What is actually being done against phpbb spam?

The 2.0.x discussion forum has been locked; this will remain read-only. The 3.0.x discussion forum has been renamed phpBB Discussion.
arod-1
Registered User
Posts: 1327
Joined: Mon Sep 20, 2004 1:33 pm

Post by arod-1 »

one thing i didnt see any of you conside is the spammers themselves.
it is my understanding that one of the main motivations of (some of the) spammers, is not so much the perceived traffic they will gain from their spams, but rather the search-engine rating they can gain by creating numerous links on numerous sites for the web-site they are advertising.

there is one simple, and, i think, effective way to reduce or eliminate this motivation:
append a

Code: Select all

rel='nofollow'
to each user-submitted link.
the rel='nofollow' as part of the <a ...> tells the search engines not to use this link for the rating of the site.

this simple step will eliminate a huge part of the motivation to spam.
of course, if this change is done as a MOD, it is practically useless, because the spammers do not know whether this mod is installed, so they will spam you anyway.

the only place this will be effective is in a new bbs system, and only if it is in the core code.
for all practical purposes olympus is a new bbs system, so, if olympus developers will incorporate this simple change into the core, olympus boards will suffer significantly less spamming that phpbb v2.
User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Post by EXreaction »

arod-1 wrote: this simple step will eliminate a huge part of the motivation to spam.
of course, if this change is done as a MOD, it is practically useless, because the spammers do not know whether this mod is installed, so they will spam you anyway.

the only place this will be effective is in a new bbs system, and only if it is in the core code.
for all practical purposes olympus is a new bbs system, so, if olympus developers will incorporate this simple change into the core, olympus boards will suffer significantly less spamming that phpbb v2.


I completely agree with you there, a lot of people think that by installing a mod like that would stop spam. Well, it won't unless everyone does it and every spammer knows their links won't work for search engins anymore. Otherwise they will just keep doing it.

Yep, phpBB3 has a all new registration page. Only the things you need are on it like username/password/email address/captcha. And with it that way, a user has to register and then log in(and activate if email activation is on). And then change the settings. Which will help some I guess but once they start doing that we will be right back where we started.

You could go to the phpBB3 development board and ask them if its in there. If its not, you could suggest it(suggestions are usually not accepted anymore for 3, but with something this small that could really help a lot they might do it).
EssentialParadox
Registered User
Posts: 39
Joined: Thu Sep 01, 2005 4:34 am

Post by EssentialParadox »

karlsemple wrote: spam bots are a problem with all forum software, and they will continue to be a problem. As we develop ways to stop them, equally talented bot creators will find ways of getting back into forums. this circle is likely to be one which continues

But that doesn't mean we have to sit back and do nothing.

I have seen plenty of brilliant suggestions on how we can be 'proactive', rather than 'reactive' to the spam. One is right there above with the simple "nofollow" addition to user posted urls. Spammers would begin to realize their efforts are futile.

This would really work. It's at least somewhere to start. Can we do this?
User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE
Contact:

Post by drathbun »

In my opinion nofollow (and some of the other options suggested) is essentially pointless. Here's why.

Spammers don't stop to check and see if your board requires activation before they're shown in the memberlist. Spammers won't stop to check and see if a nofollow tag is added to their web address. Spammers don't really care what we do, they just turn their robots loose on the web.

If they hit 5,000 boards, get rejected by half, deleted by another half, that's still 1,250 boards they got their links into. It's not worth their time to check to see, "Oh, gee, this board uses the nofollow attribute so I'll skip spamming their memberlist."

Even if nofollow were to be added to the core distribution (instead of requireing a MOD) there are so many older "legacy" versions of phpBB running that spammers will continue to attack the board as an easy target.

It's putting us as someone has stated in "reactive" mode rather than "proactive" mode. And no matter how sophisticated you get at foiling robot registrations, there will always be the issue of human registrations. Afterall, we do want people to be able to register. ;-) So a certain amount of post-registration pruning is going to be required.

I have seriously contemplated blocking any / all .biz and .info email addresses, as that's where the bulk of my spam attacks are coming from now. Every time you block one door they start coming in through the window. It's a never ending battle.
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image
User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Post by EXreaction »

drathbun wrote: Even if nofollow were to be added to the core distribution (instead of requireing a MOD) there are so many older "legacy" versions of phpBB running that spammers will continue to attack the board as an easy target.


Which is why it should be added to Olympus. I haven't looked myself, but do you know if they added it?
Last edited by EXreaction on Fri Jun 09, 2006 7:38 pm, edited 2 times in total.
User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE
Contact:

Post by drathbun »

EXreaction wrote: Which is why it should be added to Olympus. I haven't looked myself, but do you know if they added it?

