I've had quite a few spammers trying to register just recently also. However none have actually become listed in the memberlist yet. (they are not in the database either)
I think that is because of two mods I have installed.
1. (it doesn't actually have anything to do with stopping them, but it does allow me to know they are not being able to complete registration) Notify Admin on Registration..this mod allows me to know thru email that someone went thru the registration process. also gives username and email that they used.
2. Prime Birtdate Require ver 1.2.2
and another one that I had forgotten-
3. (I don't remember that exact title) Location required on registration.
I'm happy for now.
on two different boards, about 25 have attempted in the last week
SPAMBOTS - how can we stop them - read FIRST post.
Forum rules
Temporary forum to obtain support while phpBB.com is offline.
Please use the support forum on phpBB.com
Temporary forum to obtain support while phpBB.com is offline.
Please use the support forum on phpBB.com
Re: SPAMBOTS - how can we stop them - read FIRST post.
I started getting spam messages a few days ago.
I enabled The confirmation by user and so far that seems to have helped. I havent gotten any posts since, but i can still see the bots trying to register
On a related note, I couldn't get my server to send email (i need to configure my sendmail) so for a quick fix I ended up using my google apps smtp server(i use gmail for my domain email). It seems to work good once i figured out how to do ssl in phpbb.
SMTP server address: ssl://smtp.gmail.com
SMTP server port: 465
Authentication method for SMTP: LOGIN
One nice thing about using gmail smtp is I actually get a bounce message when someone uses a bad email address, which makes it easier to delete some of the fake accounts(some look like they actually are using valid emails)
I enabled The confirmation by user and so far that seems to have helped. I havent gotten any posts since, but i can still see the bots trying to register
On a related note, I couldn't get my server to send email (i need to configure my sendmail) so for a quick fix I ended up using my google apps smtp server(i use gmail for my domain email). It seems to work good once i figured out how to do ssl in phpbb.
SMTP server address: ssl://smtp.gmail.com
SMTP server port: 465
Authentication method for SMTP: LOGIN
One nice thing about using gmail smtp is I actually get a bounce message when someone uses a bad email address, which makes it easier to delete some of the fake accounts(some look like they actually are using valid emails)
Re: SPAM registrations after upgrading to 3.0.4
But who wants to recieve 10 pms per day? The best and only realistic option is to stop spambots dead in their tracks. Obviously, the phpBB3 CAPTCHA system has been defeated. The only thing to do is to create a new kind of CAPTCHA or make some different looking letters that the bot isn't programmed to discern.COD3M4ST3R-X wrote:Well try this modification for a chance Automatic Spammer Detection This MOD uses Stop Forums Spam to check username, email and IP for potential spammer. If anything is returned, all the founders receive a PM notify them about the user.baxterdown wrote:Yes I did, but I couldn't get it to do what I want. I would like to make a text field where the person registering has to enter a security code (string of characters like abc1234) I provide to them in advance. I tried creating a "Single text field" but that didn't work. I couldn't find where to enter the string... Am I doing it wrong?
Hope this helps
Probably because somebody cracked the phpBB3 CAPTCHA system and sold it to spammers. I am getting the same spam on two different phpBB3 boards at two different domain names.Severus Snape wrote:Anyone know why there is this spam increase all of a sudden? Is it related to the phpBB site going down?
Spammers often use open proxy servers which can be located anywhere. Banning IP addresses or entire countries will do nothing to stop spam in the long run. That is just sticking your finger into a leaky dike. Eventually, it will burst.marcusbacus wrote:Today I got a probable spammer registration using an IP from my country (Brazil) which makes it impossible to ban entire countries.
I doubt it. I got a few spams from bots months ago when I had guest posting enabled. It was just this week where the spambots have really gotten active. I didn't have any spam for over two months on my phpBB3 boards until this week.marcusbacus wrote: As some said could it have anything to do with the phpbb.com attacks? I also found that this new captcha was already broken too.
