Preventing Spam in 3.0.5 and Lower [*Read First Post*]

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Anti-Spam Guide
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
Locked
betwixt
Registered User
Posts: 5
Joined: Sun Apr 19, 2009 8:54 am

Re: Preventing Spam in 3.0 [*Read First Post*]

Post by betwixt »

I've had good results deterring spambots by simply editing the CAPTCHA fonts tables and using the default visual check. My board went from very quiet to 60+ spam registrations a day when the original test was cracked but has now dropped back to about 1 per week.

I'm guessing the crack is based upon recognizing the default character bitmaps as extracted from the phpBB source code. A few changes to the character shapes seems to have fooled them (at least for now!).
Brian.

User avatar
jumborex
Registered User
Posts: 143
Joined: Fri Mar 28, 2003 3:18 pm
Name: Franco Giambalvo
Contact:

Re: Preventing Spam in 3.0 [*Read First Post*]

Post by jumborex »

I need some explaination about banning of spambots. :? We are affected my many spambots, and normally if you remove them as users, they will not return anymore. Generaly they succeed in going over the CAPTCHA, but they are not able to answer to the requested autentication email, or perhaps the email address is bogey and the return request for activation never reach the spambot.
Now we have this spambot WowGoldGuidesOr that has been cacelled, and banned by name, but every time it returns. What does it mean? If it's banned should not it be ignored by the system, or better banned!?
I have not failed. I've just found 10,000 ways that won't work.
(Thomas Alva Edison)

User avatar
VeganFanatic
Registered User
Posts: 181
Joined: Mon Sep 08, 2008 8:27 pm
Location: Victoria, BC Canada
Contact:

Re: Preventing Spam in 3.0 [*Read First Post*]

Post by VeganFanatic »

I an using one of those picture based mods and so far the spammers have been thwarted. So after pruning inactive users a more realistic number of users is now present.

I will have to prune again to catch the last of the automated spammers but I plan to do that a few months from now if the spammers are stifled properly.

From reading the comments, it seems that the mod I use needed only 2 changes in the code to enable the pics and it was simple enough to install after carefully reading the manual.

The pics can be changed so good luck to the spammers. I have a digital camera so I can make new ones daily if needed.

So the CAPTCHA plus a pic seems to be able to defeat the current spam tools cold. :D

User avatar
Phil
Former Team Member
Posts: 10403
Joined: Sat Nov 25, 2006 4:11 am
Name: Phil Crumm
Contact:

Re: Preventing Spam in 3.0 [*Read First Post*]

Post by Phil »

jumborex wrote:I need some explaination about banning of spambots. :? We are affected my many spambots, and normally if you remove them as users, they will not return anymore. Generaly they succeed in going over the CAPTCHA, but they are not able to answer to the requested autentication email, or perhaps the email address is bogey and the return request for activation never reach the spambot.
Now we have this spambot WowGoldGuidesOr that has been cacelled, and banned by name, but every time it returns. What does it mean? If it's banned should not it be ignored by the system, or better banned!?
Banning spammers is worthless. Just deactivate the account for that particular bot and follow the suggestions in the first page of this topic, and the issue should be handled for now.
Moving on, with the wind. | My Corner of the Web

User avatar
Eelke
QA Team
Posts: 2903
Joined: Thu Dec 20, 2001 8:00 am
Location: NL, Bussum
Name: Eelke Blok
Contact:

Re: Preventing Spam in 3.0 [*Read First Post*]

Post by Eelke »

@jumborex: I think somewhere else you said that this bot was continually reloading the user control panel. I didn't understand that at first, but now I see you banned this account. What you're seeing is the ban mechanism at work! Logins are handled through the file ucp.php, i.e. the user control panel. They are reloading the user control panel, because that's where they are redirected to log in. The login fails, because they are banned, and they try again. Things would be much more self-explanatory if the login box would not show up as User Control Panel in the "Who's online" overviews, but as "Login box" :)

