FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


BOT prevention - stand out from the crowd





LukeakaDanish
Hi Everybody.

Following on from this discussion, I decided to try and think of a way in which BOT-spam could be prevented.

What I came up with is this:

  • Bots can get past the phpbb visual confirmation.
  • Bots have been programmed specifically to read the phpbb visual confirmation.
  • Bots can only read the phpbb visual confirmation because it behaves by a predefined set of rules.
  • This means that any hand coded visual-confirmation is ALWAYS 10 times better than phpbb's built in version.


Everything seams logical until now?

Right...well...the big problem with getting new stuff implemented on this forum is usually that Bondings is too busy to code stuff, and doesn't want to use other peoples mods that he isn't sure whether or not truly fulfill his requirements.

Coding a relatively simple visual confirmation class for phpBB is however not very difficult. Also, it could easily be made to use the existing database rows and columns.

Also, the code could be so simple, that Bondings could read trough it in about 2 minutes and go
Quote:
"yeeees...I seeee"

As I said above: It doesn't have to be highly complex - just different and unique. My suggestion is therefor: ask the community for help in fighting the evil spam-BOTS. Go to the php & MySQL forum and/or the contests forum and start a contest with some fantastic prize (maybe a new rank (just a suggestion)), to the person who writes the most well functioning visual confirmation system for phpBB.


Am i making any sense at all?
ocalhoun
^Plenty of sense.
Personally, I think just doing something like saying 'enter the code backwards' (In big bold letters, of course, so ignorant noobs can see it) That would be relatively easy.

1: Change one line in the file responsible for the text on that page
2: Add one line to the code behind that page wherein the entered code is reversed (before it is tested to see if it matches, of course). I think (not sure) that there is a string function in php that can do that easily.
LukeakaDanish
^ Exactly - good idea! - this shouldn't take more than...2 lines of code.

A little bit of research: the function is called strrev
Bondings
I'll just change it to a custom page, which will help much more. Wink
LukeakaDanish
Bondings wrote:
I'll just change it to a custom page, which will help much more. Wink


Ok cool - but make it priority #1.

If you don't have time right now you could use the strrev idea that ocalhoun got, until you get a kick-ass custom page programmed.
snowboardalliance
Custom program?
Just take what there is now and change it, like make it a little longer, bigger, different font/colors, etc. Maybe add some drawn in lines and change the rotation.
Bockman
snowboardalliance wrote:
Custom program?
Just take what there is now and change it, like make it a little longer, bigger, different font/colors, etc. Maybe add some drawn in lines and change the rotation.


that wouldn't solve the problem. It could slow down the spam for a while, but it'd be outrun in a few weeks.

Also, (as you should have read earlier on this topic), Bondings is a "Custom" freak Wink . When that custom page is done, it would take a bot specifically engineered for Frihost to hack it in, which would be uncommon.

Be Well Cool
IceCreamTruck
if you guys work on this project please let me know!! Right now I have some serious questions on phpBB2 safety, and I would like a custom recognition script for my forums.

I'm running a copy of the phpBB2 boards my self, and I'm starting to get to the point of having to lock it down because I'm getting tired of cleaning it up.

Also, anyone know how to start requiring a password to send mail through the frihost servers? I am going to start searching more on this topic and/or start a "frihost suggestion" topic of my own because I keep getting returned mail from undeliverable addresses, but I'm curious about the mail that was successfully sent that I am not sending.
Daniel15
Quote:
Personally, I think just doing something like saying 'enter the code backwards' (In big bold letters, of course, so ignorant noobs can see it) That would be relatively easy.

You are a....... genious! That's a brilliant idea! Very Happy Very Happy

Something similar to the SMF 'Advanced Visual Verification' for phpBB would be good, but I'm not sure if anyone's done something similar yet...
simplyw00x
The problem is, as frihost gets bigger, it will become worth the spammers' while to write a bot that works on whatever custom page we use, and some are advanced enough to do that anyway. The true trick is getting a captcha image or other task 'human' enough for a computer to not be able to do it, yet not so time-consuming that it will deter people from the site.

