Anti-Spam Thread!

The 2.0.x discussion forum has been locked; this will remain read-only. The 3.0.x discussion forum has been renamed phpBB Discussion.
User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Anti-Spam Thread!

Postby EXreaction » Tue May 23, 2006 4:38 pm

I have noticed a lot of people having spam problems on their boards recently...and I thought one thread telling them things they can do would be great...

1. If you have any suggestions to add to this, please tell me...I will gladly update this post and add the Anti-Spam mod to the list(don't tell me about it if there is not a support thread for it(as in its an actual mod in development or release)...as this will not be a support thread for your mod.

2. Do NOT ask for support for ANY mod here! Discussion for Anti-Spam mods only!



Here is a good list to get you started to getting rid of most, if not all spam bots(at least for now...as bots are constantly changing)

Mod Database Releases
    Anti-Spam ACP
    Author: EXreaction
    MOD Description: Blocks spam in many ways from your board. Includes a new captcha, url posting control, an inactive userlist, profile options control, a spam log, and an email notification option.

    [2.0.20] ConfusaBOT ACP
    Author: Espicom
    MOD Description: Change "agreed" and "coppa" variables to confuse bots, with an Admin Control Panel interface.

    [2.0.21] User Shield
    Author: Wo1f
    MOD Description: Hides usernames and corresponding profile data from all except the Administrator until activated. Manage (activate or delete) non-activated members from the memberlist.

    [2.0.20] MOD Troll
    Author: Kalipo
    MOD Description: This MOD will prevent users designated as Trolls from posting, Private Messaging, Emailing, and generally make their life on the board miserable.

    [2.0.19] AntiSpam Mod
    Author: deMone
    MOD Description: Protects your forum from automatically dispatched spam.

    [2.0.19] Spam Words
    Author: Joe Belmaati
    MOD Description: Define some spam words in the ACP. When someone tries to post a defined spam word their post will not be entered into the database. Instead they will receive an error message. This could be handy for forums with guest posting where spam bots roam free. However, you may also specify that certain forums are exempt from the spam check.

    [2.0.19] Invitation Only
    Author: Kellanved
    MOD Description: Adds an option to require new users to provide a passcode for registration.
    Also adds an Admin Page to generate new passcodes.

    [2.0.14] Log IP Address on Registration
    Author: TerraFrost
    MOD Description: Logs the IP address of users when they register.

    Better Captcha
    Author: Paul999
    MOD Description: This mod add a new, better captcha. Please note that this mod REQUIRES ths GD extension is loaded in PHP. If not, the old captcha will be displayed!

Beta's, and RC's
    [BETA] Antispam for all fields
    Author: Ramon Fincken
    MOD Description: It uses the word replacement list to check ALL fields in registration, editprofile and posting subject/message. If a word is found an error message is shown and the information will NOT be processed.

    [RC1] Spam-bot Surprise!
    Author: Dog Cow
    MOD Description: This modification attempts to stop automatic scripts (bots) from both posting messages and registering accounts at your forum. Spam-bot Surprise will not stop human spammers from manually posting messages or registering user accounts on your forum.

    [Beta] ConfusaBOT lite
    Author: Espicom
    MOD Description: Purpose is to change "agreed" and "coppa" HTML variables, so that a bot has to at least fetch your COPPA page to find out how to register on your site.

    [BETA] Raven's Antispam
    Author: romans1423
    MOD Description: Raven's Antispam is a lean but effective solution for preventing spam registrations and posts, ported to phpBB from a Wordpress plugin of the same name. By requiring an installation-unique variable to be filled out (automatically, if JavaScript is enabled), bots are simply blocked. Raven's Antispam does not require any database modifications or admin panel configuration.

Other Helpful Tools
    Usually it is a pain to remove the spam accounts that are already on your board...but this mod makes it is easy.
    [2.0.11] Admin Userlist
    Author: wGEric
    MOD Description: This MOD lets you view all of you members and various information about them in the Admin Control Panel. From the list, you can perform various actions on multiple users.


Other Helpful Links


My Personal Recommendations:
I would have to recommend the Anti-Spam ACP over all the other mods for general spam stopping. It combines a few different modifications in one(New Captcha, Inactive Userlist, Profile Fields permissions, and some more).

If you get a lot of posting spam you may want to try [BETA] Antispam for all fields.

Together both of those mods will protect you from pretty much everything if configured correctly.
Last edited by EXreaction on Fri Nov 09, 2007 4:51 am, edited 26 times in total.

