Better Spambot Protection in phpBB3?

Discussion of general topics related to the new version and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Post Reply
User avatar
jumborex
Registered User
Posts: 84
Joined: Wed Nov 08, 2006 12:33 pm
Location: Milano
Contact:

Re: Better Spambot Protection in phpBB3?

Post by jumborex »

Nicholas the Italian wrote:
jumborex wrote:[...] [...]

Dbusto Tlibro Mpresa...
Dstatua Tquaderno Mspina...
:oops: :oops: :oops:
I should have studied enigmistics, I don't know how rebuses work... :(

(Seriously, this is the ideal method to stop humans and let only bots in... ;) )
(If you get the answer please let me know.)

Just to complete this (I hope) also amusing topic, I cannot think like the friend Nicholas. The Rebus I've proposed is one of the few for wich I had the permission to publish. What I used in the real thing were much more simple Rebus of course. Not for geniuses, but not for Bots!
This one (if someone is interested in it) has been proposed by Furio Ombri, an Italian Author of enigmatography best known with his nickname Hombre. The solution is L'autore D di T odi; M presa = Lauto raddito d'impresa.
The first part is the development of the phrase, the second part is the solution of the quiz. The person (statue) with the beard is Giosuè Carducci (is written), Nobel Italian Prize for literature, who also wrote Odi Barbare (Barbarian Odes), poems well known in the world and in Italy of course. The first (developing) phrase says: The author D of T Odes; M socket. So you see that only the statue is related with the book, while the socket has no relation and is simply used for the final solution.
Putting together the words with different cut, you obtain the final result that means something totally different: lavish income of a Company (Lauto reddito d'impresa)
I have not failed. I've just found 10,000 ways that won't work.
(Thomas Alva Edison)

User avatar
Nicholas the Italian
Registered User
Posts: 659
Joined: Mon Nov 20, 2006 11:19 pm
Location: 46°8' N, 12°13' E
Contact:

Re: Better Spambot Protection in phpBB3?

Post by Nicholas the Italian »

jumborex wrote: The solution is L'autore D di T odi; M presa = Lauto raddito d'impresa.

I totally missed the "L'autore di" :( ;)
It was submitted by Furio in 1978 and published in 1980; he then had to get his previous notes to find the solution that he was no more able to find by himself. :mrgreen:

Back in topic, yes, there are much simpler rebuses but, as others highlighted, I don't know if that's a viable way to solve the problem. Think of the granny... ;)

User avatar
Handyman
Registered User
Posts: 522
Joined: Thu Feb 03, 2005 5:09 am
Location: Where no man has gone before!
Contact:

Re: Better Spambot Protection in phpBB3?

Post by Handyman »

user99 wrote: Does having full SSL encryption for website help reducing Spambot?

Essentially, I am worried about people copying stuffs from my phpBB (well, part of my phpBB is paid contribution).
Its usually not possible to prevent fully, but at least make it little bit tough/resource consuming on part of copyright violaters. Can someone give some suggestions :)

make all the forums with paid contribution for registered users only.
You can set it that way in the permissions so Bots can't see it.
My phpBB3 Mods || My Mod Queue
Search Engine Friendly (SEO) URLs || Profile link on Avatar and/or Username || AJAX Chat
Display Posts Anywhere || CashMod || AJAX Quick Edit || AJAX Quick Reply

Image

Martin Blank
Registered User
Posts: 687
Joined: Sun May 11, 2003 11:17 am

Re: Better Spambot Protection in phpBB3?

Post by Martin Blank »

user99 wrote: Does having full SSL encryption for website help reducing Spambot?

Not at all. Spambots can simply follow the HTTPS links to get to your site, and register as usual. SSL only encrypts the communication, but generally does not (on its own) authenticate the user in any way.
You can never go home again... but I guess you can shop there.

User avatar
Highway of Life
Registered User
Posts: 1399
Joined: Tue Feb 08, 2005 10:18 pm
Location: I'd love to change the World, but they won't give me the Source Code
Contact:

Re: Better Spambot Protection in phpBB3?

Post by Highway of Life »

This post would be better over here...
jumborex wrote:
sectionw wrote: I implemented the text confirmation, a simple question is asked, and solved so far my spambot problem. [...]

This discussion as already been made on this board: viewtopic.php?f=3&t=26358&start=0
See expecially what I said starting from viewtopic.php?f=3&t=26358&st=0&sk=t&sd= ... 40#p171412

I summarise here: using a complicated system, I made a trial board where you could enter only finding out the solution for a complex game called Rebus. The game was in Italian, and no solution was provided in any other part of the forums, or in the site.
The site that my friends and me operates, is about enigmatography, the art more Italian than other, to create enigmas, double senses, crosswords and other amenities... Rebus is one known system to create a phrase out from images. See viewtopic.php?f=3&t=26358&st=0&sk=t&sd= ... 50#p171447

Well, after one month, or so, I closed the trial board: it was infested by spammers! :? In the occasion some of the friends here commented:
Highway of Life wrote: [...] You can be sure you'll have Italian Einstein's and Bots for users. :P

I know that in some other occasion Acyd Burne commented that in his opinion the only valid system to discourage Bots, is to ask to register filling non standard fields, that is (if I understand well) something similar to the VIP Mod!


The custom profile fields will work great for that kind of thing... you can set them to required on registration.
Image

sectionw
Registered User
Posts: 24
Joined: Mon Feb 07, 2005 7:49 pm

Re: Better Spambot Protection in phpBB3?