It's a difficult balance and one that takes time to get right - it's a pity 'time' is not something Bondings seems to have a lot of...
IceCreamTruck
simplyw00x wrote:
The problem is, as frihost gets bigger, it will become worth the spammers' while to write a bot that works on whatever custom page we use, and some are advanced enough to do that anyway. The true trick is getting a captcha image or other task 'human' enough for a computer to not be able to do it, yet not so time-consuming that it will deter people from the site.


It's like the future in the terminator movies. They need dogs to guard the doors so the robots can't get in. I suggest a custom script where it shows a picture of a car, and you have to write what you see: "car". There can be other simple pictures as well: cat, dog, bird, tree, etc. Maybe something like that will help with this growning problem. BTW, it will not always be worth it for a hacker to develop these bots. Just keep figuring out ways that make it harder and harder to be successful.

simplyw00x wrote:
It's a difficult balance and one that takes time to get right - it's a pity 'time' is not something Bondings seems to have a lot of...


Bondings is really nice because he actually will talk to the people on his forum. I think he's doing a great job of keeping his mountain of his personal resposiblities to the forums down through a lot of hard work, and many hours of posting responses to many questions he has answered before in other parts of the forums. Cut him some slack because he is really nice, and when you have a serious question he is there for you to ask it.
ocalhoun
IceCreamTruck wrote:
I suggest a custom script where it shows a picture of a car, and you have to write what you see: "car". There can be other simple pictures as well: cat, dog, bird, tree, etc.

That particular one would never work, unless it was multiple choice, in which case one could just write a script that chooses an option randomly and would therefore get through it 1/4, 1/5, 1/x of the time.

The reason it would have to be multiple choice is that people would see the car and write 'auto' or see the cat and write 'gato', or see the bird and type, 'robin', or see the dog and type 'collie', or see the tree and type 'plant'. Then that user would do one of these things:
*Complain to the admin about not being able to register
*Get frustrated and go someplace else
*Try again and get it right
coreymanshack
I have an idea, put in around 40 random question/answers for the user to answer that are as simple as this, What color is george washington's favorite white horse. Of course only display one of those random questions each time.
SpellcasterDX
coreymanshack wrote:
I have an idea, put in around 40 random question/answers for the user to answer that are as simple as this, What color is george washington's favorite white horse. Of course only display one of those random questions each time.
But then it gives the impression of a survey, and may discourage new members. Confused
coreymanshack
SpellcasterDX wrote:
coreymanshack wrote:
I have an idea, put in around 40 random question/answers for the user to answer that are as simple as this, What color is george washington's favorite white horse. Of course only display one of those random questions each time.
But then it gives the impression of a survey, and may discourage new members. Confused


WHY? would it give the impression of a survery if you only display 1 of 40 possible questions at register screen that are obvious questions that anyone could get right, and if you answer it wrong it would say "you got the question wrong". I thought surveys asked for opinions and not facts.
IceCreamTruck
coreymanshack wrote:
SpellcasterDX wrote:
coreymanshack wrote:
I have an idea, put in around 40 random question/answers for the user to answer that are as simple as this, What color is george washington's favorite white horse. Of course only display one of those random questions each time.
But then it gives the impression of a survey, and may discourage new members. Confused


WHY? would it give the impression of a survery if you only display 1 of 40 possible questions at register screen that are obvious questions that anyone could get right, and if you answer it wrong it would say "you got the question wrong". I thought surveys asked for opinions and not facts.


What kind of Idea is coreymanshack's good idea? Answer: good.

I can already see a pattern developing here, but it's still a good idea, and should be incorporated. What I hate is that if anyone is turned away by these varification scripts they will give up, but the bots will try again over, and over, and over, and over, and over.