User avatar
karlsemple
Former Team Member
Posts: 39802
Joined: Mon Nov 01, 2004 8:54 am
Location: Hereford, UK
Contact:

Postby karlsemple » Tue May 23, 2006 4:42 pm

We already have a thread for this......
http://www.phpbb.com/phpBB/viewtopic.php?p=1404100
Image

User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Postby EXreaction » Tue May 23, 2006 4:45 pm

Ya, I know about that thread...but it ended up being more of a support topic than an actual Anti-Spam thread...and I thought this would help a lot more. :)

User avatar
Dave Bean
Registered User
Posts: 210
Joined: Thu Jul 12, 2001 4:55 am
Location: Denver, Colorado
Contact:

Postby Dave Bean » Tue May 23, 2006 6:11 pm

Certainly, if spam is a problem, have visual verification, email / user confirmation and registration required for posting in place. After that 3 things are needed to adequately handle spam:

(1) Make it so members without posts are not listed in the memberlist or as newestmember. Modifications are available for this now, you should have it in place if you don't and I hope it becomes an optional, but default setting for phpBB along with a way to remove members without posts from the database when requested by the admin or maybe periodically. End of the line for Spammers without posts :D

(2) Spammers will still manage to post and will have to to post to get benefit after #1 above is implemented. We need a trusted vs not yet trusted status for members. Trusted member's posts will happen immediately if the board admin allows. Not yet trusted members posts will be subject to approval by the board admin or moderator before available to the public if the admin elects.
Mod requested here:
http://www.phpbb.com/phpBB/viewtopic.php?t=393258

(3) Should a "Trusted" member revert to spamming, then the Easy De-Spam button will clear up the problem in short order by zapping the user and all of their posts.
Mod request here:
www.phpbb.com/phpBB/viewtopic.php?t=381112

Don't the three steps above, pretty much take care of our spam problem - barring an actual hack of our boards? If you think the mod requests are a good idea, it might help if you say so on the mod request. :D :D

Thank you for your post - is there a bigger issue facing phpBB than Spam at the present time?
Building Internet Communities
www.ColoradoHealth.info

User avatar
espicom
Registered User
Posts: 17905
Joined: Wed Dec 22, 2004 1:14 am
Location: Woodstock, IL

Postby espicom » Tue May 23, 2006 6:25 pm

karlsemple wrote:We already have a thread for this......


But, as the instigator of that topic, I'm coming out in favour of locking the one in Support, because it's not really appropriate for where it is. The discussion of potential changes should be here in PHPBB discussion, and discussion of the MODs involved should be in their support topics, with links from here.

Not to mention that it's got so much stuff spread out over 21 pages of messages that should be summarized. Things like the patches to exclude inactive members from the member list or new member display, hiding various pages from guests, etc.
Jeff
Fixing 1016/1030/1034 Errors | (obsolete link) | MySQL 4.1/5.x Client Error | phpBBv2 Logo in ACP
Support requests via PM are ignored!
"To be fully alive is to feel that everything is possible." - Eric Hoffer

gregraiz
Registered User
Posts: 1
Joined: Tue May 23, 2006 9:08 pm

How to fix the problem.

Postby gregraiz » Tue May 23, 2006 9:20 pm

The way to fix the spam problem is to remove any benifit from posting links. Google released a specification of how sites can use the "nofollow" tag on a link to prevent google from accociating the link to the site. Many other search engines use this as well.

<a href="site" rel="nofollow" > link </a>

If you add the nofollow attribute to any posts, links, signatures, memberlists and profile pages this eliminates the back-link advantage. So then the only benefit would be from readers clicking on the links from posts. To address this:

- Add optional image verification on posts (I want to still allow anonymous access, but I don't want bots to spam the list)
- Allow end-users to flag posts as spam. (Like on craigslist). If you get past a threashold of registered users marking it as spam it gets hidden.

User avatar
Dave Bean
Registered User
Posts: 210
Joined: Thu Jul 12, 2001 4:55 am
Location: Denver, Colorado
Contact:

Postby Dave Bean » Tue May 23, 2006 9:43 pm

If posters are contributing members of the community, I don't mind helping to promote their websites with links. It's the spammers or in appropriate content that I object to.
Building Internet Communities
www.ColoradoHealth.info

User avatar
STevie Ray
Registered User
Posts: 5
Joined: Sun May 07, 2006 11:01 pm
Contact:

You might want to know about "forum poster"

Postby STevie Ray » Tue May 23, 2006 9:52 pm

A truly awful thing... a program that offers these "features":
Forum Poster allow you to post any message you want to over 26000 forum boards in just minutes.