User avatar
ATNO/TW
Registered User
Posts: 121
Joined: Sun May 09, 2004 10:42 pm
Location: Pittsburgh, PA

Re: Preventing Spam in 3.0 [*Read First Post*]

Post by ATNO/TW »

Like everyone else, I recently started getting nailed by spam bot signups at my board. I've read through this entire thread as well as many of the MODS in mod development. Seems like everything pretty much addresses the registration process itself to deter bots. I did a little thinking based on this from the initial post in this thread:
Spam bots do what they are programmed to do; nothing more. Not having the ability to adapt on the fly puts bots at a disadvantage when put against informed administrators such as yourself. The trick for dealing with bots is to stay one step ahead of their authors. Nearly all anti-spam MODs focus on changing the registration/posting form in order to prevent bots from being able to fill out the information properly.
I think I may have figured out a nearly permanent solution (and relatively easy). PLEASE NOTE: At this moment I have only tried this on my own board. I have not yet submitted it for a MOD development. It isn't supported nor approved by phpbb group, and if I'm out of place posting this here, let me know and instruct me on the correct way. But since this topic is "Preventing Spam" I decided to post my thoughts in case anyone else wanted to experiment with it.

My assumption is the bots target ucp.php?mode=register

So instead of trying to alter the registration form itself, I decided to alter the mode in the registration link and haven't had a bot sign up since uploading the changes. It has stopped them 100% :D

This isn't quite in official MOD format, but this is all I did (phpbb3 version 3.0.4, btw):

Code: Select all

 
Open ucp.php
 
//Find
case 'register':
 
//Replace With
case 'register_stop_forum_spam':
 
---------------------
Open includes/functions.php
 
//Find
'U_REGISTER'            => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register'),
 
//Replace with
'U_REGISTER'            => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register_stop_forum_spam'),
 
--------------------
 
Open includes/ucp/ucp_register.php
 
//Find and Replace All (five instances)
mode=register
 
//Replace All With
mode=register_stop_forum_spam
 
 
//Save and Close all Files
 
The theory behind this was that bots are looking for the same thing on all phpbb forums. ie ucp.php?mode=register In fact, after making these changes, if you try to go to http://www.yourdomain.com/ucp.php?mode=register it doesn't even 404 and simply takes you to the login screen.

They aren't going to be looking for ucp.php?mode=register_stop_forum_spam
The beauty of it is that you can change the mode to anything you want. It could be mode=register_eat_at_joes if you wanted. If the bots happen to find it, simply change it to something else. Make the spammers work for a change! lol

In fact with a little thought, you could probably automate a script to change all this randomly on a daily basis.

if the phpbb group could implement this somehow in the ACP that the Admin could change it at will, (or even on a set schedule) everyone's phpbb registration link would be different and make it extremely tough for the bots to get to -in theory anyway.

I'll keep you posted on how it goes, but so far and not a single bot signup and I had been getting several an hour for the last three or four weeks.

//side note. The changes are instantaneous after uploading. No clearing Cache required.
"The web is a dominatrix. Every where I turn, I see little buttons ordering me to Submit."
www.ozzu.com || www.alaron-nuclear.com

Aleksandar
Registered User
Posts: 126
Joined: Tue Feb 01, 2005 8:23 pm

Re: Preventing Spam in 3.0 [*Read First Post*]

Post by Aleksandar »

Neat idea, ATNO/TW. Have you noticed if this breaks any links that other parts of the forum might use? If not, I might just implement it as well. I mean, I've already brought down my bot registrations to zero using a variety of the methods in the first post but you can never have too much protection. ;)

User avatar
ATNO/TW
Registered User
Posts: 121
Joined: Sun May 09, 2004 10:42 pm
Location: Pittsburgh, PA

Re: Preventing Spam in 3.0 [*Read First Post*]

Post by ATNO/TW »

Aleksandar wrote:Have you noticed if this breaks any links that other parts of the forum might use?
'U_REGISTER' appears to be used globally for the register link. I've checked everywhere I know there's a register link and none are broken. I haven't noticed any other glitches other than what I noted, if you do try to go to http://wwww.yourdomain.com/ucp.php?mode=register after making the changes, it simply defaults to the login page.

