recent spambots
Forum rules
Temporary forum to obtain support while phpBB.com is offline.
Please use the support forum on phpBB.com
Temporary forum to obtain support while phpBB.com is offline.
Please use the support forum on phpBB.com
-
- Registered User
- Posts: 11
- Joined: Sun Feb 01, 2009 11:48 pm
- Location: http://127.0.0.1/
- Contact:
Re: recent spambots
Don't forget that not all spammers are bots. I have got a custom profile field but my forum was still hit by four Russian pron spammers last night and one of them even added an avatar to their profile. I am considering the moderation queue option if it gets worse but that has a possible negative effect on genuine new users too.
Re: recent spambots
I think the post count moderation technique will probably only frustrate genuine new members who wonder why their post is not appearing yet (particularly if they are used to posts appearing immediately on other forums they use).
I use Admin activation of new accounts on our forum only. I think the topic of our forum is fairly niche (quiet), and not public enough (ie low level of registrations) to warrant open User reg+activate. I prefer tight control of registration, which is seldom enough to make overseeing it manageable. (This might not be the case for other forum admins?).
Anyway, so I've implemented just today the suggestions in this thread of increasing the CAPTCHA graphic background noise, and adding Custom Profile Fields to ask additional anti-spambot questions at registration time (thanks for the ideas and links).
I will see how it goes. My attitude is that if a new user is genuine, interested and wants to contribute and receive help from our forum, they will understand and take the time to fill the extra (easy) questions. I have also phrased the wording and questions of the custom profile fields to make them light-hearted and fun to fill, and likely more difficult for bots to figure out (spambots seem to have no sense of humour how odd) !
Edit: Oh and I also wildcard Ban some emails, like *@*.ru to prevent registration by Russian spammers at the front door (no doubt the list will grow over time)
I use Admin activation of new accounts on our forum only. I think the topic of our forum is fairly niche (quiet), and not public enough (ie low level of registrations) to warrant open User reg+activate. I prefer tight control of registration, which is seldom enough to make overseeing it manageable. (This might not be the case for other forum admins?).
Anyway, so I've implemented just today the suggestions in this thread of increasing the CAPTCHA graphic background noise, and adding Custom Profile Fields to ask additional anti-spambot questions at registration time (thanks for the ideas and links).
I will see how it goes. My attitude is that if a new user is genuine, interested and wants to contribute and receive help from our forum, they will understand and take the time to fill the extra (easy) questions. I have also phrased the wording and questions of the custom profile fields to make them light-hearted and fun to fill, and likely more difficult for bots to figure out (spambots seem to have no sense of humour how odd) !
Edit: Oh and I also wildcard Ban some emails, like *@*.ru to prevent registration by Russian spammers at the front door (no doubt the list will grow over time)
Re: recent spambots
I have to say, I am a bit behind here. I am running the original 3.0.0 and I have just started getting these spam bots so this is not related mirely to 3.0.4. I can see, this is going to be a real pain.
- EXreaction
- Registered User
- Posts: 1555
- Joined: Sat Sep 10, 2005 2:15 am
Re: recent spambots
I've only had one person keep coming back and posting the same garbage (bunch of links to some mcdir.ru site). But I found out the reason they could do that was from a bug in the currently released version of the Anti-Spam ACP mod. I fixed the bug yesterday and they'll no longer be able to post anything with mcdir.ru appearing in the post more than once.
Other than maybe once a month I get pretty much no spam.
I have noticed more that people like to post legitimate looking posts asking for help, then days later editing the post to have spam in it. But I've caught most if not all of those who are doing that. Any post that looks suspicious I just flag the user for and then get notified if they alter their profile, edit posts, add posts, or send PM's.
Other than maybe once a month I get pretty much no spam.
I have noticed more that people like to post legitimate looking posts asking for help, then days later editing the post to have spam in it. But I've caught most if not all of those who are doing that. Any post that looks suspicious I just flag the user for and then get notified if they alter their profile, edit posts, add posts, or send PM's.
-
- Registered User
- Posts: 23
- Joined: Sun Feb 01, 2009 10:42 pm
Re: recent spambots
We used to get 2 or 3 from China untill last week now as has been reported here they are from .ru.... also I am beginning to get some using a "shared network device" one using this had an IP from Switzerland then when I saw them online about 20 minutes after activation the IP was from Ireland..
Re: recent spambots
Can you do the Custom Profile Field (or a variant of it) for guest postings?
As I said, we do allow guest postings (with Captcha, but I think I've made it too complex), for my forum setup this is ideal as we only manually activate accounts once approved to join (it's a guild forum for Age of Conan).
As I said, we do allow guest postings (with Captcha, but I think I've made it too complex), for my forum setup this is ideal as we only manually activate accounts once approved to join (it's a guild forum for Age of Conan).
Re: recent spambots
I agree with Gideon5L2F: I think the GD-based CAPTCHA has been figured out.
Analyzing my server logs for the most recent 5 registrations shows that within just a few seconds, those visitors GET/POSTed up to seven times - presumably fetching CAPTCHA images until one was delivered that could be recognized.
Analyzing my server logs for the most recent 5 registrations shows that within just a few seconds, those visitors GET/POSTed up to seven times - presumably fetching CAPTCHA images until one was delivered that could be recognized.
Re: recent spambots
I must say... Thank you MUCHLY for the copy of the KB. I was trying to do a couple of things and using google to find the cached versions of that while phpBB.com is down... is a painChrisRLG wrote:It has been noted that changing the noise level to both the foreground and background of the CAPTCHA is holding them off.
They are probably only breaking the default noise levels.
Do note that changing those levels can make it harder for humans too, so it is a trade off.
One other option, in the KB's is an article where you can use the custom profile fields as an anti-spammer system.
A copy of the KB is here for while phpBB.com is down.
Re: recent spambots
In the last 72 hours I have been hit by 12 new user registrations, two of whom posted pornography on my forum. This has nothing to do with an upgrade, I am still using phpBB3 3.01. Normally I get a new user every few days.
Thanks to the suggestions above I will try to tighten up the registration CAPTCHA and maybe take other steps mentioned above. I have temporarily turned off new user registration entirely.
C Glazier
Thanks to the suggestions above I will try to tighten up the registration CAPTCHA and maybe take other steps mentioned above. I have temporarily turned off new user registration entirely.
C Glazier
Re: recent spambots
The Prime Anti Bot mod (mirrored on my website) works for guest posting as wellDaworm wrote:Can you do the Custom Profile Field (or a variant of it) for guest postings?
As I said, we do allow guest postings (with Captcha, but I think I've made it too complex), for my forum setup this is ideal as we only manually activate accounts once approved to join (it's a guild forum for Age of Conan).