SPAMBOTS - how can we stop them - read FIRST post.

[Red Prince]

Again, I created this domain name to host a forum, but absolutely no one knows about it, nor could anyone guess the domain name. Yet, I'm receiving about 3-5 registration attempts a day.

No one needs to know about your domain name to find your forum.

I run a small personal web site on my home computer. When I look at the log, I see many attempts to visit without any of the domain names my server is set up for. There are people who run probes that go from one IP to the next, looking for security holes. Once they find that the IP of your forum has port 80h open, they try various default pages used by forums and blogs. Once they find your forum page, they can see what forum software you are using and they can spam you as much as they want. And if your web server is set up to redirect example.com to www.example.com, they even get your domain name from that.

I really wish the people who have the know-how of writing these spam bots used it for creating useful software instead of trying to annoy the world.

[Pony99CA]

I haven't read all 18 pages of this, so if this has been addressed, please point me to the reply.

One thing I remember people talking about in phpBB 2 was changing the registration script's name so that bots couldn't find it easily. After having read the long server outage thread, especially the part about password salting, I was wondering if phpBB itself couldn't salt the script names.

For example, have a configuration option that lets the admin add an arbitrary string to the registration script/function's name and invoke that function's name dynamically. The same could be done for the posting script's name (for those boards that allow guest posting).

I understanding dynamic execution can sometimes be a security risk, but the name would just be the concatenation of the existing name and the salt.

Would that work? If so, could phpBB add it to avoid MODs?

Steve

[backdoor]

In 2.x.x I deleted the register code from the overall_header file and this SIGNIFICANTLY reduced the spam accounts. I provided a link to the registration page in a forum thread itself. I was getting 10-20 a day and it went to maybe 2 or 3 a month. I was able to keep the Admin approval on and it didn't drive me crazy. I figure that if spammers can't find it right away, they'll leave. If someone is serious about registering they'll find it.

Now with 3.x.x I started getting a bunch of spam accounts again and am trying the same technique. We'll see how it works.

[thecoalman]

backdoor, the spambots are automated and I don't see that will help. The way they work is to either have a database of sites that run phpbb or seek them out. They "know" where the registration page is and don't need a link to find it. For phpbb2 specifically they would simply post the registration and never even load the registration page. They can't do that with phpbb3 however.

[backdoor]

That makes sense for spambots but I think many "spam" accounts are real people just registering accounts to place their web sites and descriptions on the forum. Yes? Or am I being naive?

[manutoo]

Hello,

I didn't read the 18 pages of this thread, so sorry if the following has been posted before.

I began to get 5 or more spam messager per day on last beginning of last week, most from guest users.
Instead of disabling the guest users, I just did a lil Mod to prevent guest to post link, like :

in posting.php, after :

Code: Select all

f (sizeof($message_parser->warn_msg))
	{
		$error[] = implode('<br />', $message_parser->warn_msg);
	}

add :

Code: Select all

//=== TOO: Anti-Spammer BEGIN
	if (isset($post_data['poster_id']) && $post_data['poster_id'] == ANONYMOUS)		// Guest ?
	{
		$NbH = substr_count($message_parser->message, "href=");
		$NbU = substr_count($message_parser->message, "[/url");

		if ($NbH + $NbU >= 1)
		{
			$error[] = "Guests can't post link..!<br />Create an account (it's free), or remove the link(s) from your post.<br />"
//						."NbH = $NbH; NbU = $NbU<br />"
//						.$message_parser->message
						;
		}
	}
//=== TOO: Anti-Spammer END

And since then, I didn't get spam anymore.
Note: if u want to print the message in a clean way (ie: allow other language), u'd have to change the $error[] assignation.

It seems that allowing guest user to post encourage the bots to not register to post their spams...

[Fountain of Apples]

Most spam registrations these days are automated, which means that they'll make a direct link to the register page. Quite frankly, you'd be more effective changing the filename for the registration page than removing the Register link. (But changing the filename is technically quite a bit harder.)

[Sandcrawler]

I recently started getting Spambots accounts on my forums after not getting any when I upgraded to 3.0 when the first stable version was release, about a week ago I started getting a few again. My solution was reCAPTCHA, and I haven't gotten a new spam account yet. Sadly they don't have a phpbb3 plugin. But by following this guide you should be able to get it working.
http://groups.google.com/group/recaptch ... 1c498b5c02

The reCAPTCHA website is here if you want to find out more before you look into using it.

[thecoalman]

That makes sense for spambots but I think many "spam" accounts are real people just registering accounts to place their web sites and descriptions on the forum. Yes? Or am I being naive?

The recent wave of spam is caused by Bots, that's why its so prevalent. By doing what you're doing IMO you're just making it harder for legitimate users to register. A human spammer will most likely know what the URL is to get to the registration page anyway whereas a legitimate user will not.

Human spammers are hard to stop, instead of hiding the link for registration activate the moderation queue for first posts. Even that is not 100% because I beleive many of the human spammers will simply reply to something....

[pietpetoors]

It seems that allowing guest user to post encourage the bots to not register to post their spams...

Manutoo, on my forums guests can do nothing besides read, they cannot post anything anyway and still I get these spam registrations.

What I find strange is that these poor idiots register on the site, I approved one or two of them but yet they never post anything.
The only logical explanation I can find for this is that perhaps they register just so that their web site can show up in the "members" page so that they can build link popularity.

Is there a way that one can disable the the users' web sites to show in the members list page? Perhaps if they cannot get any links by registering they will stop register?