I do not know, personally, and since you quoted me I felt compelled to respond even though it wasn't actually helpful. :-) Hopefully someone else that knows can confirm.
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image
User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Post by EXreaction »

I looked into it myself. It doesn't seem so.

Memberlist_body.html (where it displays the www button)

Code: Select all

<td class="gen" align="center">&nbsp;<!-- IF memberrow.U_WWW --><a href="{memberrow.U_WWW}" target="_blank">{WWW_IMG}</a><!-- ENDIF -->&nbsp;</td>
memberlist.php (the www output section)

Code: Select all

'U_WWW'			=> (!empty($data['user_website'])) ? $data['user_website'] : '',

So, you guys want to all request for this on area51(the Olympus Development board)? I will start a thread and see what they say.
http://area51.phpbb.com/phpBB/index.php


EDIT: Thread is here if you want to throw in your thoughts...
http://area51.phpbb.com/phpBB/viewtopic.php?t=23949
User avatar
bacon tacon
Registered User
Posts: 265
Joined: Sun Oct 27, 2002 8:17 pm
Contact:

Post by bacon tacon »

I wrote a long and carefully considered contribution to this discussion - so long in fact, my log-in timed out. So when I clicked "Submit" I was prompted to log-in again. Whereupon my grand thesis dissapeared into the ether. Frantic back tracking no use - nothing stored in cache.

Sorry to end up posting off-topic but AAAARRRRHHH :x this is even more irritating than Spam and I know it has happened to my forum users. In fact I helpfully advised one recently - always copy to clipboard before submitting.

Ok - I forgot to take my own advice...
But can't this be fixed somehow? It is about the most user-unfriendly experience a forum can offer.

highlight control C
EssentialParadox
Registered User
Posts: 39
Joined: Thu Sep 01, 2005 4:34 am

Post by EssentialParadox »

There must be something that can be done. Even with deleting all spam within 30 minutes on one of my boards, members recently created a topic questioning what is going on with all those spam bots. That's how bad it's gotten - the members are posting up about it now!

I think the real question is: why do I get more phpbb spam than I do email spam? I think we need to start thinking outside of the box, people.
User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Post by EXreaction »

EssentialParadox wrote: There must be something that can be done. Even with deleting all spam within 30 minutes on one of my boards, members recently created a topic questioning what is going on with all those spam bots. That's how bad it's gotten - the members are posting up about it now!

I think the real question is: why do I get more phpbb spam than I do email spam? I think we need to start thinking outside of the box, people.


If your having a problem with spam now, check out this thread with mods that work against them.
http://www.phpbb.com/phpBB/viewtopic.php?t=393503
EssentialParadox
Registered User
Posts: 39
Joined: Thu Sep 01, 2005 4:34 am

Post by EssentialParadox »

EXreaction wrote:
EssentialParadox wrote: If your having a problem with spam now, check out this thread with mods that work against them.
http://www.phpbb.com/phpBB/viewtopic.php?t=393503
One person says: "install mods to combat it"
Another says: "don't install mods. You need to be free to install core updates."
jkessels
Registered User
Posts: 10
Joined: Sat Jun 10, 2006 1:10 pm

Animated CAPTCHA verification

Post by jkessels »

I've built a new verification image generator, see thread Animated CAPTCHA verification, and I was wondering if people would like to test it. I think it is very strong and will block all robots, but I'd like to hear what other people think about it.
User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Re: Animated CAPTCHA verification

Post by EXreaction »

jkessels wrote: I've built a new verification image generator, see thread Animated CAPTCHA verification, and I was wondering if people would like to test it. I think it is very strong and will block all robots, but I'd like to hear what other people think about it.


That looks pretty good.
For the time it will block every robot, but thats only because no robot has been programed for that kind of Captcha yet.
I am not saying its possible for a bot to figure it out(it would have to analyze each frame and figure out what parts are not moving), but it would definatly be harder for the coders to program for.

I would send that info to the guy that runs this site:
http://sam.zoy.org/pwntcha/

I don't know anyone that is good at finding the weaknesses in captchas, but if yours has one, I am sure he would be able to find it for you and tell you how to improve it. 8)
EssentialParadox
Registered User
Posts: 39
Joined: Thu Sep 01, 2005 4:34 am

Post by EssentialParadox »

yeah, I was about to mention you should submit it to that guy. He might be able to point out a lot of flaws or suggestions. Or he might just be plain impressed with the idea!
EssentialParadox
Registered User
Posts: 39
Joined: Thu Sep 01, 2005 4:34 am

Post by EssentialParadox »

Everyone seemed to be just making the captcha's more and more subtle and more difficult for ANYONE to decode (including humans), especially in the phpbb3 captcha examples I've seen. But this takes a completely new direct, which I think is a lot better.

One suggestion: slow down the movement by maybe half, so it doesn't trigger epilepsy.
Locked

Return to “2.0.x Discussion”