I just have one more question. Red Riding hood needed some new clothes? What color clothes would she buy? Anwer: Blue, of corse. And remember always email the admin when it doesn't work. Every time. Even though you keep getting it wrong you must remember to always send yet another email to the admin. Just call it email insurance. ;-p
Marston
The survey answers could be easily bypassed by a bot...
SpellcasterDX
coreymanshack wrote:
SpellcasterDX wrote:
coreymanshack wrote:
I have an idea, put in around 40 random question/answers for the user to answer that are as simple as this, What color is george washington's favorite white horse. Of course only display one of those random questions each time.
But then it gives the impression of a survey, and may discourage new members. Confused


WHY? would it give the impression of a survery if you only display 1 of 40 possible questions at register screen that are obvious questions that anyone could get right, and if you answer it wrong it would say "you got the question wrong". I thought surveys asked for opinions and not facts.

Nevermind. I misread your post. I thought you meant have to answer 40 questions before being able to register. Razz
coreymanshack
Marston wrote:
The survey answers could be easily bypassed by a bot...


That's only if the bot is specifically targeting frihost, wich nothing can stop.

Another option I think would be to check and see what browser is being used. If there is not browser, or if the browser isn't one like firefox, IE, netscape, opera, mozilla, etc. etc. Then no registration acces.

Quote:
SpellcasterDX wrote:
coreymanshack wrote:
I have an idea, put in around 40 random question/answers for the user to answer that are as simple as this, What color is george washington's favorite white horse. Of course only display one of those random questions each time.
But then it gives the impression of a survey, and may discourage new members. Confused


WHY? would it give the impression of a survery if you only display 1 of 40 possible questions at register screen that are obvious questions that anyone could get right, and if you answer it wrong it would say "you got the question wrong". I thought surveys asked for opinions and not facts.

Nevermind. I misread your post. I thought you meant have to answer 40 questions before being able to register. Razz


It's ok we all make mistakes Smile
TeenZine
I haven't noticed any bots yet so We'll see .
Hogwarts
TeenZine wrote:
I haven't noticed any bots yet so We'll see .


You haven't noticed any?

Whoa... I've reported more then 20 so far... Confused
TeenZine
Hogwarts wrote:
TeenZine wrote:
I haven't noticed any bots yet so We'll see .


You haven't noticed any?

Whoa... I've reported more then 20 so far... Confused

Ok so I've been gone for a week ? Can I have there usernames.
Daniel15
Quote:
Ok so I've been gone for a week ? Can I have there usernames.

Go to the memberlist, sort it by join date (ascending), and look at a lot of the members with a Website address set in their profile Wink
coreymanshack
yes, i think it spider's frihost... because in my sig i have a link to my website and i started getting this bot signing up at my site (but i had email validation so it never validated) and having porn links in it's web address bar. So for however long that bot has control of the "newest user" slot at my site, people can click and venture on to it's porn site by accident.
IceCreamTruck
What about having a chat script where it's validation by chatting? What I mean is if you gave the admin/moderators/(really cool frihosters) the ability to give someone a register wildcard, but they can't get it if they don't log into the free chat and start conversating. just a thought...

Of corse this gives the admin yet another something to moderate, and we're getting further away from automated forums, but you'd have 100% genuine people unless someone key-stroke-errors a bot into the forums.

Does anyone else see the need for a universal system of identifying people on computers yet? Sure you'd still have stupid poeple designing bots to use the universal identifier system, but at least you could perminantly ban that user from ever becoming associated with anything to do with your site. I too run a copy of phpBB and I feel like a ban/remove/delete the same bot's posts over and over again.

WHO OUT THERE IS STILL CLICKING THESE LINKS THAT MAKES SPAMMING A PROFITABLE VENTURE?!?!?!?!?!?!

You know what, we might just be examining the problem from the wrong side. How do we start illiminating the people that click spammers links in the first place. Hmmmmm, any ideas? How about banning users for clicking any spam link by making every link start off with a simple redirect. Example: A bot adds the link to my forums, but my forums are smart enough to redirect that link to "http://mysite.net/redirect.cgi?http://thespamsite.net" but the redirect records who all clicked the link. Then if you ban the user who posted it and delete the link, then the forums software goes through and either bans all users who clicked the link, or it gives the users -5 frihost points for clicking a spam link.