I've also done several test registrations, using both coppa and regular registration (no coppa), both with Manual Activation and with User activation, and all works normally and perfectly.

Really this changes so little, there isn't much to break.

I would suggest to anyone attempting this, don't use the mode "register_stop_forum_spam" that I have in the instructions. Just make up your own unique one. It doesn't even have to include the word register. I would assume that special characters and spaces WOULD break it, so I would recommend avoiding them and use underscores to separate words. I imagine you could mix in numbers and Capital letters, but I haven't tried that yet.
"The web is a dominatrix. Every where I turn, I see little buttons ordering me to Submit."
www.ozzu.com || www.alaron-nuclear.com

User avatar
onehundredandtwo
Registered User
Posts: 1228
Joined: Fri Nov 14, 2008 8:07 am

Re: Preventing Spam in 3.0 [*Read First Post*]

Post by onehundredandtwo »

That is a very good idea.

I think eventually bots will find a way around it, finding the link that says Register or Sign Up.

Even though bots are only programmed to do, they are only getting better programmed.
ATNO/TW wrote:if the phpbb group could implement this somehow in the ACP that the Admin could change it at will, (or even on a set schedule) everyone's phpbb registration link would be different and make it extremely tough for the bots to get to -in theory anyway.
I would say this would be a great MOD for phpBB, hopefully one day someone will do this. :)

onehundredandtwo.
Need help preventing spam? Read Preventing spam in phpBB 3.0.6 and above

User avatar
ATNO/TW
Registered User
Posts: 121
Joined: Sun May 09, 2004 10:42 pm
Location: Pittsburgh, PA

Re: Preventing Spam in 3.0 [*Read First Post*]

Post by ATNO/TW »

onehundredandtwo wrote: I think eventually bots will find a way around it, finding the link that says Register or Sign Up.
That thought crossed my mind. However, that link text is also a variable where the text could also be changed to be uniquely different for every forum owner - for example somebody might have "Choose your new free handle now!" where another might choose to have "Don't be left out - get in here and Join Us" instead of "Register".

I guess my thought behind this all is that if everyone's phpbb registration link was unique, the bot programmers would have a seriously difficult time getting registered. It's the one thing that's never really changed with phpbb. The link is the same for everybody, and unless MOD'ed the registration form is essentially the same for everybody. But if everyone had an easy way to be "uniquely" different, we could have the spammers pulling their hair out.

I only just started looking at the phpbb3 code this past weekend. I was quite familiar with phpbb2, but just seeing this for the first time not sure where I'm at. Kinda like reading a new language for the first time. Once I get familiar with it, if nobody's done it by then, I'll probably try to go ahead and do all these ideas myself. I've been using phpbb since about 2002 so not a noob to it, but at the moment a little mind boggled at all the code changes.

Another thing that comes to mind is that Everyone has "Powered by phpbb" in the footer, unless they've manually altered that. That makes it pretty easy for the spammers to get a nice list of all the phpbb boards via a search engine query. If they can't find you, how are they going to spam you?

Case in point http://www.google.com/#hl=en&q=%22Power ... rpp-4zAm3I 72+ million results for the exact search terms "powered by phpbb".
Last edited by ATNO/TW on Tue Apr 21, 2009 1:27 am, edited 1 time in total.
"The web is a dominatrix. Every where I turn, I see little buttons ordering me to Submit."
www.ozzu.com || www.alaron-nuclear.com

User avatar
barryoneoff
Registered User
Posts: 248
Joined: Sat Mar 24, 2007 10:14 pm
Location: East London, England
Contact:

Re: Preventing Spam in 3.0 [*Read First Post*]

Post by barryoneoff »

The more I think about this idea the better it seems, but not being a code guru I would like to hear the opinions (good or bad) from the developers or mod creators about the possibilities of this method.
Image
Click above to support St. Josephs Hospice.
Barryoneoff's London. ... City of London walks.

