Page 1 of 3
Robo-Astro-Dumbo-Spam-Bam
Posted: 10 May 2007 16:36
by admin
Hey folks, recently I find myself deleting about 3 spam-users here everyday. This takes me 1 minute per deletion and much worse: it interrupts my flow!
I'm so sick of it, I almost banned every new user today! And I will do so very soon, unless any of you knows a better solution. Why is this forum so easy to hack into (by a robot? by an astrofucker? by some genetically modified thing?)???
Posted: 10 May 2007 16:59
by allen
I don't remember from when I signed up, do you require e-mail validation when signing up and have the image confirmation junk enabled ?
Posted: 10 May 2007 17:16
by admin
allen wrote:I don't remember from when I signed up, do you require e-mail validation when signing up and have the image confirmation junk enabled ?
Sure. But these "robots" are probably exploited kid-slaves in China or bored overweight US teens that can easily pass the image confirmation test.
I also have already set it up so that I have to explicitly allow a user to post. However, without my consent they can already put there porn links into the "website" field of the profile. If that would not be possible in this forum software I could just ignore them and go on working.
Instead of image confirmation there should be a test that takes a little intelligence or knowledge to pass, like some math or history quiz...
Posted: 10 May 2007 17:28
by j_c_hallgren
Is there any way to block a website entry on profile until approved by you?
Obviously that may have to be done with signature as well, but I don't think a legit new user would object to waiting a bit for those options...
Posted: 10 May 2007 17:30
by jacky
admin wrote:However, without my consent they can already put there porn links into the "website" field of the profile.
They can! Damn, and i can't even put the wiki as my website in my profile
Life is unfair!
Yes just ask them on signup something like "What is the color of the white horse of henry IV ??" You could eve, use "****" instead of "white", although I'm not sure, that might be more of a french thing really... is it?
Or, according to what you say, you could just tweak phpBB so that Website URL can only be set once a user has made at least like 10 posts.
Did you check for any anti-spam related MOD ? I'm sure there must be some already existing that you could just apply here....
EDIT: Just a couple I just found, obviously I didn't test them personnally but they're on the official phpBB MOD database so they should be ok
http://www.phpbb.com/community/viewtopi ... 5&t=210055
MOD Name: disable spambots
Author: magenta
MOD Description: This mod uses cryptographic signing techniques to ensure that any comment submissions have occurred from an appropriate
comment form (stopping simple random-submission bots), that
the form was actually generated for the user who is submitting (stopping clusters of page-scraping spiders), and that at least 5 seconds have passed between the form generation and the submission (stopping bots which fully scrape the page and then immediately submit). If one of these conditions is not met, the submit operation is turned into a preview, giving human posters another chance to submit.
Since implementing this mod, my forum has only gotten two spams posted to it, and both were manually posted by a human. Countless thousands of spams were blocked.
For added security, you should change the "nana" and "foofoo" text inserted in the first "BEFORE, ADD" step so that spambots can't simply spoof the form values as well.
http://www.phpbb.com/community/viewtopi ... 5&t=472940
MOD Name: Textual Confirmation
Author: olpa
MOD Description: Textual Confirmation (TC) asks newly registering user a question. If the answer is wrong, TC rejects the registration. Also, TC notifies the forum admin and the community spam database. The administrator can edit the questions and answers in the Administration Panel.
Posted: 10 May 2007 17:30
by admin
j_c_hallgren wrote:Is there any way to block a website entry on profile until approved by you?
Obviously that may have to be done with signature as well, but I don't think a legit new user would object to waiting a bit for those options...
That's exactly the problem: there is no way (or I don't find it). I can only block posting.
Posted: 10 May 2007 17:32
by admin
jacky wrote:admin wrote:However, without my consent they can already put there porn links into the "website" field of the profile.
They can! Damn, and i can't even put the wiki as my website in my profile
Why can't you?
Posted: 10 May 2007 17:38
by jacky
admin wrote:Why can't you?
Dunno. I put
http://88.191.26.34/XYwiki/ and press the button, then it says "Your profile has been updated" but that's a lie!
EDIT: I think it's because it's an IP, not a domain name, somehow.
Posted: 10 May 2007 17:58
by admin
jacky wrote:admin wrote:Why can't you?
Dunno. I put
http://88.191.26.34/XYwiki/ and press the button, then it says "Your profile has been updated" but that's a lie!
EDIT: I think it's because it's an IP, not a domain name, somehow.
You can use my redirect:
http://www.xyplorer.com/xywiki.php
Posted: 10 May 2007 18:11
by jacky
Oh cool, Thanks
Posted: 10 May 2007 20:38
by allen
admin wrote:jacky wrote:admin wrote:However, without my consent they can already put there porn links into the "website" field of the profile.
They can! Damn, and i can't even put the wiki as my website in my profile :cry:
Why can't you?
Worse comes to worse, I'd be willing to get my hands dirty in the php code -- though it wouldn't do much good after updating the software. Unless of course I took the time to learn their plugin interface, but that sounds time consuming :P
Posted: 10 May 2007 21:41
by admin
allen wrote:admin wrote:jacky wrote:admin wrote:However, without my consent they can already put there porn links into the "website" field of the profile.
They can! Damn, and i can't even put the wiki as my website in my profile
Why can't you?
Worse comes to worse, I'd be willing to get my hands dirty in the php code -- though it wouldn't do much good after updating the software. Unless of course I took the time to learn their plugin interface, but that sounds time consuming
Cool! What's your plan? Invent a better confirmation? A smart filter that keeps the following creeps out:
- robots
- astroturfers
- teenagers
Posted: 11 May 2007 02:18
by CitizenD
I found this phpbb mod extremely helpful in stopping spam signups cold...
http://www.phpbb.com/community/viewtopic.php?t=399374
Cheers,
D
Posted: 11 May 2007 02:58
by allen
Wow, that looks like exactly what Don is looking for!
Cool! What's your plan? Invent a better confirmation? A smart filter that keeps the following creeps out:
- robots
- astroturfers
- teenagers
It has always been my dream to invent such a filter, but I have yet to come up with a viable solution. The robots can be done, but those astroturfers and teenagers are wily characters!
Posted: 11 May 2007 08:11
by admin
allen wrote:Wow, that looks like exactly what Don is looking for!
Indeed, this could be it. Only where is it? 338 posts...
allen wrote:It has always been my dream to invent such a filter, but I have yet to come up with a viable solution. The robots can be done, but those astroturfers and teenagers are wily characters!
I have been thinking about it and found: the core problem is to keep the jerks out but let the average harmless American in
, otherwise it would be easy to ask a simple question like "What's the biggest town of the country north-east of the country of Cervantes?"