SPAMBOTS - how can we stop them - read FIRST post.

Temporary forum to obtain support while phpBB.com is offline.
Please use the support forum on phpBB.com
Forum rules
Temporary forum to obtain support while phpBB.com is offline.
Please use the support forum on phpBB.com
Locked
tffnguy
Registered User
Posts: 75
Joined: Thu Mar 02, 2006 5:13 am

Re: SPAMBOTS - how can we stop them - read FIRST post.

Post by tffnguy » Sun Feb 08, 2009 6:03 pm

All I can say is it would be so easy to beat the bots IF the text Custom Profile field worked like the drop down. (Or another one was added that did) Least wise the spam bot would have to be so bloated after trying to set it up to defeat the different entries from all boards that it would take days to download even at FIOS speeds. That and if you could set the drop down to only one correct answer out of many. In either case using both if the bot was upgraded to crack what you have setup then it would be a simple matter of changing it up. Then they have to add that to. (Probably not going to happen in the first place.)
Plano, Texas

fitbc
Registered User
Posts: 1
Joined: Sun Feb 08, 2009 8:46 pm

Re: SPAMBOTS - how can we stop them - read FIRST post.

Post by fitbc » Sun Feb 08, 2009 8:49 pm

Hi,

Can someone please tell me what database and table users are listed in so I can more easily delete them. In the control panel going through one by one is quite tedious.

Thanks,

Iain

User avatar
pmbinky
Registered User
Posts: 28
Joined: Fri Feb 06, 2009 1:54 am
Location: Suburb of Detroit
Contact:

Re: SPAMBOTS - how can we stop them - read FIRST post.

Post by pmbinky » Sun Feb 08, 2009 9:02 pm

fitbc wrote:Hi,

Can someone please tell me what database and table users are listed in so I can more easily delete them. In the control panel going through one by one is quite tedious.

Thanks,

Iain
It's the "users" table in whatever you named the database (tables typically start with "phpbb_"). Just remember that deleting
the users this way will leave any posts behind (if they posted).
blessings,
Tony <><

User avatar
EXreaction
Registered User
Posts: 1555
Joined: Sat Sep 10, 2005 2:15 am

Re: SPAMBOTS - how can we stop them - read FIRST post.

Post by EXreaction » Sun Feb 08, 2009 9:05 pm

Do not change anything in the database manually unless you know exactly what you are doing. Since you didn't know what table users were stored in that means you definitely do not know what you are doing. Use the ACP to delete users or you can easily screw your board up.

User avatar
Dog Cow
Registered User
Posts: 271
Joined: Wed May 25, 2005 2:14 pm

Re: SPAMBOTS - how can we stop them - read FIRST post.

Post by Dog Cow » Sun Feb 08, 2009 9:32 pm

hundrambit wrote:I looked in Apaches access.log to see what exactly those bots are doing, and see following sequence all the time.

This first GET request always appears in an attempt, every time, I have not seen single attempt without this request (what does the bot finds out in this request?);

Code: Select all

xx.113.16.66 - - [02/Feb/2009:08:43:55 +0100] "GET /posting.php?mode=reply&f=40&t=86&sid=559b49ce72c1f1a6d43130e7a46ddc17 HTTP/1.0" 200 53751 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; KTXN)"
About 15 reply attempts are made directly after (I include only first 3 of them);
The difference between phpBB 2 and phpBB 3, is that in v2, the only page you need to load is registration to get the captcha. The rest of it can be done by POSTing directly to the posting.php script.

In v3, they added some stuff to the posting page so you now need to scrape that page as there are some variables that need to be sent with every POST (which change each time).

Code: Select all

<input type="hidden" name="creation_time" value="1234128659" />
<input type="hidden" name="form_token" value="c2ae08364cab2c1de7623f4107b8a1dfea362e7e" />

bsmither
Registered User
Posts: 8
Joined: Tue Feb 03, 2009 11:17 pm

Re: SPAMBOTS - how can we stop them - read FIRST post.