Post by sectionw »

Highway of Life wrote: This post would be better over here...
jumborex wrote:
sectionw wrote: I implemented the text confirmation, a simple question is asked, and solved so far my spambot problem. [...]

This discussion as already been made on this board: viewtopic.php?f=3&t=26358&start=0
See expecially what I said starting from viewtopic.php?f=3&t=26358&st=0&sk=t&sd= ... 40#p171412

I summarise here: using a complicated system, I made a trial board where you could enter only finding out the solution for a complex game called Rebus. The game was in Italian, and no solution was provided in any other part of the forums, or in the site.
The site that my friends and me operates, is about enigmatography, the art more Italian than other, to create enigmas, double senses, crosswords and other amenities... Rebus is one known system to create a phrase out from images. See viewtopic.php?f=3&t=26358&st=0&sk=t&sd= ... 50#p171447

Well, after one month, or so, I closed the trial board: it was infested by spammers! :? In the occasion some of the friends here commented:
Highway of Life wrote: [...] You can be sure you'll have Italian Einstein's and Bots for users. :P

I know that in some other occasion Acyd Burne commented that in his opinion the only valid system to discourage Bots, is to ask to register filling non standard fields, that is (if I understand well) something similar to the VIP Mod!


The custom profile fields will work great for that kind of thing... you can set them to required on registration.

Es and no, you need validation of the data enterred, using custom fields, defined by the admin with a validation, makes it impossible for bots to find a common way to hack in, since the question are as different as there are boards.

User avatar
Wernight
Registered User
Posts: 26
Joined: Sun Apr 02, 2006 2:15 pm
Location: France
Contact:

Re: Better Spambot Protection in phpBB3?

Post by Wernight »

I've put a custom question in an image. Putting it in an image doesn't improve much the turing test but it doesn't take much more effort either. That's what I did in phpBB2 and it worked well. It may be required to change the question every so and then but usually no human spammer takes the time to read the question and save the answer in his bot for each single forum.

Eventho the phpBB3 CAPTCHA has been improved a lot, I believe it won't take long for bots to be able to read correctly at least once after 10 tries - supposing the bot can change IP or wait a little before trying again, it's easy to try many times. So I do regret a bit that there is not built-in customizable anti-bot question. Something where you define the questions and answers in each language. Possibly using images for questions so you can also ask "What is this" on a banana image (supposing the bot doesn't try every basic words).

Anyway the best method is and remains: Making your board custom enough to avoid bots' generic methods to work less over 90% of the time.

User avatar
Kevin Clark
Support Team
Support Team
Posts: 751
Joined: Thu Feb 10, 2005 5:34 pm
Location: UK
Contact:

Re: Better Spambot Protection in phpBB3?

Post by Kevin Clark »

Highway of Life wrote: This post would be better over here...
jumborex wrote:
sectionw wrote: I implemented the text confirmation, a simple question is asked, and solved so far my spambot problem. [...]

This discussion as already been made on this board: viewtopic.php?f=3&t=26358&start=0
See expecially what I said starting from viewtopic.php?f=3&t=26358&st=0&sk=t&sd= ... 40#p171412

I summarise here: using a complicated system, I made a trial board where you could enter only finding out the solution for a complex game called Rebus. The game was in Italian, and no solution was provided in any other part of the forums, or in the site.
The site that my friends and me operates, is about enigmatography, the art more Italian than other, to create enigmas, double senses, crosswords and other amenities... Rebus is one known system to create a phrase out from images. See viewtopic.php?f=3&t=26358&st=0&sk=t&sd= ... 50#p171447

Well, after one month, or so, I closed the trial board: it was infested by spammers! :? In the occasion some of the friends here commented:
Highway of Life wrote: [...] You can be sure you'll have Italian Einstein's and Bots for users. :P

I know that in some other occasion Acyd Burne commented that in his opinion the only valid system to discourage Bots, is to ask to register filling non standard fields, that is (if I understand well) something similar to the VIP Mod!


The custom profile fields will work great for that kind of thing... you can set them to required on registration.

The custom reg fields are ok but they only require that 'something' is typed in. What you really need is that something specific is typed in.
Image

User avatar
Highway of Life
Registered User
Posts: 1399
Joined: Tue Feb 08, 2005 10:18 pm
Location: I'd love to change the World, but they won't give me the Source Code
Contact:

Re: Better Spambot Protection in phpBB3?

Post by Highway of Life »

You can set an integer CP that has a minimum value of say, 500, and a maximum value of 500.
Then you would just put something like:
Security Question:
Enter "500" into this field [ ____ ]

Single text fields can have minimum number of chars, and max, so you could specify something longer than three chars, since most bots just enter: "Yes" into such fields.

Textarea has some basic field validation options that could be used.
The boolean field would not work, nor would the date menus.
The drop down could be used, but the bot would have a "chance" at getting it right.

Just as an example...
If you have a large board that people would be trying to hack into automatically anyways, then methods like that would not work, but for many small boards, using something completely unique and different would work out in most cases. -- at least without a MOD.
Image

User avatar
Wernight
Registered User
Posts: 26
Joined: Sun Apr 02, 2006 2:15 pm
Location: France
Contact:

Re: Better Spambot Protection in phpBB3?

Post by Wernight »

This is a trick for numbers that's nice. The main problem in my eyes is that it's not only numbers but that it doesn't apply for guest posts. One very features of phpBB3 is the ability to post as guest, and bot will try to make use of it for sure. You may remove it but then you lose that nice feature.

Post Reply