I use Akismet on a Wordpress blog. It stops spam comments from going live on your blog, but it does NOTHING to stop spam. Every day my blog gets spam. I can quickly delete all of it. But I would much rather have the ability to prevent spam in the first place instead of having the server do the extra work of querying the Akismet database.luchtzak wrote:Why no AKISMET integration in a standard phpbb version ? Last days I have received 100's of spam accounts new registrations!
http://www.wordpress.org uses AKISMET already for a few years now with great succes!
Exactly. That's why there needs to be a built-in facility for webmasters to customize their CAPTCHAS so they are different from everyone else's.Brammers wrote: I guess it was a matter of time before the phpBB3 CAPTCHA got beaten.
Those are not individuals. Those are spam bots. I am getting the same "CheapOemSoftware" spammer on two different phpBB3 boards on two separate domain names. It cannot be anything other than a bot.mixstar wrote:I have never had spammers trying to log in before but just now I found three that had tried and obviously not got past the CAPTCHA. The one that caught my eye was 'CheappOemSoftwware' as I had seen it crop up on a discussion here. Are these auto or are they individuals, I presume they are automated as they didn't complete registration?
That isn't a solution, just a temporary fix. And it creates a lot more work for the webmaster. My experience is that when you start getting hit with spam, it can grow quickly. I used to use that crappy SMF for a forum. At first, I got one spam every day or other day. Then within a few weeks, I was getting 10 spams a day. After a while, I was getting 30 - 45 spams per hour--every hour. I remember logging in to my SMF forum one day and having to delete hundreds of spam registrations and their posts.Pond Life wrote:You could enable queued posts for the first post and activate the ones you're not sure about, let them post and review it before approval. That way if it is spam it won't appear on your board.
Spam bots have had optical character recognition abilities for years. They have to be programmed for each particular board's CAPTCHA system. But once that is done, and it looks like it has with phpBB3, the only solution is to change the CAPTCHA to one the bot is not programmed to recognize.pls wrote:Do they have OCR capabilities now?
- EXreaction
- Registered User
- Posts: 1555
- Joined: Sat Sep 10, 2005 2:15 am
Re: SPAMBOTS - how can we stop them - read FIRST post.
You could do that with this:
http://www.lithiumstudios.org/forum/vie ... f=31&t=941
Just enter http:// as a spam word and set it to check the first post.
http://www.lithiumstudios.org/forum/vie ... f=31&t=941
Just enter http:// as a spam word and set it to check the first post.
Re: SPAMBOTS - how can we stop them - read FIRST post.
Everyone,
Just to say that I used the Custom Field and added a question "Are you human" with a load of stupid answers (Maybe, Not sure and so on) and
of course a No (default) and a Yes.
The spam stopped immediately (from 20 a day to 0) and I had a legitimate user register just now
Thanks,
T.
Just to say that I used the Custom Field and added a question "Are you human" with a load of stupid answers (Maybe, Not sure and so on) and
of course a No (default) and a Yes.
The spam stopped immediately (from 20 a day to 0) and I had a legitimate user register just now
Thanks,
T.
Re: SPAMBOTS - how can we stop them - read FIRST post.
That simple yes/no question will probably be picked up on by the spambot makers - so dont rely on it. I have now removed that one from my own forum.trixom wrote:Everyone,
Just to say that I used the Custom Field and added a question "Are you human" with a load of stupid answers (Maybe, Not sure and so on) and
of course a No (default) and a Yes.
The spam stopped immediately (from 20 a day to 0) and I had a legitimate user register just now
Thanks,
T.
The second option using a 'code' where you edit the langauge file to stop the answer being given is better.
An exapmle for say this forum (area51) would be to use '51' as the answer with a question such as "which area are you joining". Hopefully your new users would understand, and it would be unique to your forum. I doubt the spambots would then find the 'answer' unless your own forum was 'personally' coded for by the programmer.
So find a 'number' which can be given to your new users in some way, so they can register easy, but which is unique enough that it will not be possible, or too expensive in time, for the spambot makers to code for.
