Poll
Question:
Should we install a second phpBB board and make this one read-only?
Option 1: yes!
votes: 4
Option 2: no!
votes: 1
Option 3: I don't care really, do whatever the rest do.
votes: 1
SPAMbots are getting worse.
It happened alot that the spambot activated their email using a fixed domain they aquired once, as result, I ban every domain that is being spammed with.
It seems that the spammers use spambots to register a DNS and make it forward to their email server.
The last user I banned has this domain: *@pjhgwprjhwprh.info probably linked to this IP: 209.160.65.49 (and certainly for: *@fldojhwprhwp.info
I'm going to see through some contacts that are in the DNS business to see if we can nail these spammers. In the meanwhile, does anyone has an idea on how to fight this, just in case it is untracable who registers like this?
Also, I'm thinking in upgrading the forum to a new version. It will mean that we'll loose some of the modications made here, but I can always add them later. If the forum goes down with a message: "Please come back later", then you know why. :)
I have just tried to do a conversion from this forum to a new install.
I installed a new board at /modplug_new and backupped the sql database both from this site as from after the installation (so i could roll back)
The data in the database is just too different to convert everything seamlessly.
For instance: I only inserted the userdata, and after loging in, it gives an error about missing something in the database...
The small stuff like forum and cathergory information seems to be no problem. I'm not sure about forum-topics and posts because it is too big.
Unless I or anyone else can find a way to migrate this database into a new core, we'll remain with this untill we find another solution.
Quote from: "LPChip"In the meanwhile, does anyone has an idea on how to fight this, just in case it is untracable who registers like this?
I don't know much about these things, but sometimes I have wondered why websites don't or can't make use of the fact the they are being plagued by pieces of programs which can't for example answer questions so to say. I mean what if the registration had something like the following:
"To prevent fake registrations, please enter the answer to the following question in numerical form: what is one multiplied by two?
The idea has indeed been used in some websites, but why not to use it more widely?
Quote from: "Relabsoluness"Quote from: "LPChip"In the meanwhile, does anyone has an idea on how to fight this, just in case it is untracable who registers like this?
I don't know much about these things, but sometimes I have wondered why websites don't or can't make use of the fact the they are being plagued by pieces of programs which can't for example answer questions so to say. I mean what if the registration had something like the following:
"To prevent fake registrations, please enter the answer to the following question in numerical form: what is one multiplied by two?
The idea has indeed been used in some websites, but why not to use it more widely?
I've tried to adjust the registration process on modplug, but this forum is a bitch to edit when it comes to registration/profile/login (all in the same file :o)
Blocking IP's, is, like the new patch of a virus-scanner, always too late. Because it has happened already. It's running after the facts, and can go on forever.
So the focus should be on prevention.
I see this problem growing on other forums too. Not that amazing, because a spambot is a robot, but a php-forum is in fact a robot too. If subroutines and defaults are known, communications becomes easy.
As said above, the stage of registration as a member is a crucial one. Otherwise one can't post anything.
So it's a matter of making this stage more difficult to pass. Many times there is required to type the PW twice. This is a fake protection. Because it demands something where a robot is very good at : a copy of the same string.
What if it is required to type the second PW intentionally with the first character wrong ?
At least it disturbs the automatisms of the spambot. For a while.
Quote from: "Sam_Zen"This is a fake protection. Because it demands something where a robot is very good at : a copy of the same string.
What if it is required to type the second PW intentionally with the first character wrong ?
At least it disturbs the automatisms of the spambot. For a while.
You're wrong here actually...
You have to type a password twice to make sure you've typed the password you want. If you would register and make a typo in the password, then you'll never be able to login. This is not a spambot protection, but a human-mistakes protection :)
Its not difficult for me to make a "visual confirmation" register method, but as I can't edit the registration page this easilly, the integration of such is a pain in the ass...
http://www.web-engineer.co.uk/codex/?p=66
or try moving to a more esoteric message board software package.
QuoteIf you would register and make a typo in the password, then you'll never be able to login.
Sorry, I was a bit short through the curve : Unless the intentional typo is integrated in the script for the second input.
So, if the first PW-input = "abeltje", then the second input could be checked with the condition : char 1 = NOT 'a'.
In the meantime the same shakira-spammer appears also active on the TCommander forum, and so far moderators just have to be alert, and remove the spam with the help of the 'mod' tag. Even after a long discussion there.
A quick CAPTCHA (http://en.wikipedia.org/wiki/Captcha) on every post (not just registration) is the way other websites solve this.
I'm pretty sure there are CAPTCHA plugins for phpbb. This is the first page google found but I'm sure there's lots of stuff out there:
http://www.matthewleverton.com/howto/phpBB2-captcha.html
Remember accessibility though.
LP, did you say you have tried to update this phpbb instance to a newer version but could not due to database schema differences? Are you sure there are no tools out there to help? I'd be very surprised if the phpbb guys changed the schema without providing migration tools.
Do you know where to look? Cus I couldn't find any.
I'd be glad to go to a new version. The mods I did on this forum are not major but it will prevent alot of additional work and irritation.
Another one has coming in
phentramadol2 - Select The Best Rx
Yet another unrefined idea: How about automatically removing accounts in which the given website includes certain 'banned' words?
All measures like this will always only cover a part of the problem. In this case, the spammers simply start to promote Vaigra pills.
The worst spammer doesn't have anything I can ban... :(
I hate to say this but this forum is actually just temporarily right? I would think it's better to sacrifice all posts and start from scratch with for example the phpBB 2.0.21 forum with CAPTCHA enabled. Simple and easy and should get rid of most spammers.
perhaps the simplest thing would be to have two forums. A new one and this one as well but make it read-only. A archive forum for old posts ;)
Quote from: "Waxhead"I hate to say this but this forum is actually just temporarily right? I would think it's better to sacrifice all posts and start from scratch with for example the phpBB 2.0.21 forum with CAPTCHA enabled. Simple and easy and should get rid of most spammers.
perhaps the simplest thing would be to have two forums. A new one and this one as well but make it read-only. A archive forum for old posts ;)
You make a good point there!
Everyone agree on this?
If the situation is really this bad (lotsa webmaster work involved I guess, so it must be worth it), this proposal as a transition seems to be quite elegant.
Making the previous part a read-only forum is a nice solution. So no useful data and discussion is lost, because links to such threads stil can me made.
I have added a poll to this topic in order to get a better picture.