EUREKA!!! I've done it. Fix the problem on both sides. I'm going now to try and see what it would take to get a system like this in place, and possibly test it out on my forums.

It's time to wage war on spam!!!
IceCreamTruck
I just had another idea, so I will post it again.

Text on registration page: What is the average rain-fall in inches that seattle, washington receives in one year?

simple text: Go to this page for the answer: http://somelinkonfrihost.com (note: this should not be a hyper-link)

somelinkonfrihost.com: The answer is not here. Please go to this page to get the answer http://thereallink.com (this shouldn't be a hyperlink either)

You might have ditched the bot because the text is not a hyperlink, and a custom bot would have to be written to find the answer. If someone gets past then it's really not a bot that is posting the link in the first place.

If you think that stupid people wouldn't be able to type a link into the browser, then why would you want that person on the forums anyway. They are most likely the person that is single handedly keeping spam profitable because all they can do is click spam links all day, and they just click what ever link is given to them.

also, this solution is particularly cheap and easy to setup, hence, why I like it so much and had to double-post.

Be good people...and STOP CLICKING SPAM LINKS!
mathiaus
IceCreamTruck ....

Chat: This would require someone on all the time right? One of a small number of admins as well. This ain't happening. Far too time consuming, both for the inital setup from Bonding's and then later from other admins manning the chat to give codes or whatever.

Links: You want to punish those who may have either been seriously convinced by a rather good scam, or those who are simply too 'dim' to realise its a scam? Thats cruel, specially to be suggested at a time like 'Christmas'!
There are also loads of bad points. 1) Long coding time; 2) Punishing wrong people; 3) Large storage of pointless data. Collecting who clicked what link when most links will be legitimate is pointless!; etc ...

Domain wastage: This is also a waste, this time of domains/sub-domains and pages and links that aren't links. I would image most members wouldn't bother doing all that just to register.



I don't think people really understood what I mentioned before so once FriMs is up I can provide an example and it will hopefully be easier to explain.
IceCreamTruck
mathiaus wrote:
IceCreamTruck ....

Chat: This would require someone on all the time right? One of a small number of admins as well. This ain't happening. Far too time consuming, both for the inital setup from Bonding's and then later from other admins manning the chat to give codes or whatever.



exactly. Hence, my statement "moving away from automation." forgive me for simply trying to get this conversation started up again. I have a personal interest and that is because I also spend way too much time deleting annoying posts from my forums.

mathiaus wrote:

Links: You want to punish those who may have either been seriously convinced by a rather good scam, or those who are simply too 'dim' to realise its a scam? Thats cruel, specially to be suggested at a time like 'Christmas'!
There are also loads of bad points. 1) Long coding time; 2) Punishing wrong people; 3) Large storage of pointless data. Collecting who clicked what link when most links will be legitimate is pointless!; etc ...


I am a programmer, and I can litterally see some form of the code in my head right now. I don't think it would be too time consuming to actually complete the project, but I do think it could take years to get it right...as with any computer project be it in PHP, ASP, or CGI.

As far as punishing people for clicking spam links, my stand is "why not?" Cover the last week in your mind and recall how many times you were dooped into clicking a spam link. Maybe once, ok, but if there were a penalty for clicking spam links then don't you think that you would be able to maintain a ABSOLUTE ZERO spam clicks in a whole year. I definately do not get fooled by spam links in the forums, or in my mail.

Look at it this way too, please... there are serious consiquences for not looking both ways before you cross the street, yet they haven't put up fences to keep people off the street because, in some way shape or form, we are EXPECTED to look where we are going. That's all I want people to do, and that is aggresively shaping the internet into what it should be instead of shaping the internet into a spam portal because people are incouraged to click any link that looks clickable without considdering what might happen if they do. Yes, it's a much harsher policy then I would like to try and adopt, but the people who are sending out spam are not playing nice. Why do the good guys always have to play nice.