User avatar
ATNO/TW
Registered User
Posts: 121
Joined: Sun May 09, 2004 10:42 pm
Location: Pittsburgh, PA

Re: Preventing Spam in 3.0 [*Read First Post*]

Post by ATNO/TW »

barryoneoff wrote:The more I think about this idea the better it seems, but not being a code guru I would like to hear the opinions (good or bad) from the developers or mod creators about the possibilities of this method.
I'd be interested to hear some feedback from the phpbb group as well. My bad for not looking intently at the phpbb3 code from the getgo, but I had no real need to until the spam started up again. So now I'm curious if something like this could work.

I don't want this to turn into a DEV discussion, but would like to know if it's worth pursuing.

//added note. I implemented this at my board 13 hours ago and not a spam bot sign up since.
"The web is a dominatrix. Every where I turn, I see little buttons ordering me to Submit."
www.ozzu.com || www.alaron-nuclear.com

User avatar
Eelke
QA Team
Posts: 2903
Joined: Thu Dec 20, 2001 8:00 am
Location: NL, Bussum
Name: Eelke Blok
Contact:

Re: Preventing Spam in 3.0 [*Read First Post*]

Post by Eelke »

Like other ideas, it would certainly increase the complexity of a bot. Would it make a difference? Probably, for a few months, maybe. That'd probably mostly be because it would take a few months for the majority of phpBB boards to be upgraded to the latest version and the old spam bots' success rate dropping. Not because the programming is particularly hard :)

The bottom line always is, bot writers will happily invest a few hours of programming when it means they can circumvent the latest bit of complexity we add. The reason is, their few hours of effort unlocks thousands of bulletin boards to their spam. As long as there is a pattern to finding the registration form, they will find it sooner or later. There more than likely is a pattern as long as the adopted solution is part of the default product. Link text that changes for every board? Would it really? And if it would, what about the HTML structure? That'd be pretty similar across boards, all you'd need to do is look for an a-tag that links to ucp.php.

hoarybat
Registered User
Posts: 66
Joined: Tue Jul 22, 2008 11:23 pm

Re: Preventing Spam in 3.0 [*Read First Post*]

Post by hoarybat »

Thanks of the info on your changing the captcha picture interesting. I have only been getting registration bots from russia? using mostly gmail email addresses. Although they don't reply to the email confirmation keeping them as an inactive registrant, they do put a link in their profile to a website maybe with the objective to raise their page rankings? As most of you know, the default phpbb3 CAPTCHA is currently useless broken by these bots. I used every CAPTCHA setting and still had 20 new bot registrants a day which I have had all along! I resorted to using PHPBB's custom profile fields and used the drop down Are you a spammer YES NO question and the Number field question making both appear on the registration page. I then disabled CAPTCHA and I have not had one spambot registration since. I guess if we keep the number question unique maybe this will buy us some time until 3.05 comes out where purportedly there is an update to the CAPTCHA or security. I don't see spammers coding a work around for one site but if everybody did the same prevention and coding they would. I will look into the additional info you posted above. Thanks. :mrgreen:

User avatar
Eelke
QA Team
Posts: 2903
Joined: Thu Dec 20, 2001 8:00 am
Location: NL, Bussum
Name: Eelke Blok
Contact:

Re: Preventing Spam in 3.0 [*Read First Post*]

Post by Eelke »

hoarybat wrote:Although they don't reply to the email confirmation keeping them as an inactive registrant, they do put a link in their profile to a website maybe with the objective to raise their page rankings?
That might be their objective, but in that case, they're failing at it because phpBB3 doesn't display inactive users in the members list or elsewhere.

Locked

Return to “[3.0.x] Support Forum”