Index
 |
Spam Problem On My Forums | ||
Discussion by tansqrx with 28 Replies.
Last Update: January 24, 2010, 7:20 pm (View Latest) | Page 1 of 2 pages. | ||
 |
|||
I’m starting to have a real problem in my forums. Apparently “midget anal porn” is the hottest new thing. I didn’t think midgets were into that kind of thing but apparently I’m wrong (apologies to any midgets out there). I knew that spam may be a problem on my board but I didn’t think that I would be a target just yet. I only have 16 registered users (including the spam bots). How in the world did they find me? Just like junk mail I figure this problem is only going to get worst since I am now apparently on the list. Does anyone have a solution to this problem?
I am using phpBB. Perhaps a plug-in is out there for this type of thing? Also does anyone know how to get the IP of a user that registered? If I had that then I could ban the subnet.
I am using phpBB. Perhaps a plug-in is out there for this type of thing? Also does anyone know how to get the IP of a user that registered? If I had that then I could ban the subnet.
Thu Nov 9, 2006 Reply New Discussion
The first step in fighting against bots is Image Validation. As you probably know, it shows a random string as a part of an image, and the user should re-type it. On my forums (IPB 2.0.0), however, bots somehow manage to overcome this obstacle. The next move is activating e-mail validation. After completing the registration, the user is sent a validation link to the specified e-mail address. That should keep them away.
Unfortunately, some of them DO get through! At least I have that problem. Now, this might be because those aren't actually bots, but rather real people spamming. But whoever it is, there is one possible solution to the problem. I don't know a lot about phpBB, but in IPB, you can hide (disapprove) posts. This is used to hide every first post of a member. That way the spam will be hidden, and you will be able to manually approve all the other posts. I know this isn't very practical, but that's the only idea I have got.
Unfortunately, some of them DO get through! At least I have that problem. Now, this might be because those aren't actually bots, but rather real people spamming. But whoever it is, there is one possible solution to the problem. I don't know a lot about phpBB, but in IPB, you can hide (disapprove) posts. This is used to hide every first post of a member. That way the spam will be hidden, and you will be able to manually approve all the other posts. I know this isn't very practical, but that's the only idea I have got.
Thu Nov 9, 2006 Reply New Discussion
Well worse case scenario you have to start banning ip addresses. But what you do is create a htaccess file banning them through that way.
order allow,deny
deny from xxx.xx.x.x
deny from xxx.xx.x.x
deny from xxx.xx.x.x
allow from all
you can also try invisionize. and see what they have for mods or some other mod site for the forum you use.
Best thing you can do is let your mods and other members report th porn spam and just ban, suspend, block those who do it.
CODE
order allow,deny
deny from xxx.xx.x.x
deny from xxx.xx.x.x
deny from xxx.xx.x.x
allow from all
you can also try invisionize. and see what they have for mods or some other mod site for the forum you use.
Best thing you can do is let your mods and other members report th porn spam and just ban, suspend, block those who do it.
Thu Nov 9, 2006 Reply New Discussion
What version of phpbb? 2.2.21 is the latest version (I think).
phpbb3 is in Beta2 right now, so problem might be solved in the new release?
I think the changes you want to make are in the Admin Control Panel of phpbb2 > Board Settings.
Force email registration and make them validate is a good idea, yes. Might even make the Forum fully private in the settings.
Check your .htaccess and place a robots file on your account, too. Any 'decent', or respectable, bot will check that file before accessing the account files, so if you still have problems, set the Forum folder to deny the problem robots in the robots.txt file, maybe. Look throught the detailed Log Report to find the entries. There should be a record of the Bots accessing the robots.txt file each time they visit. Allow the good ones, deny the others.
Also, I believe if you have Admin privleges for your User, the IP numbers are available, too. There is a small gif with "IP" on it. Top right hand side of the Posting. Click on that to view a report of all the IP's the Member has posted from.
phpbb3 is in Beta2 right now, so problem might be solved in the new release?
I think the changes you want to make are in the Admin Control Panel of phpbb2 > Board Settings.
Force email registration and make them validate is a good idea, yes. Might even make the Forum fully private in the settings.
Check your .htaccess and place a robots file on your account, too. Any 'decent', or respectable, bot will check that file before accessing the account files, so if you still have problems, set the Forum folder to deny the problem robots in the robots.txt file, maybe. Look throught the detailed Log Report to find the entries. There should be a record of the Bots accessing the robots.txt file each time they visit. Allow the good ones, deny the others.
Also, I believe if you have Admin privleges for your User, the IP numbers are available, too. There is a small gif with "IP" on it. Top right hand side of the Posting. Click on that to view a report of all the IP's the Member has posted from.
