SPAM is getting worse... Any ideas on this?

Started by LPChip, November 06, 2006, 15:32:36

Previous topic - Next topic

Should we install a second phpBB board and make this one read-only?

yes!
4 (66.7%)
no!
1 (16.7%)
I don't care really, do whatever the rest do.
1 (16.7%)

Total Members Voted: 6

Voting closed: November 16, 2006, 09:37:37

Print
Go Down Pages1 2
User actions

LPChip

November 06, 2006, 15:32:36
SPAMbots are getting worse.

It happened alot that the spambot activated their email using a fixed domain they aquired once, as result, I ban every domain that is being spammed with.

It seems that the spammers use spambots to register a DNS and make it forward to their email server.

The last user I banned has this domain: *@pjhgwprjhwprh.info probably linked to this IP: 209.160.65.49 (and certainly for: *@fldojhwprhwp.info

I'm going to see through some contacts that are in the DNS business to see if we can nail these spammers. In the meanwhile, does anyone has an idea on how to fight this, just in case it is untracable who registers like this?

Also, I'm thinking in upgrading the forum to a new version. It will mean that we'll loose some of the modications made here, but I can always add them later. If the forum goes down with a message: "Please come back later", then you know why. :)
"Heh, maybe I should've joined the compo only because it would've meant I wouldn't have had to worry about a damn EQ or compressor for a change. " - Atlantis
"yes.. I think in this case it was wishful thinking: MPT is makng my life hard so it must be wrong" - Rewbs

LPChip

#1
November 06, 2006, 20:18:38
I have just tried to do a conversion from this forum to a new install.

I installed a new board at /modplug_new and backupped the sql database both from this site as from after the installation (so i could roll back)

The data in the database is just too different to convert everything seamlessly.

For instance: I only inserted the userdata, and after loging in, it gives an error about missing something in the database...

The small stuff like forum and cathergory information seems to be no problem. I'm not sure about forum-topics and posts because it is too big.

Unless I or anyone else can find a way to migrate this database into a new core, we'll remain with this untill we find another solution.
"Heh, maybe I should've joined the compo only because it would've meant I wouldn't have had to worry about a damn EQ or compressor for a change. " - Atlantis
"yes.. I think in this case it was wishful thinking: MPT is makng my life hard so it must be wrong" - Rewbs

Relabsoluness

#2
November 06, 2006, 21:05:42
Quote from: "LPChip"In the meanwhile, does anyone has an idea on how to fight this, just in case it is untracable who registers like this?
I don't know much about these things, but sometimes I have wondered why websites don't or can't make use of the fact the they are being plagued by pieces of programs which can't for example answer questions so to say. I mean what if the registration had something like the following:
"To prevent fake registrations, please enter the answer to the following question in numerical form: what is one multiplied by two?
The idea has indeed been used in some websites, but why not to use it more widely?

LPChip

#3
November 06, 2006, 21:16:05
Quote from: "Relabsoluness"
Quote from: "LPChip"In the meanwhile, does anyone has an idea on how to fight this, just in case it is untracable who registers like this?
I don't know much about these things, but sometimes I have wondered why websites don't or can't make use of the fact the they are being plagued by pieces of programs which can't for example answer questions so to say. I mean what if the registration had something like the following:
"To prevent fake registrations, please enter the answer to the following question in numerical form: what is one multiplied by two?
The idea has indeed been used in some websites, but why not to use it more widely?

I've tried to adjust the registration process on modplug, but this forum is a bitch to edit when it comes to registration/profile/login (all in the same file :o)
"Heh, maybe I should've joined the compo only because it would've meant I wouldn't have had to worry about a damn EQ or compressor for a change. " - Atlantis
"yes.. I think in this case it was wishful thinking: MPT is makng my life hard so it must be wrong" - Rewbs

Sam_Zen

#4
November 07, 2006, 02:26:29
Blocking IP's, is, like the new patch of a virus-scanner, always too late. Because it has happened already. It's running after the facts, and can go on forever.
So the focus should be on prevention.

I see this problem growing on other forums too. Not that amazing, because a spambot is a robot, but a php-forum is in fact a robot too. If subroutines and defaults are known, communications becomes easy.

