Flood of spam accounts.

Get help with installation and running phpBB 3.1.x here. Please do not post bug reports, feature requests, or extension related questions here.
Scam Warning
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

NOTE: phpBB 3.1.x is at its End of Life stage and support will NOT be provided after July 1st, 2018.
Locked
scorpiors
Registered User
Posts: 127
Joined: Fri Sep 09, 2011 6:14 am

Flood of spam accounts.

Post by scorpiors » Sun Jul 23, 2017 5:09 am

I am using phpbb 3.1.5. Since last one month daily 80-100 spam accounts are registering on my board. I tried security plugins Q&A/GD Image/GD 3D Image/Simple Image options in Spambot countermeasures option of Admin Panel. But all the attempts of saving board from spammer accounts are failed. Please suggest me the ways to get rid of these spammers.
inactive.jpg

User avatar
david63
Registered User
Posts: 16328
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: Flood of spam accounts.

Post by david63 » Sun Jul 23, 2017 7:16 am

The tried and tested method to reduce to almost nil (you will never stop 100% of spam accounts) is to have a good Q&A, the answer to which cannot be Googled (something pertinent to your site) together with the use of the Newly Registered Group.
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

User avatar
mrgtb
Registered User
Posts: 557
Joined: Wed Oct 03, 2007 10:51 am

Re: Flood of spam accounts.

Post by mrgtb » Sun Jul 23, 2017 9:31 am

I've read a few people reporting a sudden big increase in spamming this week using other forum software as well. I've been getting the same also on my forum for past few weeks, spam registrations has increased massively on my board that don't validate the accounts.

User avatar
david63
Registered User
Posts: 16328
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: Flood of spam accounts.

Post by david63 » Sun Jul 23, 2017 9:53 am

mrgtb wrote:
Sun Jul 23, 2017 9:31 am
I've read a few people reporting a sudden big increase in spamming this week using other forum software as well. I've been getting the same also on my forum for past few weeks, spam registrations has increased massively on my board that don't validate the accounts.
Probably a new wave of bots
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

User avatar
KevC
Support Team Member
Support Team Member
Posts: 69239
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Flood of spam accounts.

Post by KevC » Sun Jul 23, 2017 10:44 am

OP, you should certainly change to Q&A because you're currently running GD which was beaten ages ago.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"

Littlespace
Registered User
Posts: 31
Joined: Mon Aug 10, 2015 5:16 pm

Re: Flood of spam accounts.

Post by Littlespace » Sun Jul 23, 2017 9:54 pm

I'm not a part of the phpBB team or anything, but I've used phpbb on and off for a couple of years now. I recently started back with the release of 3.2.x and I found I, too, was receiving massive, massive amounts of bots accessing my site. It wasn't too big of a deal until those same spambots were also trying to run jqueries in mass amounts, bogging down my system resources on a shared server. Every single night from between 12AM until around 5AM my site was unavailable due to the attacks. It got pretty intense, and I'd say my host was probably tired of trying to deal with some of it (they had to temporarily suspend the site a few times to stop the bot access from taking down other sites on the server).

I searched the forums here. So, this is my current set-up that has reduced the spambots by a tremendous amount:
  • Enabled the Q&A spambot countermeasures on registration plugin
    • My forum required 18+ age restriction so I just used that as a part of registration as well. It isn't foolproof from some of the spambots but has helped so my question is: "Answer this question truthfully with only one English word. All viewers and members on our site are required to be biologically 18 years old or older. Are you 18+ today?:"
  • I installed the extension Stop Forum Spam (3.1.x) (3.2.x)
  • I downloaded and installed a php security script called ZB BLOCK
So far, I've seen a lot of positive results. The only issues I've had with the above are:
  • The Q&A plugin is, again, not fool-proof and some of the bots (generally the Russian-based ones, for whatever reason) did eventually learn how to answer it appropriately.
  • I made an account on the StopForumSpam site to help them out and send my data over when a bot was blocked. Somehow my I.P. there got listed as a spammer as well. I had to work that out by sending four e-mails into that team and explaining the situation. It didn't prevent me from using the extension but it personally concerned me. All was worked out but I am still clueless as to how I was marked as spamming.
  • ZBBlock was incredibly easy to install and minorly tweak after I read the guide, but instantly banned the Tapatalk third-party access from the site. It ended up being a very, very good thing (it turns out that they were leaving some access scripting open that was also hogging server resources and creating attack vulnerabilities) but took a bit to work out well. Some members were banned from the server just by accessing the site through Tapatalk so I had to request they remove our site from their database. They were quick, and I just purged the ban-file to start over with ZBBlock. So...no Tapatalk but yay for a happier server.
I've not had any more attacks after ZBBlock ran it's course for about 48 hours. Instead of getting 15+ "contact admin" spam messages a day I get about 2. Spambot registration has been at an all-time low for my site, and even when they somehow do get to register they are usually instantly banned by the StopForumSpam extension at this point. The site has not had to be suspended due to spambot attacks and the server resources haven't been exceeded at all. This has been a positive change ongoing for about 2 months now so I'm fairly pleased at the current state.

User avatar
RMcGirr83
Recognised Extension Developer
Posts: 21034
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr
Contact:

Re: Flood of spam accounts.

Post by RMcGirr83 » Mon Jul 24, 2017 1:19 am

Littlespace wrote:
Sun Jul 23, 2017 9:54 pm
Instead of getting 15+ "contact admin" spam messages a day I get about 2.
That is a well known issue due to the lack of a captcha on the core contact admin which is why I created the contact admin extension.

https://www.phpbb.com/customise/db/exte ... act_admin/
In times of change, learners inherit the earth, while the learned find themselves beautifully equipped to deal with a world that no longer exists - Eric Hoffer
Former Modifications/Extensions Team Member | My extensions
Appreciate the extensions/mods/support then buy me a beer
All requests for support via PM will be ignored

Locked

Return to “[3.1.x] Support Forum”