Thu Nov 9, 2006 Reply New Discussion
I have noticed that this has been an increasing problem lately on some of the forums that I frequent. Apparently bots are getting smarter (and in some cases developing quite a sense of humor 
)
)
Thu Nov 9, 2006 Reply New Discussion
QUOTE (foolakadugie)
I have noticed that this has been an increasing problem lately on some of the forums that I frequent. Apparently bots are getting smarter (and in some cases developing quite a sense of humor
)Link: view Post: 91343
lol.. i guess you have a bot magnet..
i usually use generated images for verification.. you dont know when you need to block certain access..
dont use splited images.. just draw them on the fly or use voice validation.. [recording of the validation key to be entered]
Fri Nov 10, 2006 Reply New Discussion
I know a couple of times bots have been able to post in trap17 hosted section forum which is only access by hosted members and above.
I agree with you foolakadugie the people who are programming these because all the bots have to do is post randomly without the need for the user to type anything.
Like what has been mention all the mods and admin can do is ban and suspend those accounts and delete posts or set up a spam section in your forum and move them there.
If you do that you could get a collective idea what ip numbers to ban and what not.
I agree with you foolakadugie the people who are programming these because all the bots have to do is post randomly without the need for the user to type anything.
Like what has been mention all the mods and admin can do is ban and suspend those accounts and delete posts or set up a spam section in your forum and move them there.
If you do that you could get a collective idea what ip numbers to ban and what not.
Fri Nov 10, 2006 Reply New Discussion
Hey budy, that truely sucks, i don't understand why you are bieng spammed so early with only 18 members. Maybe its teh content. Try the following link and see what works http://phpbbhacks.com/searchresults.php?ve...p;search_type=1
They have a lot of nice stuff for PHPBB. Hope this helps, i haven't used PHPBB for about a year so i don't can't say much.
They have a lot of nice stuff for PHPBB. Hope this helps, i haven't used PHPBB for about a year so i don't can't say much.
Fri Nov 10, 2006 Reply New Discussion
I know there are a lot of add-ons for phpBB. Any recommendations?
Tue Nov 14, 2006 Reply New Discussion
As a follow up to my question I am posting what I have done to help with the SPAM on my phpBB forum. In the course of my investigation I found that most of the SPAM is not to advertise to my members but to get a better search engine ranking. Below is a list of procedures. I’m not sure if any of these will work; I will eventually give an update.
Update – I updated my phpBB version from 2.0.19 to 2.0.21. There didn’t seem to be any security related fixes for my current problem but it is always a good idea to stay current.
Enabled User Email Confirmation – I should have done this from the very beginning. Under the General Configuration option there is “Enable account activation” which was set to none. By setting this to user, a user will have to verify their email first.
Stop Spambot Registration Mod – (http://www.phpbb.com/phpBB/viewtopic.php?t=435694) This is one of the many mods out there that tries to stop SPAM bots. The comments were pretty good for this one. Basically it displays “do not add any profile information” and if you do then you get canned. This compares with some other mods that have a hidden field for the URL and if they enter it then they get canned (no human would see it anyway). There are some comments that the bots are catching on to this so I will have to just wait and see. Installation was fairly straight forward although I do no use the sub_silver skin and had to modify the skin that I use.
Admin Userlist Mod – (http://www.phpbb.com/phpBB/viewtopic.php?t=117359) This isn’t strictly a SPAM mod but it is a good administrator add-on. It lists all of the users and lets you quickly ban or delete. I think this should have been added a long time ago. Fairly easy to install and no problems.
Update – I updated my phpBB version from 2.0.19 to 2.0.21. There didn’t seem to be any security related fixes for my current problem but it is always a good idea to stay current.
Enabled User Email Confirmation – I should have done this from the very beginning. Under the General Configuration option there is “Enable account activation” which was set to none. By setting this to user, a user will have to verify their email first.
Stop Spambot Registration Mod – (http://www.phpbb.com/phpBB/viewtopic.php?t=435694) This is one of the many mods out there that tries to stop SPAM bots. The comments were pretty good for this one. Basically it displays “do not add any profile information” and if you do then you get canned. This compares with some other mods that have a hidden field for the URL and if they enter it then they get canned (no human would see it anyway). There are some comments that the bots are catching on to this so I will have to just wait and see. Installation was fairly straight forward although I do no use the sub_silver skin and had to modify the skin that I use.
Admin Userlist Mod – (http://www.phpbb.com/phpBB/viewtopic.php?t=117359) This isn’t strictly a SPAM mod but it is a good administrator add-on. It lists all of the users and lets you quickly ban or delete. I think this should have been added a long time ago. Fairly easy to install and no problems.
