Robo-Astro-Dumbo-Spam-Bam

[admin]

Hey folks, recently I find myself deleting about 3 spam-users here everyday. This takes me 1 minute per deletion and much worse: it interrupts my flow!
I'm so sick of it, I almost banned every new user today! And I will do so very soon, unless any of you knows a better solution. Why is this forum so easy to hack into (by a robot? by an astrofucker? by some genetically modified thing?)???

[allen]

I don't remember from when I signed up, do you require e-mail validation when signing up and have the image confirmation junk enabled ?

[admin]

I don't remember from when I signed up, do you require e-mail validation when signing up and have the image confirmation junk enabled ?

Sure. But these "robots" are probably exploited kid-slaves in China or bored overweight US teens that can easily pass the image confirmation test.

I also have already set it up so that I have to explicitly allow a user to post. However, without my consent they can already put there porn links into the "website" field of the profile. If that would not be possible in this forum software I could just ignore them and go on working.

Instead of image confirmation there should be a test that takes a little intelligence or knowledge to pass, like some math or history quiz...

[j_c_hallgren]

Is there any way to block a website entry on profile until approved by you?
Obviously that may have to be done with signature as well, but I don't think a legit new user would object to waiting a bit for those options...

[jacky]

However, without my consent they can already put there porn links into the "website" field of the profile.

They can! Damn, and i can't even put the wiki as my website in my profile Life is unfair!

Yes just ask them on signup something like "What is the color of the white horse of henry IV ??" You could eve, use "****" instead of "white", although I'm not sure, that might be more of a french thing really... is it?

Or, according to what you say, you could just tweak phpBB so that Website URL can only be set once a user has made at least like 10 posts.

Did you check for any anti-spam related MOD ? I'm sure there must be some already existing that you could just apply here....

EDIT: Just a couple I just found, obviously I didn't test them personnally but they're on the official phpBB MOD database so they should be ok
http://www.phpbb.com/community/viewtopi ... 5&t=210055

MOD Name: disable spambots
Author: magenta
MOD Description: This mod uses cryptographic signing techniques to ensure that any comment submissions have occurred from an appropriate
comment form (stopping simple random-submission bots), that
the form was actually generated for the user who is submitting (stopping clusters of page-scraping spiders), and that at least 5 seconds have passed between the form generation and the submission (stopping bots which fully scrape the page and then immediately submit). If one of these conditions is not met, the submit operation is turned into a preview, giving human posters another chance to submit.

Since implementing this mod, my forum has only gotten two spams posted to it, and both were manually posted by a human. Countless thousands of spams were blocked.

For added security, you should change the "nana" and "foofoo" text inserted in the first "BEFORE, ADD" step so that spambots can't simply spoof the form values as well.

http://www.phpbb.com/community/viewtopi ... 5&t=472940

MOD Name: Textual Confirmation
Author: olpa
MOD Description: Textual Confirmation (TC) asks newly registering user a question. If the answer is wrong, TC rejects the registration. Also, TC notifies the forum admin and the community spam database. The administrator can edit the questions and answers in the Administration Panel.

[admin]

Is there any way to block a website entry on profile until approved by you?
Obviously that may have to be done with signature as well, but I don't think a legit new user would object to waiting a bit for those options...

That's exactly the problem: there is no way (or I don't find it). I can only block posting.

[admin]

However, without my consent they can already put there porn links into the "website" field of the profile.

They can! Damn, and i can't even put the wiki as my website in my profile

Why can't you?

[jacky]

Why can't you?

Dunno. I put http://88.191.26.34/XYwiki/ and press the button, then it says "Your profile has been updated" but that's a lie!

EDIT: I think it's because it's an IP, not a domain name, somehow.

[admin]

Why can't you?

Dunno. I put http://88.191.26.34/XYwiki/ and press the button, then it says "Your profile has been updated" but that's a lie!

EDIT: I think it's because it's an IP, not a domain name, somehow.

You can use my redirect: http://www.xyplorer.com/xywiki.php

[jacky]

You can use my redirect: http://www.xyplorer.com/xywiki.php

Oh cool, Thanks

[allen]

However, without my consent they can already put there porn links into the "website" field of the profile.

They can! Damn, and i can't even put the wiki as my website in my profile :cry:

Why can't you?

Worse comes to worse, I'd be willing to get my hands dirty in the php code -- though it wouldn't do much good after updating the software. Unless of course I took the time to learn their plugin interface, but that sounds time consuming :P

[admin]

However, without my consent they can already put there porn links into the "website" field of the profile.

They can! Damn, and i can't even put the wiki as my website in my profile

Why can't you?

Worse comes to worse, I'd be willing to get my hands dirty in the php code -- though it wouldn't do much good after updating the software. Unless of course I took the time to learn their plugin interface, but that sounds time consuming

Cool! What's your plan? Invent a better confirmation? A smart filter that keeps the following creeps out:
- robots
- astroturfers
- teenagers

[CitizenD]

I found this phpbb mod extremely helpful in stopping spam signups cold...

http://www.phpbb.com/community/viewtopic.php?t=399374

Cheers,

D

[allen]

Wow, that looks like exactly what Don is looking for!

Cool! What's your plan? Invent a better confirmation? A smart filter that keeps the following creeps out:
- robots
- astroturfers
- teenagers

It has always been my dream to invent such a filter, but I have yet to come up with a viable solution. The robots can be done, but those astroturfers and teenagers are wily characters!

[admin]

Wow, that looks like exactly what Don is looking for!

Indeed, this could be it. Only where is it? 338 posts...

It has always been my dream to invent such a filter, but I have yet to come up with a viable solution. The robots can be done, but those astroturfers and teenagers are wily characters!

I have been thinking about it and found: the core problem is to keep the jerks out but let the average harmless American in , otherwise it would be easy to ask a simple question like "What's the biggest town of the country north-east of the country of Cervantes?"