Post by bsmither » Sun Feb 08, 2009 11:09 pm

Darcie wrote:I have a test board online with NO links to it other than that Google knows it exists. It has gotten this recent wave of spam too, although most likely not in the numbers that a board with more incoming links would. ;)
I have a board that absolutely no one knows about. Except Google. How did Google find it?

In past experience, I was trying to snag a domain name that was due to expire. (The whole "domain after-market" industry is an enlightening read.) I learned there that direct access to the DNS system is granted to certain individuals/companies.

I am supposing that a cretin who has/had access to the DNS system created a list of billions of domain names and posted it online, then told Google about it - or made such a way that Google would find it on its own. I found my forum's domain name on two sites whose sole purpose was to list lots and lots of domain names.

Again, I created this domain name to host a forum, but absolutely no one knows about it, nor could anyone guess the domain name. Yet, I'm receiving about 3-5 registration attempts a day.

tffnguy
Registered User
Posts: 75
Joined: Thu Mar 02, 2006 5:13 am

Re: SPAMBOTS - how can we stop them - read FIRST post.

Post by tffnguy » Mon Feb 09, 2009 1:09 am

As for the last question never assume that you were the first to come up with a name. If you or someone else registers a domain and then let it go then it will be on a list of domains that are for sale or maybe even be auctioned off. People and companies also buy up blocks of names hoping to make $$$ off of someone else wanting them. A lot of times I'll search on my web site name and be taken to pages that have nothing to do with my site. some are even competing sites. Go Figure...

And for the spam bots. It appears that for now I have managed to block them using the custom profile fields only. Not sure how long that will last, but its awful nice for the time being. I've been watching the accounts they make and learning from them. I may have found my first casualty of all of this though with nuking any accounts that don't look up to snuff. Someone is wanting in my forums and probably should be allowed, BUT either the name they used or the DNS is blocked so they can't register again.

And on the third part this not being able to log in here is really starting to be a pain in the rear. I might try several times to login and get in to the damn loop where it says I successfully logged in then be taken right back to the login screen. Then out of the blue I can log right in with no problem at all, but once I close the browser its back to the login problem until it decides to let me stay logged in again. :roll:
Plano, Texas

User avatar
Fountain of Apples
Registered User
Posts: 81
Joined: Wed Nov 09, 2005 2:59 pm
Location: SF Bay Area, CA, USA
Contact:

Re: SPAMBOTS - how can we stop them - read FIRST post.

Post by Fountain of Apples » Mon Feb 09, 2009 1:14 am

One of the best things you can do is to come up with something unique for your own site. Spammers try to run their attacks across as many sites as they can at once, which is why they targeted and cracked the phpBB CAPTCHA because it is so widely used (not to mention freely-available open-source). However, if you've got something unique on just your own site, you'll be doing pretty well because few spammers will try to gain access to one little unique website, unless it's wildly significant/popular.

It's kind of annoying to have to program based on the ego of spammers, but that's the way it works. :roll:
Image
A successful community begins with YOU. Tag, you're it.

Pond Life
Registered User
Posts: 11
Joined: Sun Feb 01, 2009 11:48 pm
Location: http://127.0.0.1/
Contact:

Re: SPAMBOTS - how can we stop them - read FIRST post.

Post by Pond Life » Mon Feb 09, 2009 1:57 am

bsmither wrote:
Darcie wrote:I have a test board online with NO links to it other than that Google knows it exists. It has gotten this recent wave of spam too, although most likely not in the numbers that a board with more incoming links would. ;)
I have a board that absolutely no one knows about. Except Google. How did Google find it?
Have you disallowed it in your robots.txt? As far as I can tell Google does obey but Yahoo doesn't, it listed my test forum that had absolutely no links anywhere. The only place the directory was listed was in robots.txt (disallowed). :evil:

idiotnesia
Registered User
Posts: 29
Joined: Thu May 22, 2008 2:46 am

Re: SPAMBOTS - how can we stop them - read FIRST post.

Post by idiotnesia » Mon Feb 09, 2009 2:59 am

I just modify a litle bit about post moderation

if user_posts < x and post contain link > x
then approve first...

I'm sure almost every spam always has some link on it.
idiotnesia wuz here

Locked