It's why I like the movie "The Conicals of Riddick" it starts with the line "...Some kinds of evil must be fought with a different kind of evil."

You can't fault me for trying to come up with an inventive solution for what is becoming a tired old problem on the internet. I remember hearing a few years back that rewards were starting to be offered, and that you could actually report someone to the FBI for spamming, but all of that too has gone out the window, and I now receive more spam in my mail-box than ever. (note: I also know exactly why I receive the spam I do, and that was because of a security breach at the company I currently work for. One of the guys at the company got a virus, and my box has tons of the same spam message over and over (pharmacy crap), but nothing else. I know what good practices are, and so do you, mathiaus, i'm sure.

mathiaus wrote:

Domain wastage: This is also a waste, this time of domains/sub-domains and pages and links that aren't links. I would image most members wouldn't bother doing all that just to register.


Domain wastage? not sure what you mean, because I don't mean registering domains or whatever you've formed the idea as. What I mean is this.

Ask a question. Tell the people the answer is on a page that they have to go look at (don't hyper link them). Example answer page: http://frihost.com/answer.html

yes, bots can form their own hyper-links, but can these bots that are plaguing frihost, and other phpBB forums, break a webpage down into the answer of the question you are asking? probably not, and so you are one step closer to making people design custom bots to attack frihost and that too is not very likely. And, this solution is super cheap as far as time or money goes. Actually I challenge anyone to come up with a custom bot solution that would be cheaper (time/money) to integrate.

mathiaus wrote:

I don't think people really understood what I mentioned before so once FriMs is up I can provide an example and it will hopefully be easier to explain.


What is FriMs? I would like to see anything else that you have on the subject as I am currently at my wits end with where my website forums has taken me. It's not a nice place, and I'm a little grumpy as a result.

BTW, thanks for posting a response so quickly. I'm sure we'll come up with a good game plan if we actually start putting as much time in thinking about how to break down spam attacks as they put in thinking up these stupid schemes. Actually I think the biggest problem is from people who've broken phpBB down, and not so much the fact that there are poeple out there who are despirate to spam frihost.

Thanks again
TeenZine
omg I reported like 2 more bots today whats next. I'm affraid theyve been started to come to my site and post x rated stuff there. We need a bot pervention.

Edit why dont you start off by proving there bots and make a conversion because the url tag when they make posts are standerd [url] so whyd ont you do your own url like [WAd] which would stand for web adress. which would point out bots.[/url]
coreymanshack
TeenZine wrote:
omg I reported like 2 more bots today whats next. I'm affraid theyve been started to come to my site and post x rated stuff there. We need a bot pervention.

Edit why dont you start off by proving there bots and make a conversion because the url tag when they make posts are standerd [url] so whyd ont you do your own url like [WAd] which would stand for web adress. which would point out bots.[/url]

Like I've said before..
coreymanshack wrote:

yes, i think it spider's frihost... because in my sig i have a link to my website and i started getting this bot signing up at my site (but i had email validation so it never validated) and having porn links in it's web address bar. So for however long that bot has control of the "newest user" slot at my site, people can click and venture on to it's porn site by accident.

I'm fairly sure that this bot comes to our sites via frihost. We need to find out the ip address of this bot and ban it's ip from frihost servers via apache htaccess.
garionw
I haven't had any spambot's at all, and my blog is advertised in my signature.


In fact no-ones been on my blog, its like a ghost town. Laughing
TeenZine
blogs diffrent then fourms i deleated 2 bots already today. Is it possible frihost can change there privicy policy and post the bots IP's so we can block them ahead of time?
garionw
TeenZine wrote:
blogs diffrent then fourms i deleated 2 bots already today. Is it possible frihost can change there privicy policy and post the bots IP's so we can block them ahead of time?



They have Dynamic IP Addresses, I think Bondings Said once Before
coreymanshack
garionw wrote:
I haven't had any spambot's at all, and my blog is advertised in my signature.


In fact no-ones been on my blog, its like a ghost town. Laughing


I think it is geared more towards phpbb.

wrote:

They have Dynamic IP Addresses, I think Bondings Said once Before


You can ban a range of ip's right?

