Split from spam topic [*Read The First Post*]

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Locked
User avatar
Albert Wiersch
Registered User
Posts: 159
Joined: Sat Dec 11, 2004 6:00 pm
Location: Lantana, TX
Name: Albert Wiersch
Contact:

Post by Albert Wiersch »

VictorSand wrote: i get several "undeliverable mail returned to sender" a day. mails containing attempts to sign up from adresses like [email protected] etc.

i get them back, but they still get trough ([email protected] is registred etc.) i jhave both user activation and visual confirmation on. i find it strange that the bots can come through anyway. is there some door i've left wide open?


It has been my experience that spammers can easily get around the visual confirmation. I suggest the small, simple and very effective myVIPcode mod:
http://www.htmlvalidator.com/myvipcode.zip
Image
Albert Wiersch
https://htmlval.com/
User avatar
Ramon Fincken
Registered User
Posts: 4835
Joined: Thu Oct 14, 2004 1:04 am
Location: NL, The Netherlands Amsterdam area @GMT +1
Contact:

Post by Ramon Fincken »

@Albert Wiersch 1: yes I am aware of that

@Albert Wiersch 2: can you please open a topic in the mod DEV forum so you can point users to that topic? ( and provide support over there instead of on this topic? )


update: thanks !!
Last edited by Ramon Fincken on Tue Aug 29, 2006 4:54 pm, edited 1 time in total.
Dutch quality fully managed WordPress hosting - ManagedWPHosting.nl

Before changing a file, some code or installing a MOD >> Make a backup first!

Do you like my mods? paypal me $1 :) forumsoftware[AT}creativepulses[DOT}nl [/size]
PhpBBantispam.com || Instant find your mod here
User avatar
Albert Wiersch
Registered User
Posts: 159
Joined: Sat Dec 11, 2004 6:00 pm
Location: Lantana, TX
Name: Albert Wiersch
Contact:

Post by Albert Wiersch »

Ramon Fincken wrote: @Albert Wiersch 1: yes I am aware of that

@Albert Wiersch 2: can you please open a topic in the mod DEV forum so you can point users to that topic? ( and provide support over there instead of on this topic? )


OK... I hope this will work:
http://www.phpbb.com/phpBB/viewtopic.php?t=435702
Image
Albert Wiersch
https://htmlval.com/
User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29334
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Post by Marshalrusty »

VictorSand wrote: i get them back, but they still get trough ([email protected] is registred etc.) i jhave both user activation and visual confirmation on. i find it strange that the bots can come through anyway. is there some door i've left wide open?

Have you seen the first post in this topic? That's why it's there ;)
Last edited by Marshalrusty on Tue Aug 29, 2006 9:51 pm, edited 1 time in total.
🇺🇦 Made in Ukraine, exported to the USA 🇺🇸

Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs
User avatar
Ramon Fincken
Registered User
Posts: 4835
Joined: Thu Oct 14, 2004 1:04 am
Location: NL, The Netherlands Amsterdam area @GMT +1
Contact:

Post by Ramon Fincken »

url update :)

Add a VIP code during registration by Martin Aignesberger
>> http://www.phpbb.com/phpBB/viewtopic.php?t=435702
Dutch quality fully managed WordPress hosting - ManagedWPHosting.nl

Before changing a file, some code or installing a MOD >> Make a backup first!

Do you like my mods? paypal me $1 :) forumsoftware[AT}creativepulses[DOT}nl [/size]
PhpBBantispam.com || Instant find your mod here
User avatar
Puggs
Registered User
Posts: 80
Joined: Mon Oct 06, 2003 3:53 am
Location: Melbourne, Australia
Contact:

Post by Puggs »

Ramon Fincken wrote: can you point out any diferences with mine?

Code: Select all

RewriteEngine On   

RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .posting\.php*
RewriteCond %{HTTP_REFERER} !.*phpbbinstallers.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://www.google.com [R=301,L]  

RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .profile\.php*
RewriteCond %{HTTP_REFERER} !.*phpbbinstallers.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://www.google.com [R=301,L]  


it is very simular, i found though that some of the bots were setting the referer as something from else were in my site.

Since my post i have now found that there is a bot that goes to direct to posting a profile with the correct referer. it even called its self KennyTheBot, but since i have to approve any new member on the site it didn't do any damage. Just anoying.
Tammy
Registered User
Posts: 8
Joined: Tue Mar 26, 2002 5:38 am

solved my problem with people adding themselves...

Post by Tammy »

I logged into admin area,
went to user Admin.

clicked on Disallow Names.

In the first window that says:
Add a disallowed username
I simply placed a * in the field and added that as a disallowed name.
I tested it, it works, it does not allow any name to register.

I think this would be a good idea for phild - because he wants to have people request to be added as a forum member via email first.

Since by adding the * into the banned username, will not allow anyone to register, then what phild would have to do is first log into his phpbb and set up the person himself into the forum users. Then the new member will be registered.

One thing to note, when you enter * as a banned username, it will not block names already registered. But wont allow any to register. So the admin might have to go and remove * as a banned username first, then add the new registered user himself, then go back and place * into the banned username area.

