2006-08-25 - Spammers

[Firestorm ZERO]

Despite being a small community, we are now seeing spammers in the forums. So far I banned 5.

I am going to take measures to try to prevent it in the coming days. Hopefully they stop coming

[skicow]

Despite being a small community, we are now seeing spammers in the forums. So far I banned 5.

I am going to take measures to try to prevent it in the coming days. Hopefully they stop coming

You going to put in a CAPTCHA to sign up for new accounts?

[Firestorm ZERO]

It always had a CAPTCHA at sign up. But it is still not enough :/ phpBB's is just normal dark letters with a fuzzy background. Not like other CAPTCHAs that are swirlled, overlapping, different colours, etc.

I doing some modifications but would like not to disclose them since they may be watching

[skicow]

It always had a CAPTCHA at sign up. But it is still not enough :/ phpBB's is just normal dark letters with a fuzzy background. Not like other CAPTCHAs that are swirlled, overlapping, different colours, etc.

It's been so long since I signed up I forgot

I doing some modifications but would like not to disclose them since they may be watching

Good idea, I didn't want you to reveal what you were doing I was just curious.

[Firestorm ZERO]

phpBB's default CAPTCHA is very weak. Says this one can identify it 97% of the time. :/

http://sam.zoy.org/pwntcha/

[Firestorm ZERO]

Modifications are complete. Let me know if it broken anything.

[val]

Hmmm,

That's weird. We never had this problem at TC. I wonder why it happens with this forum. It seems to happen at a lot of PHPbb forums.

Are you able to block sets of IPs from viewing your site? If so, I'd try that. All of our problems with fraud vanished when I blocked various countries in SouthEast Asia from viewing our site. I know that's bad but at one time, we had a serious problem with group of criminals in Southeast Asia. I think they worked from several countries but they were all connected as one big crime ring.

Once I blocked those guys and made the site impossible to crawl for images, I never had problems again.

[Firestorm ZERO]

Well the internet has grown alot since then. Now with Google, just searching for "phpbb" will you give you all the sites with phpbb. Then next, since phpBB's default captcha is 97% breakable (see link in prev. post), a bot just has to automate it. I have prevent this by changing the captcha to a more powerful one.

3 of the 5 spammers didn't bother to activate the account. This is because all they do is put their WWW site to raise their page rank. When google indexes the member list page, they get recorded in google's database. When Google sees that this certain website is heavily linked, they think it is popular, therefore up goes the link. I have now disabled anonymous access to those pages.

I have take other measures as well. I have the IPs but I prefer not to block them unless I really need to.

[MrDisco]

http://www.macrossworld.com/mwf/index.php

^ the log file is pretty interesting to read

[Firestorm ZERO]

I still remember when the old forums (asgard's forum) got hacked. I always keep the board up to date. As well check it at least once a day even during work just to make sure nothing bad happened.

I'm still thinking when phpbb 3.0 comes out (in beta 2 I think right now), should I go into it immediately or wait a bit. They will most likely still support the 2.x trunk for a while after the release. But still undecided.