TeenZine wrote:
blogs diffrent then fourms i deleated 2 bots already today. Is it possible frihost can change there privicy policy and post the bots IP's so we can block them ahead of time?

I doubt they were spam bot's, probably more of a mere user aggrivating you.

I noticed once I changed to dragonfly cms I quit getting spam users.
garionw
Quote:
You can ban a range of ip's right?


I have issues against banning any IP addresses. If they are dynamic, they could be from a ISP that hosts many accounts.

I am hosted with Internode and they have a range of IP's (about 50, I think) and 1 of those was blocked from Wikipedia because of 1 person spamming it.


Now those 50 IP addresses have to serve all of Internode customers across Australia (At least 500,000 IMHO) so that means that 1000 Internet Users missed out on editing Wikipedia for an entire month (because everyone has dynamic addresses)

Now imagine if that was you, and you could use Frihost for a month because one idiot was spamming the forums and your IP address was posted here and blocked from a number of sites hosted on Frihost
Hogwarts
garionw wrote:
Now those 50 IP addresses have to serve all of Internode customers across Australia (At least 500,000 IMHO) so that means that 1000 Internet Users missed out on editing Wikipedia for an entire month (because everyone has dynamic addresses)

Actually, you worked that out wrong. If there are 500,000 and 1 in 50 was banned for that duration, then 10,000 people were banned. It seems illogical for them to make a system that way though.

But yes, I agree with you. I do have a thing about banning peoples IP addresses, but if somebody is really, really bad then they will have to be banned. For example, even if I banned those 10,000 people from my site; I doubt more than a few would actually visit my site at this current stage. Then, if I unban the IP after a month the person would have lost interest, and their IP is likely to have changed.
Daniel15
Quote:
I am hosted with Internode and they have a range of IP's (about 50, I think) and 1 of those was blocked from Wikipedia because of 1 person spamming it.

Internode are horrible, but that's offtopic Razz

I believe that Internode are using transparent proxies. Basically, what this means is that even though you don't set a proxy in your browser, you are forced to go through one anyway. Then, when a website looks at the IP address that the request is coming from, they'll see the proxy's IP address, not yours. TPG Internet has a range of proxies that customers use.
IceCreamTruck
So how does one stick to using phpBB and avoid all the bots that go with it? This is the question.

I'm using it too. I banned a couple usernames in the begining, but now it seems that I'm no longer being targeted. You'd think that if it were a computer that automaticly found me, then it would do it again the same way over and over. I think the basic problem to all of this is that it's actually a human being behind the problem -- not a bot. People are spamming my forums, and frihost, and there is not a whole lot we can do about it.

Someone will come along and write the ultimate in work arounds for the problem, and then someone will figure out how to exploit the process all over again. It's a horrible, horrible cycle that we are in.

I do wish that they would put a button on each post that says "Ban User and Delete all posts" and depending on how bad the problem is you can set the severity of a ban to a couple different levels: First by username/email, then Second by IP address, and Finally MAC address. But making the process push-button seems to have strayed at times in the different versions of phpBB. I was hoping that they fixed some of the problems with phpBB in version 2+ but it hasn't been streamlined yet, and you have to click like 6 times just to delete and ban one user. Takes about 3-5 minutes. deleting and banning 160 users takes about a full work day. Please won't some guru of php please write a patch for phpBB that makes deleting all the posts from one user and banning them one button?

Also, I want to be able to arrange the users by activity, so I can delete/ban any user that posts more to my forum in one day that is humanly possible. I'm not going to delete/ban users for posting 20 times, but I will if they post 200 times, or 500 times in one day. HAHA, can you imagine going from a "Frihost Wanabe" to a "Frihoster" in a day. I can't, and in fact that thought makes me a little sick. ;-p All those fridollars, and nothing to spend it on. Wink

Someone also needs to write a script on frihost that doesn't give fri$ to bots. It's not fair. I'll have to email Bondings post haste!
Bondings
IceCreamTruck, the best way to stop the bots/spam is to change the default registration process. Minor things like changing the filename of the registration page, "type yes to confirm" or anything else non-default will stop all bots that target all phpbb forums. Sure they can change it specifically for your forum, but in most cases it's not worth it.

