Ban all gmail "multiple dot" users

Get help with installation and running phpBB 3.3.x here. Please do not post bug reports, feature requests, or extension related questions here.
kranio
Registered User
Posts: 18
Joined: Mon Feb 19, 2007 10:06 am

Re: Ban all gmail "multiple dot" users

Post by kranio »

Back to the topic: How can I easily get rid of the gmail users with multiple dots.
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72565
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK

Re: Ban all gmail "multiple dot" users

Post by KevC »

It is on topic. It's far easier to stop them from registering in the first place with good Q&A.
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
User avatar
rockedge
Registered User
Posts: 77
Joined: Sat Nov 30, 2019 9:10 pm

Re: Ban all gmail "multiple dot" users

Post by rockedge »

We have had good results with a Q&A like:
What is the value used to multiply with a circle's diameter to calculate the circumference of that circle?

Answer is one of these possibilities = Pi, pi, π, 3.14, 3.141
exemplary1
Registered User
Posts: 195
Joined: Mon Feb 05, 2024 11:41 am

Re: Ban all gmail "multiple dot" users

Post by exemplary1 »

kranio wrote: Thu Mar 28, 2024 8:36 pm Back to the topic: How can I easily get rid of the gmail users with multiple dots.
Either you can do it in phpbb code as already suggested (could be complicated) or may be you can modify following extension to suit your need.
https://phpbbdev.space/viewtopic.php?t=40
( It's the site of one of the members here, and you need to register and get accepted before downloading the extension.)
vatreni
Registered User
Posts: 39
Joined: Sat Jul 16, 2022 1:07 pm

Re: Ban all gmail "multiple dot" users

Post by vatreni »

KevC wrote: Thu Mar 28, 2024 4:49 pm You can ask a question about something in the logo. You can ask for a word somewhere on a page, like the first word of the first forum etc. Those kinds of questions need some understanding and logic of how to work out the answer. AI is not so good at those.
May try that option as this is for a sports team. Interesting and thought-provoking replies, thanks all
dave2565
Registered User
Posts: 10
Joined: Mon Mar 25, 2024 2:15 am

Re: Ban all gmail "multiple dot" users

Post by dave2565 »

Your Q&A question should be one that you can't google to find an answer. If you can so can the spambots.

Try using Q&A anti-spam with a question like 'What are the second and five letters of the second word in the title of the forum?'
This works well.

Dave
projectpulse
Registered User
Posts: 4
Joined: Tue Jul 05, 2005 9:56 am

Re: Ban all gmail "multiple dot" users

Post by projectpulse »

vatreni wrote: Wed Mar 27, 2024 3:19 pm Current: 3.3.9
Planned 3.3.11

My query is a follow-up on viewtopic.php?t=2167909 from many years ago.

I have a Q&A spambot question in place, but this isn't stopping real (shady) people signing up with
[email protected]
[email protected]
etc etc

Banning by IP, email and even country (I have Filter by country extension) isn't working as they are obviously using VPNs to keep popping up all over.

I don't want to make the Q&A question so difficult as to be ungoogleable, so I'm wondering if the idea to ban

*.*.*.*@gmail.com
or even
*.*.*@gmail.com

still works, as I don't know any genuine gmail users who have more than one dot, so happy to rule out any gmail address with 2 dots or more.
when I seen the topic title I knew what this was going to be about.

imo this isn't the correct approach. you may not know anybody but my forum has many genuine users with multiple dots, we have 30,000+ plus members.

despite our Q&A working great for years without issue only recently we have had a deluge of spambots using AI I believe to get around it and past few topics ive seen on here the devs/mods seem to be dismissing it as your Q&A sucks when imo it doesn't, we just need to keep ahead of their tactics.

What I had to do recently was install the stop forum spam plugin
https://www.phpbb.com/customise/db/exte ... orum_spam/

I have went from 20-40 bots per day sitting in the moderation queue over the past week to 0 new registrations.

I still have a few stragglers that managed to register an account before the plugin was installed but that's stopped now too.
KevC wrote: Thu Mar 28, 2024 9:13 pm It is on topic. It's far easier to stop them from registering in the first place with good Q&A.
with all due respect, this is unhelpful. I don't think your team are taking onboard the severity of this recent wave of bots ability to crack even the hardest of Q&A.
User avatar
warmweer
Jr. Extension Validator
Posts: 11660
Joined: Fri Jul 04, 2003 6:34 am
Location: Van Allen Bel ... gium

&A

Post by warmweer »

projectpulse wrote: Fri Apr 05, 2024 4:14 pm
KevC wrote: Thu Mar 28, 2024 9:13 pm It is on topic. It's far easier to stop them from registering in the first place with good Q&A.
with all due respect, this is unhelpful. I don't think your team are taking onboard the severity of this recent wave of bots ability to crack even the hardest of Q&A.
With all due respect, on my main board which was terminated about 3 years ago (after being online for more than 20 years) I've only had to change my Q&A once (as in 1 time) and ... I've "worked" on countless other boards and easily eliminated spambot registrations (which wasn't the problem for which my assistance was requested) by using the Q&A.
Spelling is freeware, which means you can use it for free.
On the other hand, it is not open source, which means you cannot change it or publish it in a modified form.


Time flies like an arrow, but fruit flies like a banana.
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72565
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK

Re: Ban all gmail "multiple dot" users

Post by KevC »

projectpulse wrote: Fri Apr 05, 2024 4:14 pm with all due respect, this is unhelpful. I don't think your team are taking onboard the severity of this recent wave of bots ability to crack even the hardest of Q&A.
We are because we got it as well and we had it on our own boards.
I changed my Q&A and it stopped. That's it.