Fri Dec 15, 2006 Reply New Discussion
Yes I've been noticing this happening very frequently in some forums I do visit, mainly phpBB ones.
What 2 of them have done is to ask for the user to write down an image created on the fly, but BACKWARDS.
I haven't seen any of the porn spam posts since this system has been implemented, and I guess that it would need some specific kind bot of bot to get past trough.
I'm not sure if it's completely spam-proof, but seems to hold the spamming to a minimum (if not zero).
Hope it works man, since I get the same kind of weird porn ads as comments in my personal site (which uses Wordpress and therefore allows comments...). And hell, it's ****ing annoying...
What 2 of them have done is to ask for the user to write down an image created on the fly, but BACKWARDS.
I haven't seen any of the porn spam posts since this system has been implemented, and I guess that it would need some specific kind bot of bot to get past trough.
I'm not sure if it's completely spam-proof, but seems to hold the spamming to a minimum (if not zero).
Hope it works man, since I get the same kind of weird porn ads as comments in my personal site (which uses Wordpress and therefore allows comments...). And hell, it's ****ing annoying...
Sat Dec 16, 2006 Reply New Discussion
You can find some security mods from phpbb site itself! Please have a look at here:
http://www.phpbb.com/phpBB/catdb.php?cat=57
I was also facing such issues with spam bots! Some spammers can broke even visual confirmation!
But after trying "Only Active Members Can Post URLs" I can control the spam posts in my forum!
you can get it from here:
http://www.phpbb.com/phpBB/viewtopic.php?t=464628
thise mode will prevent Guests from posting urls in the forum! also we can configure it thru admin panel and can give some threshold for days and number of posts! So that, this mod wont allow new users to post urls!
Members must be registered for at least Some days ( specify it from admin panel) and have more than Some posts ( specify it from admin panel)! Its working fine for me!
I had specified 10 posts and 2 days as threshold to post the urls!
Usually spam bots will try to post as guests! If its not working, then they will create one new account and will try to post some un ethical links from those accounts! If you specify some threshold, which will be greater than 1 or 2 days, then u can control those spam posts! beacuse, most of the bots will try to relogin using the same IDs after 1 or 2 days!
http://www.phpbb.com/phpBB/catdb.php?cat=57
I was also facing such issues with spam bots! Some spammers can broke even visual confirmation!
But after trying "Only Active Members Can Post URLs" I can control the spam posts in my forum!
you can get it from here:
http://www.phpbb.com/phpBB/viewtopic.php?t=464628
thise mode will prevent Guests from posting urls in the forum! also we can configure it thru admin panel and can give some threshold for days and number of posts! So that, this mod wont allow new users to post urls!
Members must be registered for at least Some days ( specify it from admin panel) and have more than Some posts ( specify it from admin panel)! Its working fine for me!
I had specified 10 posts and 2 days as threshold to post the urls!
Usually spam bots will try to post as guests! If its not working, then they will create one new account and will try to post some un ethical links from those accounts! If you specify some threshold, which will be greater than 1 or 2 days, then u can control those spam posts! beacuse, most of the bots will try to relogin using the same IDs after 1 or 2 days!
Sat Dec 16, 2006 Reply New Discussion
This is a very similar post to the topic regarding my blog. I decided to go ahead and post it again because it is a different thread and someone might not read the other. The results are the same.
I would like to make an update to my original post. Since I have installed and updated the site, I have gotten no SPAM messages and it looks like a success, at least for now. Apparently the program that the spammers were using against me hit a brick wall with the new additions. This does not rule out future attacks but this looks to be a good start.
I would like to make an update to my original post. Since I have installed and updated the site, I have gotten no SPAM messages and it looks like a success, at least for now. Apparently the program that the spammers were using against me hit a brick wall with the new additions. This does not rule out future attacks but this looks to be a good start.
Fri Dec 29, 2006 Reply New Discussion
Wow I hope this is a joke! Is it possible for a thread telling of how we despise SPAM to attract SPAM bots? Maybe SPAM attracts SPAM?
Mon Jan 1, 2007 Reply New Discussion
lol. Bots are surely getting smarter.
These bots don't have serialized member no.s. Have they created more bots in the range (18928-18998) and only few have spammed this thread. Or is it that they wait for some hours to create a new account?
These bots don't have serialized member no.s. Have they created more bots in the range (18928-18998) and only few have spammed this thread. Or is it that they wait for some hours to create a new account?
Mon Jan 1, 2007 Reply New Discussion
 |
 |
|
 |
 |
| Reply / Comment | Ask a Question? | Share / Bookmark | E-Mail a Friend |
 Error Log From Forum Errors (0)
|
(0) Restoring Back-up ...from another domain 
|