothing about.

thanks
Username is short for durango d (durangodave)
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26506
Joined: Fri Aug 29, 2008 9:49 am

Re: [Discuss] Preventing Spam in phpBB3

Post by Mick »

durangod wrote:has anyone used this and can recommend or not recommend it
Have you contacted the author? As it's third party code that's where you should go in the first place.
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel
User avatar
david63
Registered User
Posts: 20646
Joined: Thu Dec 19, 2002 8:08 am

Re: [Discuss] Preventing Spam in phpBB3

Post by david63 »

Just a point of interest - reCaptcha ships with phpBB 3.2
David
Remember: You only know what you know and - you don't know what you don't know!

I now no longer support any of my extensions but they will start to become available here
User avatar
durangod
Registered User
Posts: 789
Joined: Tue Nov 03, 2009 1:26 pm
Location: USA East Texas
Name: Dave

Re: [Discuss] Preventing Spam in phpBB3

Post by durangod »

Thanks david great info :0 )
Username is short for durango d (durangodave)
User avatar
pjdm
Registered User
Posts: 35
Joined: Thu Aug 07, 2008 9:27 pm
Location: Calgary eh?
Name: Paul Miller
Contact:

Re: [Discuss] Preventing Spam in phpBB3

Post by pjdm »

stevemaury wrote:It is senseless and unnecessary to have more than one Q&A question. If a question gets cracked, you will not know which one, so you will have to change all of them. One good question is all that is needed.
Just following up now that I'm preparing to move from 3.0.14 to 3.1.x

My [4-6] questions so far have prevented spammers from joining my site over the last 4 years. Similar sites to mine are littered with comments about spammers and who to trust etc. I found that a series of steps to actively monitor the registrations, asking for unique fields, CAPTCHA questions and checking IP and a few other things has caught all of them so far. I'm going to try and automate some of this now that I have a good procedure that seems to work. Obviously, boards with hundreds of registrations daily can't do this but I get 3-5 and I have 1700 members and so far this has worked. Prior to this implementation I would get dozens of illegitimate registrations daily.

When I notice someone has registered but not been approved and is a spammer (it is obvious) I go back and change my questions. It is not hard in a specific field like mine to develop questions that will survive attack for a few months.
User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 52768
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: [Discuss] Preventing Spam in phpBB3

Post by stevemaury »

A link to your board, please?
I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)
User avatar
pjdm
Registered User
Posts: 35
Joined: Thu Aug 07, 2008 9:27 pm
Location: Calgary eh?
Name: Paul Miller
Contact:

Re: [Discuss] Preventing Spam in phpBB3

Post by pjdm »

LancairTalk.net
skybound
Registered User
Posts: 200
Joined: Wed Nov 12, 2003 7:11 am
Location: Port Elizabeth - South Africa
Contact:

Re: [Discuss] Preventing Spam in phpBB3

Post by skybound »

Using the simple Captcha together with the StopForumSpam mod does the trick for us. Get the odd one getting by, but are in the region of 1 every two to three months. According to the logs, around 20 registrations prevented per day by StopForumSpam on our board.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26506
Joined: Fri Aug 29, 2008 9:49 am

Re: [Discuss] Preventing Spam in phpBB3

Post by Mick »

I suggest that your Q&A is too simple. Asking for one letter in the site name which happens to be the first letter of the alphabet would be easy to get past for a bot.
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel
User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 52768
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: [Discuss] Preventing Spam in phpBB3

Post by stevemaury »

Also, I googled the answer to "ADS-7_". Also the answer to "National Transportation Safety __". Again, the problem is that when you get a bot registration, you do not know which question was broken so you have to change them all. Plus, if a bot has problems with one question, it can refresh the page until it gets one it can answer (which seems to be most of them).

ONE GOOD question is all you need.
I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)
User avatar
pjdm
Registered User
Posts: 35
Joined: Thu Aug 07, 2008 9:27 pm
Location: Calgary eh?
Name: Paul Miller
Contact:

Re: [Discuss] Preventing Spam in phpBB3

Post by pjdm »

respectfully, I disagree. My results are telling. If you incorporate some of the suggestions by AmigoJack above then bots cannot hammer away indefinitely until they find an answer--they get blocked after [x] attempts. Having more than one question allows my junior members a way to register if they don't know the answer to the first or second question. I want a reasonable test so that all legitimate members can register and it gets a few bots who try but fail on the second and third tests I provide.

For example, some european members might not be as familiar with the questions that north americans would be so I give them a few opportunities. Lastly, bots fill profile fields in a specific manner (at least for me they do) and I can filter those out if they get past the Q&A. Plus, I require a confirming email which bots never do. I filter those out. And, bots have to provide a legit email address which they almost never do. It works well so far.

The singular Q&A might be valid for your purpose of blocking bots but my multiple Q&A allows legit members to get through and that is more important to me. I can handle the bots on my next filtering steps (so far).

[edit: and I really do appreciate the time you take to reply and discuss this issue and others.]
User avatar
Lumpy Burgertushie
Registered User
Posts: 69223
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: [Discuss] Preventing Spam in phpBB3

Post by Lumpy Burgertushie »

It is very good that you have a method that works for you. however, using the Q&A with a good non searchable question has and is working very well for many many thousands of phpbb users out in the world.
the whole point is to find a question that any human can answer but no bot can find the answer for.
usually it seems to work best if the question is something about the website like what is the person in the logo holding etc. you give multiple possible answers in case of misspelling or language things etc. but only the one question.

you can't have yes/no, what color is?, math questions etc. all of those types are either easy to find in google or to guess etc.


robert
Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
Locked

Return to “[3.0.x] Support Forum”