With regards to Q&A, it's possible to see if your question is on XRumer's list (XRumer is a popular forum spamming program).
You can download the trial of their program from their website (I would suggest not running any executables though). I used a fake email address to download it.
Last time I checked they had a file which had a few thousand questions/answers in it. There's probably a lot more in it now though. It's only a matter of time before someone uses the file to automatically check if a Q&A is safe or not...
[RFC] stop distributing worthless CAPTCHAS in 3.1
Re: [RFC] stop distributing worthless CAPTCHAS in 3.1
$ git commit -m "YOLO"
- Pony99CA
- Registered User
- Posts: 986
- Joined: Sun Feb 08, 2009 2:35 am
- Location: Hollister, CA
- Contact:
Re: [RFC] stop distributing worthless CAPTCHAS in 3.1
Probably, but you might want to read the hammered by newly registered members topic on phpBB.com. Q&A isn't as safe as it was before.ecwpa wrote:So, Q&A without defaults is the way to go.
Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.
Re: [RFC] stop distributing worthless CAPTCHAS in 3.1
I think this is something we need while doing this:
(source: https://www.phpbb.com/community/viewtop ... #p13201422)Stef775 wrote:Why can't we log which question is answered right by a spammer, so you know the broken question
Re: [RFC] stop distributing worthless CAPTCHAS in 3.1
K'ay. I got an idea that just might work.
So... What is the thing that all these forum "spammers" do? They register, activate and then start spamming. Right?
There's one interesting thing in here. There's seems to be an interesting pattern in the posts they make.
Sounds like, for all these users, they do not make any useful post (we can think of 3 posts, just to be sure) before they start spamming.
We could make a message checker system that would work with the same idea as thunderbird's message evaluator (it uses it to evaluate if an e-mail is junk or not).
This is kinda resource heavy but it seems to be quite effective. At least with thunderbird, it works like a charm to me!
We can do this in a more accurate and strict way in the form to contact the admins.
We create a form that, while the user is not in a "accepted" state (has, at least, 3 accepted posts, or so) his request to the admins is filtered. Only certain kind of stuff is allowed.
Yeah... bots can go through these protections but they can only pass with content they don't want to insert. All these bots seem to be only interested into placing ads of some sort. Ads have patters. We may gain something in here! This will not prevent spam but it will prevent the kind of spam all these bots want to place in the BB's.
What do you think?
So... What is the thing that all these forum "spammers" do? They register, activate and then start spamming. Right?
There's one interesting thing in here. There's seems to be an interesting pattern in the posts they make.
Sounds like, for all these users, they do not make any useful post (we can think of 3 posts, just to be sure) before they start spamming.
We could make a message checker system that would work with the same idea as thunderbird's message evaluator (it uses it to evaluate if an e-mail is junk or not).
Code: Select all
For each post from a user with less than 4 posts post:
var words = break the post into individual words.
var urls = also we look for all urls
var urlImages = also we look for all urls that are images.
Foreach (words as word)
Evaluate the probability that that word is related to spam.
Compare it to the previous one
Compare it to the next one
Associate a number to it. (That number is the probability that that word is related to spam).
Then do the same about the urls.
Then do the same about the image urls.
The objective is to see if it contains words like buy or it's a bit.ly (or something like that)
Then gather the final result. It is a number between 0% and 100% (we can use other scales, if it makes sense)
Using a threshold, we can then separate what to do with that post.
We can do this in a more accurate and strict way in the form to contact the admins.
We create a form that, while the user is not in a "accepted" state (has, at least, 3 accepted posts, or so) his request to the admins is filtered. Only certain kind of stuff is allowed.
Yeah... bots can go through these protections but they can only pass with content they don't want to insert. All these bots seem to be only interested into placing ads of some sort. Ads have patters. We may gain something in here! This will not prevent spam but it will prevent the kind of spam all these bots want to place in the BB's.
What do you think?
- callumacrae
- Former Team Member
- Posts: 1046
- Joined: Tue Apr 27, 2010 9:37 am
- Location: England
- Contact:
Re: [RFC] stop distributing worthless CAPTCHAS in 3.1
They will simply start duplicating old topics (such as introduction or GD topics) for a few topics before spamming. It won't work on small forums, but it will on bigs ones where the moderators don't read every single post.brunoais wrote:K'ay. I got an idea that just might work.
