Sign in to follow this  
Followers 0

Spam and what to do against it

6 posts in this topic

Posted · Report post

There seem to be spam threads on a daily basis now. And all the moderation does, is to delete those (still unapproved) threads. But isn't that getting a bit tedious, having to delete all that stuff manually?

I wonder how the spammers manage to do it anyway. They post with registered accounts, so either they aren't bots but humans or they have found a way to crack the phpBB CAPTCHA protection used in the registration form. If they are really human, there seems to be no way to effectively block them. But I think it's the latter case. The CAPTCHA doesn't look very difficult to crack and due to the popularity of the phpBB forum software, spammers surely have focused on cracking it.

So, these are the solutions I see:

1.) Customize the board's registration and post interface in a way that bots cannot recognize it anymore. This can be done by changing parameter and file names.

2.) Modify the CAPTCHA protection, so that phpBB-trained bots cannot overcome it any longer.

3.) Change the forum software to a more secure one. But that would involve paying for a commercial software. I personally recommend the Invision Power Board. But I guess, you don't want to pay for it, so the above solutions should be the favored ones.

Share this post


Link to post
Share on other sites

Posted · Report post

so....Degger is on the way to try what he can do (and with your tipps)

and we mods can only delete them but we can´t ban IP´s...

like i said a week before

don´t watch them, ignore them as good as possible and we try to delete them afap

let´s hope we really can ban them all! :)

Share this post


Link to post
Share on other sites

Posted · Report post

I think banning IP addresses doesn't help because they change so often. There is also a chance to ban addresses from legit users who coincidently use an address that a spammer used before. Only few people have static IP addresses and they would surely not use them for criminal activities. ;)

If they really are bots (which is what I believe) the best way is to use a stronger CAPTCHA protection that the bots can't break.

The CAPTCHA code of phpBB is in the file includes/usercp_confirm.php.

Look at the following page, to see what CAPTCHAs are better than others: http://sam.zoy.org/pwntcha/. According to them, the phpBB CAPTCHA has these weaknesses: "Constant font, no rotation, no deformation, constant colours, weak perturbation". You might also consider reading this thread: http://www.phpbb.com/phpBB/viewtopic.php?t=338401.

Share this post


Link to post
Share on other sites

Posted · Report post

I totally agree with you. But the only one who can change anything is degger.

Its not only the problem of changing some settings and so on ... its also a problem of phpBB upgrades

a new version can cause everything you have done to stop working if its not default ...

There are some IPs that came up very often and they disappeared after ban

lets hope degger will change something

Share this post


Link to post
Share on other sites

Posted · Report post

Its not only the problem of changing some settings and so on ... its also a problem of phpBB upgrades

a new version can cause everything you have done to stop working if its not default ...

Yes, that's why I personally want to use as little modifications as possible on my board. But on the other hand it's maybe the only way to be completely protected against spam if you use a hand-tailored protection scheme, because no spammer would try to break it. He could rather register and spam by hand. Default CAPTCHAs of widespread software will always be in danger of being cracked by someone. That's not the case with a unique protection.

Share this post


Link to post
Share on other sites

Posted · Report post

Or: "In your face!" :knife:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0