As said above, the stage of registration as a member is a crucial one. Otherwise one can't post anything.
So it's a matter of making this stage more difficult to pass. Many times there is required to type the PW twice. This is a fake protection. Because it demands something where a robot is very good at : a copy of the same string.
What if it is required to type the second PW intentionally with the first character wrong ?
At least it disturbs the automatisms of the spambot. For a while.
0.618033988

LPChip

#5
November 07, 2006, 09:23:02
Quote from: "Sam_Zen"This is a fake protection. Because it demands something where a robot is very good at : a copy of the same string.
What if it is required to type the second PW intentionally with the first character wrong ?
At least it disturbs the automatisms of the spambot. For a while.

You're wrong here actually...

You have to type a password twice to make sure you've typed the password you want. If you would register and make a typo in the password, then you'll never be able to login. This is not a spambot protection, but a human-mistakes protection :)

Its not difficult for me to make a "visual confirmation" register method, but as I can't edit the registration page this easilly, the integration of such is a pain in the ass...
"Heh, maybe I should've joined the compo only because it would've meant I wouldn't have had to worry about a damn EQ or compressor for a change. " - Atlantis
"yes.. I think in this case it was wishful thinking: MPT is makng my life hard so it must be wrong" - Rewbs

xaimus

#6
November 07, 2006, 16:34:27
http://www.web-engineer.co.uk/codex/?p=66


or try moving to a more esoteric message board software package.

Sam_Zen

#7
November 08, 2006, 01:03:49
QuoteIf you would register and make a typo in the password, then you'll never be able to login.
Sorry, I was a bit short through the curve : Unless the intentional typo is integrated in the script for the second input.
So, if the first PW-input = "abeltje", then the second input could be checked with the condition : char 1 = NOT 'a'.
In the meantime the same shakira-spammer appears also active on the TCommander forum, and so far moderators just have to be alert, and remove the spam with the help of the 'mod' tag. Even after a long discussion there.
0.618033988

rewbs

#8
November 08, 2006, 15:15:20
A quick CAPTCHA on every post (not just registration) is the way other websites solve this.
I'm pretty sure there are CAPTCHA plugins for phpbb. This is the first page google found but I'm sure there's lots of stuff out there:
http://www.matthewleverton.com/howto/phpBB2-captcha.html
Remember accessibility though.

LP, did you say you have tried to update this phpbb instance to a newer version but could not due to database schema differences? Are you sure there are no tools out there to help? I'd be very surprised if the phpbb guys changed the schema without providing migration tools.

LPChip

#9
November 08, 2006, 16:16:40
Do you know where to look? Cus I couldn't find any.

I'd be glad to go to a new version. The mods I did on this forum are not major but it will prevent alot of additional work and irritation.
"Heh, maybe I should've joined the compo only because it would've meant I wouldn't have had to worry about a damn EQ or compressor for a change. " - Atlantis
"yes.. I think in this case it was wishful thinking: MPT is makng my life hard so it must be wrong" - Rewbs

Sam_Zen

#10
November 10, 2006, 02:45:45
Another one has coming in
phentramadol2 - Select The Best Rx
0.618033988

Relabsoluness

#11
November 10, 2006, 20:26:07
Yet another unrefined idea: How about automatically removing accounts in which the given website includes certain 'banned' words?

Sam_Zen

#12
November 11, 2006, 00:13:04
All measures like this will always only cover a part of the problem. In this case, the spammers simply start to promote Vaigra pills.
0.618033988

LPChip

#13
November 11, 2006, 11:59:41
The worst spammer doesn't have anything I can ban... :(
"Heh, maybe I should've joined the compo only because it would've meant I wouldn't have had to worry about a damn EQ or compressor for a change. " - Atlantis
"yes.. I think in this case it was wishful thinking: MPT is makng my life hard so it must be wrong" - Rewbs

Waxhead

#14
November 15, 2006, 23:11:03
I hate to say this but this forum is actually just temporarily right? I would think it's better to sacrifice all posts and start from scratch with for example  the phpBB 2.0.21 forum with CAPTCHA enabled. Simple and easy and should get rid of most spammers.
perhaps the simplest thing would be to have two forums. A new one and this one as well but make it read-only. A archive forum for old posts ;)
Print
Go Up Pages1 2
User actions