The spambot invasion

A forum for solving problems that might be encountered during installation, updating, or in game.
Post Reply
The Elfoid
Posts: 1014
Joined: Mon May 03, 2004 5:30 am
Location: Devon, England
Contact:

The spambot invasion

Post by The Elfoid »

Guys can you stop this at all?
User avatar
TarousZars
Site Admin
Posts: 565
Joined: Wed Mar 31, 2004 9:15 pm
Location: Utah, USA
Contact:

Post by TarousZars »

I vote for Captcha's for registration, and guest posting. If you can't do captcha guest posting then just disable guests. it isn't that big of a deal for people to register.
Myrd
Site Admin
Posts: 4034
Joined: Fri Mar 19, 2004 10:17 pm

Post by Myrd »

CAPTCHAs are already there for registration. Apparently phpBB doesn't have the option for guest posting, but I doubt it would be hard to add since phpBB is open source and the general CAPTCHA functionality is already there.

Though, I don't have access to the box to take a look at it.
User avatar
Baak
Posts: 1109
Joined: Sat Mar 20, 2004 6:26 pm
Location: Mything

Post by Baak »

You can tweak the posting permissions such that the person must be registered to post (initially) but can be a guest to reply. This takes care of a LOT of spam posting, because they seem to prefer posting the initial posts and only sometimes reply.

We get spambots registering even with the CAPTCHA in registration - which is not only annoying as h***, but implies (to me anyway) that someone has cracked the CAPTCHA code (or at least the one phpBB2 uses).


I removed signatures and websites from our board users, because this is the primary raison d'etre for the spambots (to stick their website in their signature and post anything), but the *registration* window still has spaces for these two entries (an obvious flaw in phpBB2).

Apparently there is a mod which makes it so you *can* have signatures and websites in your profile, but only after you've registered and posted X number of posts (say 10 for example). At that point you can go back and edit your profile to add the signature/website. This keeps the spambots from bothering.


Seriously though: If the spambots can register at all with the CAPTCHA in place (like it is on our forum), doesn't that mean they've cracked the CAPTCHA code?!? I thought the whole point of the CAPTCHA code was to force people to register. What's up with that! :?


[Edit: In looking around a bit (always a good idea!) it appears the CAPTCHA in phpBB2 is BROKEN - I am looking into alternate/updated/better CAPTCHAs for phpBB2 and will post if I find something promising...]
User avatar
Baak
Posts: 1109
Joined: Sat Mar 20, 2004 6:26 pm
Location: Mything

Post by Baak »

Found one that looks promising - but (as with most) has poor documentation at the moment... :?

What we need is something we can just "drop in place".

The author says a new version is coming out in October - but I haven't emailed him to confirm - in the meantime, I'm going to see if I can figure out how to install this puppy in phpBB2 and possibly write a nice little wrapper, etc. to make it easy.

This will be something that will likely take me into the weekend.

By all means if someone finds a better solution - let us know! :)

I will let you know how it goes.
Lugas
Posts: 531
Joined: Fri Feb 03, 2006 4:20 pm

Re: The spambot invasion

Post by Lugas »

The Elfoid wrote:Guys can you stop this at all?
If I had Admin Powers, I would delete or edit spammers posts.
Click on the picture below for my Myth 2 scenario.
Image
Wismuth
Posts: 53
Joined: Fri Feb 10, 2006 12:08 pm
Contact:

Post by Wismuth »

spambots are automated and their script will fail if you do the slightest change to your phpBB forum.

One trick is to refuse registration if anything is entered in the "website" field, with an error message saying that you must leave the field blank and edit it later in your profile.
User avatar
Baak
Posts: 1109
Joined: Sat Mar 20, 2004 6:26 pm
Location: Mything

Post by Baak »

Agreed, Wismuth.

I'm looking into how easily that can be done such that the next phpBB update it's easy to "fix again" (this is the annoying side of modifying software like this).

Lugas wrote:If I had Admin Powers, I would delete or edit spammers posts.
Yeah, this becomes tedious almost immediately: (a) You have to waste your time/energy finding the spam users and posts; (b) You have to waste your time/energy deleting stuff.

The 3rd or 4th time you do this you realize just how much fun this is NOT. ;)

Having a solution whereby you NEVER have to delete their crap - and more importantly no one has to even read their crap - is much sweeter.


I'll try modifying the registration script on my phpBB - this was my other option if I didn't find a new CAPTCHA script I liked (and I haven't so far).

Will keep you posted.
The Elfoid
Posts: 1014
Joined: Mon May 03, 2004 5:30 am
Location: Devon, England
Contact:

Re: The spambot invasion

Post by The Elfoid »

Lugas wrote:
The Elfoid wrote:Guys can you stop this at all?
If I had Admin Powers, I would delete or edit spammers posts.
That's tiresome tho.
Post Reply