Anti-Spam Thread!

The 2.0.x discussion forum has been locked; this will remain read-only. The 3.0.x discussion forum has been renamed phpBB Discussion.
Locked
User avatar
Dog Cow
Registered User
Posts: 2498
Joined: Fri Jan 28, 2005 12:14 am
Contact:

Re: Need Some Help

Post by Dog Cow »

DstrucTIonS wrote: I have spammers that are bypassing my registration page and creating accounts in phpBB. I am seeing returned registration email (in Brazillian ... my site is english) for the spammer. I have multi-language turned off. Anyone have an idea of how they are doing this? Is there a known issue with 2.20?

Any help is appreciated.

D


try checking out the very first page of this topic some of the modifications listed there ought to help you
Moof!
Mac GUI Vault: Retro Apple II & Macintosh computing archive.
Inside Allerton bookMac GUIMac 512K Blog
yoshimitsuspeed
Registered User
Posts: 18
Joined: Wed Oct 18, 2006 11:50 pm
Contact:

Post by yoshimitsuspeed »

I just installed
[2.0.20] registration disable website signature
and the mod that keeps unregistered users off the memberlist.

We were getting an overwhelming number of new members in the memberlist who turned out to be unregistered so these mods made that problem fairly manageable.
Unfortunately a funny thing happened.
We were only getting a few posting spammers a month before the mods. Now the member list is much more manageable but we are getting a couple spammers a day who register and post.

What would you guys recomend as the next layer of defense?

I just saw spamwords. I will try that now.
User avatar
stevemagruder
Registered User
Posts: 210
Joined: Wed Jul 02, 2003 2:05 pm
Location: Louisville, KY
Contact:

Post by stevemagruder »

yoshimitsuspeed wrote: I just installed
[2.0.20] registration disable website signature
and the mod that keeps unregistered users off the memberlist.

We were getting an overwhelming number of new members in the memberlist who turned out to be unregistered so these mods made that problem fairly manageable.
Unfortunately a funny thing happened.
We were only getting a few posting spammers a month before the mods. Now the member list is much more manageable but we are getting a couple spammers a day who register and post.

What would you guys recomend as the next layer of defense?

I just saw spamwords. I will try that now.


For those spammers that are automated, a better captcha in the visual confirmation during registration should help. There is a mod called "Better Captcha" somewhere.

For those who are human, have a strong stated policy on your board that spammers will be dealt with harshly, and then when someone spams so many times (maybe even just once), delete their account and ban their member ID and IP.

If you don't want to do all the continual work that this entails, perhaps write code that prevents or limits the number of links a newly registered user can put into a post. (I already limit links for guest posters to a public forum, but haven't make the jump to apply to newly registered users in non-public forums yet)

I have personally shied away from using something like spamwords, as I don't want to spend the time trying to stay on top of all the spamwords these inventive cretins are using. On Edit: I also fear false positives with something like this.
Steve Magruder - WebCommons :: Media
Administrator for the Louisville History & Issues discussion board
User avatar
bonelifer
Community Team Member
Community Team Member
Posts: 3502
Joined: Wed Oct 27, 2004 11:35 pm
Name: William
Contact:

Post by bonelifer »

This is what I use on one site that was getting 10 or 15 spams a day.

Anti-Spam ACP v1.1.02 -->> http://www.lithiumstudios.org/
- our settings:
Website after X posts
Signature off for Registration

Unique Registration Hash -->> http://www.phpbb.com/phpBB/viewtopic.php?t=430710
FreeCap Visual Confirmation -->> http://www.phpbb.com/phpBB/viewtopic.php?t=344831


Also for LIVE spammers we use the TROLL mod:
Troll Mod -->> http://www.phpbb.com/phpBB/viewtopic.php?t=389005


We currently only get a few spams every one or two weeks. Those are all GUEST postings in the only two forums open to guest(have to have them open to guest posting unfortunately, due to their nature).
Knowledge Base | phpBB Board Rules | Search Customisation Database
Image
Please don't contact me via PM or email for phpBB support .
yoshimitsuspeed
Registered User
Posts: 18
Joined: Wed Oct 18, 2006 11:50 pm
Contact:

Post by yoshimitsuspeed »

I assume the Troll mod only works for return offenders right?