We know from experience that if you have a Q&A that is based on general knowledge like what colour is the sky, the bots will crack it immediately. Anything you can get the answer for on google will be beaten pretty quickly. You have to think a bit more laterally with a question that requires understanding and logic to solve, like asking something about a logo etc. Also though, that cannot be an easy question like what colour is... or how many... because they'll just try red, blue, green etc until they get it right. At the moment, the bots really struggle with things you have to solve and understand and your question can be effective for a very long time.
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
projectpulse
Registered User
Posts: 4
Joined: Tue Jul 05, 2005 9:56 am

Re: &A

Post by projectpulse »

warmweer wrote: Fri Apr 05, 2024 6:24 pm
projectpulse wrote: Fri Apr 05, 2024 4:14 pm


with all due respect, this is unhelpful. I don't think your team are taking onboard the severity of this recent wave of bots ability to crack even the hardest of Q&A.
With all due respect, on my main board which was terminated about 3 years ago (after being online for more than 20 years) I've only had to change my Q&A once (as in 1 time) and ... I've "worked" on countless other boards and easily eliminated spambot registrations (which wasn't the problem for which my assistance was requested) by using the Q&A.
we tried the name the forums last three letters etc which im sure i read on here worked but they got by that on ours. we tried uncommon questions and ones only relating to our little part of the internet which would take a really deep dive in to the hobby to find out but those in the know would get it pretty quickly. tried some suggestions from here too to no avail, maybe those forums weren't quite popular enough to continue on or because of the thinking "no bots = working Q&A" when they might not be getting hit by bots to begin with... I don't know just thinking out loud. we are the biggest in all of europe when it comes to our hobby we got a shed load of attention from the bots and crawlers, don't get me started on openai scraping our site but that's an whole other story :x

these damn things got smarter all of a sudden and all im saying is Q&A wont always work and will only get worse imo.
KevC wrote: Fri Apr 05, 2024 6:34 pm
projectpulse wrote: Fri Apr 05, 2024 4:14 pm with all due respect, this is unhelpful. I don't think your team are taking onboard the severity of this recent wave of bots ability to crack even the hardest of Q&A.
We are because we got it as well and we had it on our own boards.
I changed my Q&A and it stopped. That's it.

We know from experience that if you have a Q&A that is based on general knowledge like what colour is the sky, the bots will crack it immediately. Anything you can get the answer for on google will be beaten pretty quickly. You have to think a bit more laterally with a question that requires understanding and logic to solve, like asking something about a logo etc. Also though, that cannot be an easy question like what colour is... or how many... because they'll just try red, blue, green etc until they get it right. At the moment, the bots really struggle with things you have to solve and understand and your question can be effective for a very long time.
im glad you are taking it onboard and its worked for you, don't take my tone as disparaging.
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72565
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK

Re: Ban all gmail "multiple dot" users

Post by KevC »

Like warmweer, I'm also using an effective Q&A. I think I've changed it twice in 3 years and one of those was from this recent attack. I use the same style on 3 sites and they're all equally effective.
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
projectpulse
Registered User
Posts: 4
Joined: Tue Jul 05, 2005 9:56 am

Re: Ban all gmail "multiple dot" users

Post by projectpulse »

KevC wrote: Fri Apr 05, 2024 8:26 pm Like warmweer, I'm also using an effective Q&A. I think I've changed it twice in 3 years and one of those was from this recent attack. I use the same style on 3 sites and they're all equally effective.
im curious is it the "type" an answer style Q&A or the drag and drop the answers like seen on here ?

sorry vatreni i seem to be hijacking your topic but I hope it give you some insight, i feel your pain :)
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72565
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK

Re: Ban all gmail "multiple dot" users

Post by KevC »

It's a question.
You can see it if you click my sig. I don't like to post on here saying what it is because it works! And actually myself and Mick experimented and you can actually make it very very very simple indeed. The difficult bit for the bots is that you have to understand what the task is.
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 6305
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.

Re: Ban all gmail "multiple dot" users

Post by thecoalman »

projectpulse wrote: Fri Apr 05, 2024 4:14 pm imo this isn't the correct approach. you may not know anybody but my forum has many genuine users with multiple dots, we have 30,000+ plus members.
For Gmail it's specific case, they don't count the periods as part of the email address so a spammer can reuse the same email address multiple times with periods in different places. These both go to the same gmail inbox:
You wouldn't ban the periods but you would need to check for duplicates when the user was using Gmail account.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”

Attributed - Thomas Edison
vatreni
Registered User
Posts: 39
Joined: Sat Jul 16, 2022 1:07 pm

Re: Ban all gmail "multiple dot" users

Post by vatreni »

projectpulse wrote: Fri Apr 05, 2024 8:33 pm sorry vatreni i seem to be hijacking your topic but I hope it give you some insight, i feel your pain :)
The further discussion is most welcome.

I didn't ban the "dots". Instead I took advice from this topics and some PMs, and have added a couple of questions to my Q&As. Although they are of the type "what colour/animal is on this bit of the logo" so could be guessed by a persistent bot, in fact so far they have cut out the spammer sign-ups by 100%. None have tried since.

Of course I am monitoring, but that advice has proved sound thus far.

Return to “[3.3.x] Support Forum”