Increase board security - how?

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Locked
Blueiris
Registered User
Posts: 20
Joined: Mon Oct 17, 2005 1:18 pm

Increase board security - how?

Post by Blueiris »

I am so frustrated with phpBB I'm ready to change to another forum script.

I have set up my board for authentication and e-mail activation, and the spammers seem to just go right through it. I had to delete six members today, who had not joined to participate, but to publish their URL to either filthy porn sites or loan sites or drug sites. My board is a small board for owners of a certain breed of horse, and I don't even think you can find it in a search engine. I don't understand why or how this is happening. Now I've had to set up for admin activation, which is a pain. However, my legitimate board members are complaining.

I posted here once before about e-mail addy security. When I set up my board I set up a particular addy for board admin that was not published anywhere. I had modded the board slightly to remove the e-mail and profile buttons so that guests would not see them - only registered users who were logged in had access to those. That admin e-mail addy is getting about 100 spam e-mails a day. There shouldn't have been any way for that e-mail addy to get on spam lists.

How can this board be made more secure????
rs-bhe.com
Registered User
Posts: 320
Joined: Fri Dec 02, 2005 9:35 pm
Contact:

Post by rs-bhe.com »

Turn on Visual Confirmation?
User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29302
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Post by Marshalrusty »

First of all, what version are you running? And have you considered enabling visual confirmation?
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs
Blueiris
Registered User
Posts: 20
Joined: Mon Oct 17, 2005 1:18 pm

Post by Blueiris »

Yes, visual confirmation has been on since the board opened. This is why I find it hard to figure out how the spammers or bots are just blowing through.

I'm running 2.0.18 right now.
JohanLM
Registered User
Posts: 69
Joined: Sat Apr 02, 2005 8:21 am
Location: Sweden / Gothenburg

Post by JohanLM »

Same prob. here.
"Porn accounts" with basicly random letter names + "Casino/Game accounts" with name+numbers in the account names.

Turned on "visual con.f" = Still got bots (As in it ignores visual conf. somehow?!)
Now have upgraded to .19 version + turned on mail conf.
Blueiris
Registered User
Posts: 20
Joined: Mon Oct 17, 2005 1:18 pm

Post by Blueiris »

A good tip was just posted in another thread about this issue, so check

http://www.phpbb.com/phpBB/viewtopic.ph ... highlight=

That doesn't help the problem of all the spam on the admin e-mail account on my board, though. I just can't figure out how the spam bots got that address.
User avatar
Lumpy Burgertushie
Registered User
Posts: 68549
Joined: Mon May 02, 2005 3:11 am
Contact:

Post by Lumpy Burgertushie »

it is very easy to search for phpbb boards, that is what they do., they run scripts that search for phpbb boards, then fill out the registration form. they dont' care about getting activated, just getting a www link .

that link above is a very good way to stop the bots. they seem to have found a way around the visual confirmation.

any email address that is anywhere online can be harvested by the same type of spammer scripts.

that is just the way it is online.



robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
Locked

Return to “2.0.x Support Forum”