I would assume we are dealing mostly with real people now but I don't really know.
Is there any way to know if a spammer is a bot or a person?
yoshimitsuspeed
Registered User
Posts: 18
Joined: Wed Oct 18, 2006 11:50 pm
Contact:

Post by yoshimitsuspeed »

stevemagruder wrote: If you don't want to do all the continual work that this entails, perhaps write code that prevents or limits the number of links a newly registered user can put into a post. (I already limit links for guest posters to a public forum, but haven't make the jump to apply to newly registered users in non-public forums yet)


This sounds like a great idea. Unfortunately I am new to scripting and this is over my head. It sounds like a great mod though.
Stand
Registered User
Posts: 1
Joined: Thu Nov 16, 2006 3:43 pm

Fake users registration

Post by Stand »

The fake registrations are a irritant. I usually check my memberlist daily to look for fake registrations. I have changed the memberlist.php name to something else as I don't see it serves much of a function on my board. Renaming it cut down on the number of bogus registrations. The bots may have been using it some way.

I also been adding ip's to both my banned list and to my .htaccess file. In the case of Asian (APNIC) sites I just deny access to the intire block of addresses; i.e., "deny 201. " My site is for US consumption anyway.

I have an IP log mod installed and I have noticed that in every fake registration case Opera is logged as the browser.
Here are a couple of log entries from two fake registrations.
+ 2006 Nov 16 Ersterter3 0.0.0.0 144.30.0.219 144.30.0.219+ Opera/7.21 (Windows NT
+ 2006 Nov 16 Anonymous 0.0.0.0 144.30.0.219 144.30.0.219+ Opera/7.21 (Windows NT 5.0; U)
+ 2006 Nov 16 Anonymous 221.140.105.85 221.140.105.85 Opera/7.21 (Windows NT 5.0; U

+ 2006 Nov 16 Abersterhaup 212.162.130.85 212.162.130.85 212.162.130.80+ Opera/7.
+ 2006 Nov 16 Anonymous 212.162.130.85 212.162.130.85 212.162.130.80+ Opera/7.21 (Windows NT 5.0;

In all cases the referer is:
/phpBB2/profile.php?mode=register&agreed=true

I don't know how the proxy manipulation is performed, but in the Ersterter3 case the IPs went from a APNIC to a UAMS and finally to an AOL one. I banned the 221 block of addresses (221.*.*.*). For over kill I also have it in my .htaccess file as Deny 221.

I wouldn't mind if someone figured out a way to stop this.

Regards,

Stan
User avatar
Dog Cow
Registered User
Posts: 2498
Joined: Fri Jan 28, 2005 12:14 am
Contact:

Re: Fake users registration

Post by Dog Cow »

Stand wrote: The fake registrations are a irritant. I usually check my memberlist daily to look for fake registrations. I have changed the memberlist.php name to something else as I don't see it serves much of a function on my board. Renaming it cut down on the number of bogus registrations. The bots may have been using it some way.

I also been adding ip's to both my banned list and to my .htaccess file. In the case of Asian (APNIC) sites I just deny access to the intire block of addresses; i.e., "deny 201. " My site is for US consumption anyway.

I have an IP log mod installed and I have noticed that in every fake registration case Opera is logged as the browser.
Here are a couple of log entries from two fake registrations.
+ 2006 Nov 16 Ersterter3 0.0.0.0 144.30.0.219 144.30.0.219+ Opera/7.21 (Windows NT
+ 2006 Nov 16 Anonymous 0.0.0.0 144.30.0.219 144.30.0.219+ Opera/7.21 (Windows NT 5.0; U)
+ 2006 Nov 16 Anonymous 221.140.105.85 221.140.105.85 Opera/7.21 (Windows NT 5.0; U

+ 2006 Nov 16 Abersterhaup 212.162.130.85 212.162.130.85 212.162.130.80+ Opera/7.
+ 2006 Nov 16 Anonymous 212.162.130.85 212.162.130.85 212.162.130.80+ Opera/7.21 (Windows NT 5.0;

In all cases the referer is:
/phpBB2/profile.php?mode=register&agreed=true

I don't know how the proxy manipulation is performed, but in the Ersterter3 case the IPs went from a APNIC to a UAMS and finally to an AOL one. I banned the 221 block of addresses (221.*.*.*). For over kill I also have it in my .htaccess file as Deny 221.

I wouldn't mind if someone figured out a way to stop this.

Regards,

Stan


Bots generally send a false User-agent to the HTTP server "just in case".

