Better Spambot Protection in phpBB3?

Discussion of general topics related to the new version and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Post Reply
User avatar
Highway of Life
Registered User
Posts: 1399
Joined: Tue Feb 08, 2005 10:18 pm
Location: I'd love to change the World, but they won't give me the Source Code
Contact:

Re: Better Spambot Protection in phpBB3?

Post by Highway of Life »

There will forever be this continuous war between spammers, and spam-blockers.
Spammers trying to find ways around the security precautions, and Security always trying to find new ways to block the ever evolving Spam... and it's still not illegal. :roll:

So the best method of defense? Uniqueness...
If every board had a tough new unique way of blocking the spam registration attempts, it makes it very difficult, and not worthwhile for programmers to create methods for bots to attempt to register on those boards... they would end up waisting their time... this is what we hope for, of course. What could be better than spam programmers waisting time. :D
But spam methods are always evolving, so as site/forum administrators, you must also evolve to keep a step ahead and keep spam out.

It is indeed a good method to create a script or MOD that randomizes the registration process... do this, and you make it very difficult for bots to register.
But always keep users in mind... if you make it so difficult to register, that not even humans can get in, you are going to lose a large potential userbase.
I always try to "keep my grandma in mind" when building scripts for spam-blocking.
This is the one reason logic-puzzles are at the top my list of spam-prevention pet-peeves.
Unless you want to make sure your userbase is of high IQ status, it does not make much sense to use such systems.
Then you also have to keep the color-blind in mind when creating CAPTCHA's... there are actually quite a few color blind computer users out there, and you don't want to alienate them either.

So this means, everything should be done on the back-end if possible... hidden and underneath... this is the best theory for blocking spam, the trick is "good" implementation of it.

We are working on it, however...
And I'm sure you will see many spam prevention MODs become available for phpBB3, and I would recommend picking one up when you can.

8)
Image

Case
Registered User
Posts: 60
Joined: Tue Jun 06, 2006 9:44 am
Contact:

Re: Better Spambot Protection in phpBB3?

Post by Case »

I installed this mod recently...

http://www.phpbb.com/phpBB/viewtopic.php?t=472940

Not had 1 spam user sign up since and normal users are registering fine.

User avatar
Highway of Life
Registered User
Posts: 1399
Joined: Tue Feb 08, 2005 10:18 pm
Location: I'd love to change the World, but they won't give me the Source Code
Contact:

Re: Better Spambot Protection in phpBB3?

Post by Highway of Life »

phpBB2 MODs won't work for phpBB3 and vise-versa...

Though, I have a feeling you knew that already, and were just making a side comment. ;)
Image

Case
Registered User
Posts: 60
Joined: Tue Jun 06, 2006 9:44 am
Contact:

Re: Better Spambot Protection in phpBB3?

Post by Case »

Good point, sorry wasn't very clear was it.

Yea, I was just pointing out that particular mod has been the most effective spam prevention I've come across.

User avatar
threeiem
Registered User
Posts: 7
Joined: Wed Jan 10, 2007 12:36 pm

Re: Better Spambot Protection in phpBB3?

Post by threeiem »

I always try to "keep my grandma in mind" when building scripts for spam-blocking.


So very true. I work at a place that creates software for home inspectors and they may know a lot about the construction of a house, but are doing really good if they can even tell us what a forum, message board or blog are, much less sign into one and post to it. I don't know how those guys get around with stuff like "Crapcha" about.

All hail the mighty principle "K.I.S.S." ;)

User avatar
Tienchen
Registered User
Posts: 91
Joined: Thu Sep 14, 2006 5:23 pm
Location: Germany
Contact:

Re: Better Spambot Protection in phpBB3?

Post by Tienchen »

But you could define something with the "custom profile fields" I think. Choose the "dropdown box" here, then define a question and give two options, define one as wrong and make the whole as "Required field". Of course the mod for phpBB2 is a bit more comfortable and more safe, but it could work I think.

EDIT: Also possible with numbers. E.g.: Write the number 16532. And only allow this number.
Or with single textfield/textarea. E.g.: Write an alpanumeric word with 15 letters.
Of course boolean E.g.: Are you human? Yes/no. (Ah, not possible with boolean, but "dropdown" is of course even more difficult for bots I think.)
I don't like these cold, precise, perfect people, who, in order not to speak wrong, never speak at all, and in order not to do wrong, never do anything. (Henry Ward Beecher)
Die Stifthelden

sectionw
Registered User
Posts: 24
Joined: Mon Feb 07, 2005 7:49 pm

Re: Better Spambot Protection in phpBB3?

Post by sectionw »

Tienchen wrote: But you could define something with the "custom profile fields" I think. Choose the "dropdown box" here, then define a question and give two options, define one as wrong and make the whole as "Required field". Of course the mod for phpBB2 is a bit more comfortable and more safe, but it could work I think.


One option that could be good, is if you answer wrong that the user becomes approve only by admin, if he gets it right a confirmation email is sent, just a thought.

manoj
Registered User
Posts: 32
Joined: Sun Jun 04, 2006 6:03 pm

Re: Better Spambot Protection in phpBB3?

Post by manoj »

This is pretty relevent to this topic..
Is there some function in Olympus where if the user didn't activate their account via email (if this is set, of course) with X number of days, the unactivated username is deleted from the database? or will this have to be a mod?

User avatar
Highway of Life
Registered User
Posts: 1399
Joined: Tue Feb 08, 2005 10:18 pm
Location: I'd love to change the World, but they won't give me the Source Code
Contact:

Re: Better Spambot Protection in phpBB3?

Post by Highway of Life »

First off... no, there is no default function that would do this.
Second, it doesn't really make sense, since the spambots can automatically, and instantly activate their accounts from the emails...
So bots would still easily get by this sort of limitation.
Image

manoj
Registered User
Posts: 32
Joined: Sun Jun 04, 2006 6:03 pm

Re: Better Spambot Protection in phpBB3?

Post by manoj »

oh..i thought the spambots used fake emails..srry lol

Post Reply