The current version can post to
1. phpBB Forum Boards from version 2.0.0 to 2.0.20 (http://www.phpbb.com/)
2. Invision Power Board (http://www.invisionboard.com/)
3. Snitz Forums 2000 (http://forum.snitz.com/)

Forum Poster automatically register a user with the username, e-mail and password you typed on the board. It login as the registered user on the board and then post it. All made automatically. With just one click!


Their website is ht tp : // fp. icontool. com/ -scrambled to avoid any benefit to the unscrupulous rascals !

Visual confirm adn email confirm are no longer an option: you have to do it so that this happens to their users as per their site:

After login and post ,all 'host unreachable','Connection with remote host lost','Host unrechable','404: Document not found','500: CGI script failed','Anti-bot','Register Error','Account need active' forums save to one text file and remove from database.



Beware !!

User avatar
Retro King
Registered User
Posts: 46
Joined: Wed Jan 14, 2004 2:08 am

Postby Retro King » Wed May 24, 2006 1:04 am

Most of my spammers at the minute dont actually have web addresses as signatures but all seem to have a @bk.ru email address.

Newfie
Registered User
Posts: 221
Joined: Mon Feb 20, 2006 12:08 am
Location: A Canadian Province - guess which one?

Postby Newfie » Wed May 24, 2006 2:06 am

Anti-Spam Thread!


Yeah, Spam Sucks!!!

The meat is too salty, and the junk e-mail/posts are annoying...

User avatar
fritz
Registered User
Posts: 9
Joined: Sun Jul 28, 2002 2:47 am

Postby fritz » Wed May 24, 2006 5:54 am

i'm just curious.
how come spambots seem to bypass the visual confirmation?
i received 75 registrations from *.ru with porn sites as signatures.

User avatar
Noobarmy
Registered User
Posts: 2388
Joined: Tue Apr 04, 2006 6:15 pm
Location: London
Contact:

Postby Noobarmy » Wed May 24, 2006 6:01 am

im sort of drifting away from where we currently are. but "FuntKlakow" was a bot or something invading forums or something. is it still around?
Image

brainsys
Registered User
Posts: 45
Joined: Mon Sep 20, 2004 8:03 pm

Re: You might want to know about "forum poster"

Postby brainsys » Wed May 24, 2006 9:17 am

STevie Ray wrote:Their website is ht tp : // fp. icontool. com/ -scrambled to avoid any benefit to the unscrupulous rascals !

This site is run out of a Texas based outfit called thePlanet.com. This server, according to whois.sc, has 80 odd other sites. A random sample all show the registrants to be Chinese. The sites themselves are reasonably and consistently professionally built. A lot feature the sale of 'intimate' software. Not porn - but registry cleaners and the like. Don't think I want authors with morals like these anywhere near my kit!

Anybody stateside who could try and get them taken down?

I presume our phpbb boffins are currently doing a bit of discrete reverse engineering on this 'tool'. The authors could probably sue as I thought that was now illegal in the US? Dumb legislation if so..

User avatar
espicom
Registered User
Posts: 17905
Joined: Wed Dec 22, 2004 1:14 am
Location: Woodstock, IL

Postby espicom » Wed May 24, 2006 3:11 pm

No need to analyze the tool - it simply does a POST of the information PHPBB requires from a user, same as filling in the form. Of course, it has to work a bit harder than that if you have things like Visual Confirmation enabled, or have made other changes to make your registration unique.

The really nasty spammers have more intelligent bots that analyze what your registration requires, and try to provide it. If you require a non-standard CAPTCHA image, they can't deal with it. If you require site-specific information (like "What city is this forum about?"), they can't deal with it.
Jeff
Fixing 1016/1030/1034 Errors | (obsolete link) | MySQL 4.1/5.x Client Error | phpBBv2 Logo in ACP
Support requests via PM are ignored!
"To be fully alive is to feel that everything is possible." - Eric Hoffer

User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Postby EXreaction » Wed May 24, 2006 4:21 pm

fritz wrote:i'm just curious.
how come spambots seem to bypass the visual confirmation?
i received 75 registrations from *.ru with porn sites as signatures.


Beats me exactly how they code it...but they take an OCR and have it scan the image...and with easier VC's like phpBB2 has, it can figure out what it says most of the time...

Thats what this thread is for...the mods linked to in the first post will help you. ;)


Return to “2.0.x Discussion”

Who is online

Users browsing this forum: No registered users and 8 guests