Remember you are trying to make the answer unique to your forum.
Starfoxtj Toolkit
ASAP member since 2004 - MS MVP (Windows Security) member since 2005
Live phpBB3 Forum
ASAP member since 2004 - MS MVP (Windows Security) member since 2005
Live phpBB3 Forum
Re: SPAMBOTS - how can we stop them - read FIRST post.
I agree with ChrisRLG entirely.
My previous post in the other topic which has been locked now, for replies to be continued in this topic thread, was this....
Needless to say I'm going to re-activate my custom-profile questions. I have created one drop-down list question, and one number code type question, both phrased uniquely to our forum, and I'm sure that will stop the little blighters again.
My previous post in the other topic which has been locked now, for replies to be continued in this topic thread, was this....
And guess what. After turning OFF my custom profile questions (as a test), although I had changed the background noise from the defaults, yesterday/today I have had NINE more auto registrations from bots!Since making my changes (background noise, and custom profile questions), no more spambots
But thats 2 levels of sophistication. Maybe I should have left the custom profile questions off initially to evaluate effectiveness of just the background noise change.
I've de-activated my custom profile questions to see whether bots get in. I'm using X=15 and Y=15 (shhh!)
Needless to say I'm going to re-activate my custom-profile questions. I have created one drop-down list question, and one number code type question, both phrased uniquely to our forum, and I'm sure that will stop the little blighters again.
Re: SPAMBOTS - how can we stop them - read FIRST post.
I'm trying to use a custom profile field involving numbers, and it seems to go in fine... except for how it displays. You can see a screenshot below. Am I doing something wrong in the setup or is there some bad code on the page that needs cleaning, that it's showing all that extra garbage?
- Attachments
-
- for="pf_sinking">What year did the Titanic sink?:
- customfield.jpg (45.82 KiB) Viewed 15536 times
Re: SPAMBOTS - how can we stop them - read FIRST post.
So have I. Fortunately traffic is fairly light on my site, so I am set to be notified of all new posts. As soon as the spam started to appear I switched to administtrator confirmation of new accounts. I send a form letter to all new registrants before approving them, and if they don't answer in a reasonable amount of time I delete them. That is a nuisance, though, so I would like to switch to a (hopefully harder to crack) captcha.jimcarrel wrote:I've had quite a few spammers trying to register just recently also.
The captacha used for area51 registrations is not the one used in my phpbb version 3. What captacha is used here?
Dale H. Cook, Member, NEHGS and MA Society of Mayflower Descendants;
Plymouth Co. MA Coordinator for the USGenWeb Project
Administrator of http://plymouthcolony.net
Plymouth Co. MA Coordinator for the USGenWeb Project
Administrator of http://plymouthcolony.net
-
- Registered User
- Posts: 1
- Joined: Fri Feb 06, 2009 2:56 pm
Re: SPAMBOTS - how can we stop them - read FIRST post.
Hi,
Just a really simple question. I only have access to the admin panel, nothing php/mysql on our server, etc. so, I can't perform alot of the approaches to actually eliminate spammers.
Whats being done, is that they aren't activated (admin activation, and we just delete the email)....... but, spammers are still appearing in members list, so when people click on their name, they are getting the info/websites, etc. etc.
I'm wondering if there is a way to set this up such that the memberlist isn't viewable by users, only by admin. I can't find the setting on the admin panel, but perhaps someone knows how to approach it.
Thank you.
Just a really simple question. I only have access to the admin panel, nothing php/mysql on our server, etc. so, I can't perform alot of the approaches to actually eliminate spammers.
Whats being done, is that they aren't activated (admin activation, and we just delete the email)....... but, spammers are still appearing in members list, so when people click on their name, they are getting the info/websites, etc. etc.
I'm wondering if there is a way to set this up such that the memberlist isn't viewable by users, only by admin. I can't find the setting on the admin panel, but perhaps someone knows how to approach it.
Thank you.