The spambot invasion
-
The Elfoid
- Posts: 1014
- Joined: Mon May 03, 2004 5:30 am
- Location: Devon, England
- Contact:
-
TarousZars
- Site Admin
- Posts: 565
- Joined: Wed Mar 31, 2004 9:15 pm
- Location: Utah, USA
- Contact:
You can tweak the posting permissions such that the person must be registered to post (initially) but can be a guest to reply. This takes care of a LOT of spam posting, because they seem to prefer posting the initial posts and only sometimes reply.
We get spambots registering even with the CAPTCHA in registration - which is not only annoying as h***, but implies (to me anyway) that someone has cracked the CAPTCHA code (or at least the one phpBB2 uses).
I removed signatures and websites from our board users, because this is the primary raison d'etre for the spambots (to stick their website in their signature and post anything), but the *registration* window still has spaces for these two entries (an obvious flaw in phpBB2).
Apparently there is a mod which makes it so you *can* have signatures and websites in your profile, but only after you've registered and posted X number of posts (say 10 for example). At that point you can go back and edit your profile to add the signature/website. This keeps the spambots from bothering.
Seriously though: If the spambots can register at all with the CAPTCHA in place (like it is on our forum), doesn't that mean they've cracked the CAPTCHA code?!? I thought the whole point of the CAPTCHA code was to force people to register. What's up with that!
[Edit: In looking around a bit (always a good idea!) it appears the CAPTCHA in phpBB2 is BROKEN - I am looking into alternate/updated/better CAPTCHAs for phpBB2 and will post if I find something promising...]
We get spambots registering even with the CAPTCHA in registration - which is not only annoying as h***, but implies (to me anyway) that someone has cracked the CAPTCHA code (or at least the one phpBB2 uses).
I removed signatures and websites from our board users, because this is the primary raison d'etre for the spambots (to stick their website in their signature and post anything), but the *registration* window still has spaces for these two entries (an obvious flaw in phpBB2).
Apparently there is a mod which makes it so you *can* have signatures and websites in your profile, but only after you've registered and posted X number of posts (say 10 for example). At that point you can go back and edit your profile to add the signature/website. This keeps the spambots from bothering.
Seriously though: If the spambots can register at all with the CAPTCHA in place (like it is on our forum), doesn't that mean they've cracked the CAPTCHA code?!? I thought the whole point of the CAPTCHA code was to force people to register. What's up with that!
[Edit: In looking around a bit (always a good idea!) it appears the CAPTCHA in phpBB2 is BROKEN - I am looking into alternate/updated/better CAPTCHAs for phpBB2 and will post if I find something promising...]
Found one that looks promising - but (as with most) has poor documentation at the moment...
What we need is something we can just "drop in place".
The author says a new version is coming out in October - but I haven't emailed him to confirm - in the meantime, I'm going to see if I can figure out how to install this puppy in phpBB2 and possibly write a nice little wrapper, etc. to make it easy.
This will be something that will likely take me into the weekend.
By all means if someone finds a better solution - let us know!
I will let you know how it goes.
What we need is something we can just "drop in place".
The author says a new version is coming out in October - but I haven't emailed him to confirm - in the meantime, I'm going to see if I can figure out how to install this puppy in phpBB2 and possibly write a nice little wrapper, etc. to make it easy.
This will be something that will likely take me into the weekend.
By all means if someone finds a better solution - let us know!
I will let you know how it goes.
Re: The spambot invasion
If I had Admin Powers, I would delete or edit spammers posts.The Elfoid wrote:Guys can you stop this at all?
Click on the picture below for my Myth 2 scenario.
Agreed, Wismuth.
I'm looking into how easily that can be done such that the next phpBB update it's easy to "fix again" (this is the annoying side of modifying software like this).
The 3rd or 4th time you do this you realize just how much fun this is NOT.
Having a solution whereby you NEVER have to delete their crap - and more importantly no one has to even read their crap - is much sweeter.
I'll try modifying the registration script on my phpBB - this was my other option if I didn't find a new CAPTCHA script I liked (and I haven't so far).
Will keep you posted.
I'm looking into how easily that can be done such that the next phpBB update it's easy to "fix again" (this is the annoying side of modifying software like this).
Yeah, this becomes tedious almost immediately: (a) You have to waste your time/energy finding the spam users and posts; (b) You have to waste your time/energy deleting stuff.Lugas wrote:If I had Admin Powers, I would delete or edit spammers posts.
The 3rd or 4th time you do this you realize just how much fun this is NOT.
Having a solution whereby you NEVER have to delete their crap - and more importantly no one has to even read their crap - is much sweeter.
I'll try modifying the registration script on my phpBB - this was my other option if I didn't find a new CAPTCHA script I liked (and I haven't so far).
Will keep you posted.
-
The Elfoid
- Posts: 1014
- Joined: Mon May 03, 2004 5:30 am
- Location: Devon, England
- Contact:
Re: The spambot invasion
That's tiresome tho.Lugas wrote:If I had Admin Powers, I would delete or edit spammers posts.The Elfoid wrote:Guys can you stop this at all?
http://theramblingelf.tumblr.com/ - my blog