So... What is the thing that all these forum "spammers" do? They register, activate and then start spamming. Right?
There's one interesting thing in here. There's seems to be an interesting pattern in the posts they make.
Sounds like, for all these users, they do not make any useful post (we can think of 3 posts, just to be sure) before they start spamming.
We could make a message checker system that would work with the same idea as thunderbird's message evaluator (it uses it to evaluate if an e-mail is junk or not).This is kinda resource heavy but it seems to be quite effective. At least with thunderbird, it works like a charm to me!Code: Select all
For each post from a user with less than 4 posts post: var words = break the post into individual words. var urls = also we look for all urls var urlImages = also we look for all urls that are images. Foreach (words as word) Evaluate the probability that that word is related to spam. Compare it to the previous one Compare it to the next one Associate a number to it. (That number is the probability that that word is related to spam). Then do the same about the urls. Then do the same about the image urls. The objective is to see if it contains words like buy or it's a bit.ly (or something like that) Then gather the final result. It is a number between 0% and 100% (we can use other scales, if it makes sense) Using a threshold, we can then separate what to do with that post.
We can do this in a more accurate and strict way in the form to contact the admins.
We create a form that, while the user is not in a "accepted" state (has, at least, 3 accepted posts, or so) his request to the admins is filtered. Only certain kind of stuff is allowed.
Yeah... bots can go through these protections but they can only pass with content they don't want to insert. All these bots seem to be only interested into placing ads of some sort. Ads have patters. We may gain something in here! This will not prevent spam but it will prevent the kind of spam all these bots want to place in the BB's.
What do you think?
Also, instead of doing this ourselves, why not just use Akismet?
- Pony99CA
- Registered User
- Posts: 986
- Joined: Sun Feb 08, 2009 2:35 am
- Location: Hollister, CA
- Contact:
Re: [RFC] stop distributing worthless CAPTCHAS in 3.1
I was going to ask the same thing myself. It sounds like brunoais is just trying to reinvent the spam filter. That's why E-mail spammers started including random snippets of prose (to lower their spamminess).callumacrae wrote:Also, instead of doing this ourselves, why not just use Akismet?
On another topic, does anybody know if spambots like Xrumer accept cookies?
Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.
- callumacrae
- Former Team Member
- Posts: 1046
- Joined: Tue Apr 27, 2010 9:37 am
- Location: England
- Contact:
Re: [RFC] stop distributing worthless CAPTCHAS in 3.1
They would if they had toPony99CA wrote:On another topic, does anybody know if spambots like Xrumer accept cookies?
- Pony99CA
- Registered User
- Posts: 986
- Joined: Sun Feb 08, 2009 2:35 am
- Location: Hollister, CA
- Contact:
Re: [RFC] stop distributing worthless CAPTCHAS in 3.1
Sure, but I'm wondering if they do now. If not, phpBB could probably set a random cookie on the Registration Agreement page and check that it was set on the Registration form page. If it wasn't set, display an error.callumacrae wrote:They would if they had toPony99CA wrote:On another topic, does anybody know if spambots like Xrumer accept cookies?
Yes, that would prevent people who turn cookies off from registering, but they could easily turn cookies on.
Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.
Re: [RFC] stop distributing worthless CAPTCHAS in 3.1
It is so trivial to read/forward cookies that doing anything like this is very much pointless.Pony99CA wrote: If not, phpBB could probably set a random cookie on the Registration Agreement page and check that it was set on the Registration form page. If it wasn't set, display an error.
- Master_Cylinder
- Registered User
- Posts: 361
- Joined: Wed Jul 31, 2013 9:54 pm
Remove broken captcha options...
Since spambots have defeated most of the captcha options, shouldn't those broken options be removed from the core so new admins don't select a method that doesn't work?
Discuss...
Discuss...
These kids today...
Buy them books, send them to school and what do they do?
They eat the paste.
Buy them books, send them to school and what do they do?
They eat the paste.