Or it could be someone who is genuinely using Opera
Moof!
Mac GUI Vault: Retro Apple II & Macintosh computing archive.
Inside Allerton bookMac GUIMac 512K Blog
Dr.Thrax
Registered User
Posts: 4
Joined: Mon Aug 21, 2006 9:51 pm

Post by Dr.Thrax »

Hey all. I've installed a couple of mods that really help against the spambots. But i've really been wondering something lately. I know a lot of phpbb forums that do have guest posting enabled, but that have no spambots at all.
My forum on the other hand, has guest posting enabled (and I prefer not to disable it) but I get loads of spambots (some even make it through Spam Words... I can't just ban words like "casino" since many humans could use it in a different context)

Can anyone tell me why some forums have those bots, and other do not? I'm running phpbb 2.0.19
Wo1f
Registered User
Posts: 2039
Joined: Fri Jan 28, 2005 3:20 am

Post by Wo1f »

Hi Dr.Thrax,
Dr.Thrax wrote: I'm running phpbb 2.0.19

Your most pressing priority should be to update your board to v2.0.21. If you have many MODs installed and don't want to reinstall them because of this very urgent update situation, take a look at the "Code Changes" package from the download page, accessible from the top of this page. It installs just like a MOD.

Once you have done this, and don't delay... go here:
  • Preventing SPAM - Bots and Humans
[/url] and take a close look at the "Anti-Bot Question" MOD by "magmo", which I hear is currently efficient in stopping spam when allowing guests to post.


Hope this is helpful and as always, it's very important to backup your database and any forum files this MOD may require you to change ... BEFORE you proceed.


Regards,
Wolf :wink:



NOTE: If you decide to install the above mentionned or recommended MOD(s), any installation or operation problems you might encounter should be referred to the MOD's release or development thread. Link(s) provided above.
User avatar
stevemagruder
Registered User
Posts: 210
Joined: Wed Jul 02, 2003 2:05 pm
Location: Louisville, KY
Contact:

Post by stevemagruder »

Dr.Thrax wrote: Hey all. I've installed a couple of mods that really help against the spambots. But i've really been wondering something lately. I know a lot of phpbb forums that do have guest posting enabled, but that have no spambots at all.
My forum on the other hand, has guest posting enabled (and I prefer not to disable it) but I get loads of spambots (some even make it through Spam Words... I can't just ban words like "casino" since many humans could use it in a different context)

Can anyone tell me why some forums have those bots, and other do not? I'm running phpbb 2.0.19


I agree with upgrading to 2.0.21 immediately.

Also, consider that boards that get hit with spambots more than others may be placing better in search engines. It's a matter of the ease with which the spambots can locate your board.
Steve Magruder - WebCommons :: Media
Administrator for the Louisville History & Issues discussion board
Bramster
Registered User
Posts: 605
Joined: Sun Jul 27, 2003 10:40 am

Post by Bramster »

EXreaction wrote:
fritz wrote:i'm just curious.
how come spambots seem to bypass the visual confirmation?
i received 75 registrations from *.ru with porn sites as signatures.


Beats me exactly how they code it...but they take an OCR and have it scan the image...and with easier VC's like phpBB2 has, it can figure out what it says most of the time...

Thats what this thread is for...the mods linked to in the first post will help you. ;)


I read the first post 3 times and seem unable to locate a mod that improves the vusual confirmation :(
Navy & Merchant Marine Forum:
www.DutchFleet.net
User avatar
Jim_UK
Former Team Member
Posts: 18478
Joined: Tue Oct 12, 2004 5:36 pm
Location: Darwen N.West UK

Post by Jim_UK »

An alternative is freecap

Jim
The truth is out there.
Unfortunately they will not let you anywhere near it!
.:YoUnGLinKiE:.
Registered User
Posts: 7
Joined: Sun Nov 19, 2006 1:39 pm
Contact:

Post by .:YoUnGLinKiE:. »

I would like people to write a code when they want to sign up on my forum (like when you get a picture with numbers and letters and you need to fill it in). Where do I get a plugin like that because I had a forum that didn't had this and it's full of spam now.

Thanks in advance!
BeNintendo
User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Post by EXreaction »

Jim_UK wrote: An alternative is freecap

Jim


Or Better Captcha. :)
http://www.phpbb.com/phpBB/viewtopic.php?t=382890
.:YoUnGLinKiE:. wrote: I would like people to write a code when they want to sign up on my forum (like when you get a picture with numbers and letters and you need to fill it in). Where do I get a plugin like that because I had a forum that didn't had this and it's full of spam now.

Thanks in advance!


Every semi recent(don't know the exact number) phpBB2 install has one. If you have a phpBB2 install that does not have one(the option to turn it off or on is in the adminCP in general configuration) you should immediately upgrade to the latest version.
Locked

Return to “2.0.x Discussion”