Sorry if I rambled a bit... thats what a beer will do before typing...
cheers :lol:
User avatar
comperr
Registered User
Posts: 581
Joined: Mon May 08, 2006 2:35 am

Post by comperr »

Or you can set register to disable and then add them into the database itself, or set reg to admin and don't worry about changing the database
stickybit
Registered User
Posts: 15
Joined: Wed Oct 12, 2005 6:30 pm
Location: Denmark

Post by stickybit »

Here is a new and very effective robot blocker:

Alternative usercp_confirm.php for blocking robots
User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29334
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Post by Marshalrusty »

stickybit wrote: Here is a new and very effective robot blocker:

Alternative usercp_confirm.php for blocking robots

I'm sorry to say it, but that's not very difficult to crack.

You should post it in the MODs in Development forum using the MOD template, it you want it added to the list on the front page of this topic.
🇺🇦 Made in Ukraine, exported to the USA 🇺🇸

Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs
-=the0ne=-
Registered User
Posts: 207
Joined: Sat Jun 17, 2006 6:31 am
Contact:

Post by -=the0ne=- »

should b made a KB article...nice work mate
User avatar
Ramon Fincken
Registered User
Posts: 4835
Joined: Thu Oct 14, 2004 1:04 am
Location: NL, The Netherlands Amsterdam area @GMT +1
Contact:

Re: solved my problem with people adding themselves...

Post by Ramon Fincken »

Tammy wrote: I logged into admin area,
went to user Admin.

clicked on Disallow Names.
[ .. ]

Sorry if I rambled a bit... thats what a beer will do before typing...
cheers :lol:


http://www.phpbb.com/phpBB/viewtopic.php?t=393606 ?
Dutch quality fully managed WordPress hosting - ManagedWPHosting.nl

Before changing a file, some code or installing a MOD >> Make a backup first!

Do you like my mods? paypal me $1 :) forumsoftware[AT}creativepulses[DOT}nl [/size]
PhpBBantispam.com || Instant find your mod here
Goatweed
Registered User
Posts: 2
Joined: Tue Sep 05, 2006 2:31 pm
Location: http://www.cdih.net

question regarding the VIP mod

Post by Goatweed »

I read through this whole thread and the VIP mod sounds effective & exactly what I'm looking for. My forum has been getting an average of 2-3 spam signups per day for months now and while it's not a huge forum, it can be tedious to go in & clean up all of these accounts. I've enabled admin authorization as well as visual confimatio, etc. but they still sign up.

If I install this mod, where or how do I put/reference the code? Example, if John Doe wants to sign up he sees the field for the code but how does he know what to put there? I saw someone mention posting where to find it but wouldnt that just tell the spammers where as well? Or am I missing something? Does a user need to contact someone on the staff before registering to get the code?

Thanks for any help you can offer.
User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29334
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Re: question regarding the VIP mod

Post by Marshalrusty »

Goatweed wrote: If I install this mod, where or how do I put/reference the code? Example, if John Doe wants to sign up he sees the field for the code but how does he know what to put there? I saw someone mention posting where to find it but wouldnt that just tell the spammers where as well? Or am I missing something? Does a user need to contact someone on the staff before registering to get the code?

That's completely up to you :)

The strength of the MOD is that it modifies the standard registration form. If someone (a human) is specifically targetting your site, he/she will of course be able to modify the bot and add the VIP code. Since most SPAM comes from "standard" bots, even the slightest change in the registration form will be somewhat effective. As you said, you can also ask members to email the staff for the code, if that works for you.

As I said above, this MOD will not be effective against bots programmed to specifically target your board.
🇺🇦 Made in Ukraine, exported to the USA 🇺🇸

Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs
Goatweed
Registered User
Posts: 2
Joined: Tue Sep 05, 2006 2:31 pm
Location: http://www.cdih.net

Re: question regarding the VIP mod

Post by Goatweed »

Marshalrusty wrote:
Goatweed wrote:If I install this mod, where or how do I put/reference the code? Example, if John Doe wants to sign up he sees the field for the code but how does he know what to put there? I saw someone mention posting where to find it but wouldnt that just tell the spammers where as well? Or am I missing something? Does a user need to contact someone on the staff before registering to get the code?

That's completely up to you :)

The strength of the MOD is that it modifies the standard registration form. If someone (a human) is specifically targetting your site, he/she will of course be able to modify the bot and add the VIP code. Since most SPAM comes from "standard" bots, even the slightest change in the registration form will be somewhat effective. As you said, you can also ask members to email the staff for the code, if that works for you.

As I said above, this MOD will not be effective against bots programmed to specifically target your board.


ah, I see - so this doesn't really work on the human-factor, more on the automated bot factor. I dont think that having new signups need to ask for the VIP code would be a good thing, assuming noone is around to provide the code would turn away would-be members. And telling a new signup to 'Enter VIP # 456789' on the reg screen does as much good as the visual confirmation does when a human is the spammer (as I mentioned, I have this turned on so I'm assuming it's real people doing this spamming on my site).

Thanks for the reply, I'll keep my eyes open for better solutions to my problem.
Locked

Return to “2.0.x Support Forum”