I recently installed a html captcha instead of the default one and it stopped all bots - till now at least.

And to be precise, I think most of the bots/spam are semi-automated. The actual registration is automated, with a bot, while the activation and posting is done by a human. Or something similar.

About your banning thing, there are probably some existing mods that already do that or you could code it yourself (the removal of the posts isn't easy to do yourself though, banning is pretty easy). Also, the MAC address is (luckily) not visible to the server, so you aren't able to use it.

Here is also a description of a few phpbb2 anti-spam mods: http://www.phpbb.com/phpBB/viewtopic.php?t=393503
TeenZine
Thank you bondings for fixing this problem it needed to be done.
Daniel15
Quote:
I recently installed a html captcha instead of the default one and it stopped all bots - till now at least.

Sounds good Smile

Quote:
The actual registration is automated, with a bot, while the activation and posting is done by a human. Or something similar.

It's mostly all automated, even the activation. Xrumer (popular autosubmitter, very expensive) automatically creates a mail.ru or gawab.com account, signs up for heaps of forums, then gets all the emails and activates them all at once.
Most large forums have blocked *@mail.ru users from signing up, due to the mass of spam (most users that use this email are actually spambots)
garionw
Daniel15 wrote:
Quote:
I recently installed a html captcha instead of the default one and it stopped all bots - till now at least.

Sounds good Smile

Quote:
The actual registration is automated, with a bot, while the activation and posting is done by a human. Or something similar.

It's mostly all automated, even the activation. Xrumer (popular autosubmitter, very expensive) automatically creates a mail.ru or gawab.com account, signs up for heaps of forums, then gets all the emails and activates them all at once.
Most large forums have blocked *@mail.ru users from signing up, due to the mass of spam (most users that use this email are actually spambots)


When I did have forums installed, all of my spambots had Gmail accounts
IceCreamTruck
Bondings wrote:
IceCreamTruck, the best way to stop the bots/spam is to change the default registration process. Minor things like changing the filename of the registration page, "type yes to confirm" or anything else non-default will stop all bots that target all phpbb forums. Sure they can change it specifically for your forum, but in most cases it's not worth it.

I recently installed a html captcha instead of the default one and it stopped all bots - till now at least.

And to be precise, I think most of the bots/spam are semi-automated. The actual registration is automated, with a bot, while the activation and posting is done by a human. Or something similar.

About your banning thing, there are probably some existing mods that already do that or you could code it yourself (the removal of the posts isn't easy to do yourself though, banning is pretty easy). Also, the MAC address is (luckily) not visible to the server, so you aren't able to use it.

Here is also a description of a few phpbb2 anti-spam mods: http://www.phpbb.com/phpBB/viewtopic.php?t=393503


I hope you are finding solutions to these annoying problems. I've just had the phpBB forums live on my subdomain "space.frih.net" and the bots have torn me up at times. Sometimes I can stay on top of it, but others I can't.

I'm in the process of redeveloping my site around the domain "AstroTwister.com" and I am going to take the latest greatest version of phpBB live for that, but I want it to be easy to keep clean. I don't want to have to do so much work to remove these annoying people.
I'm going to work on crashing frih.net with traffic!!! ;-p 100,000 users a day is my goal. Wink aim high, right?

I can't even begin to fathom how horrible it must be for you at this point bondings, because I imagine that you do have people targeting you as well as tons of bots trying to be annoying as only automated scripts can be.

I will look into a few solutions, but I hope that my time will be well spent as I don't have much to spare as of late.
Related topics
new Nintendo Revolution
Jackson - Not Guilty
Michael Jackson Found not guilty!
mIRC for begginers.
Stephen King novels
Rose Online bot
Creating an RPG bot in IRC (yes I wrote this)
Federal response to Katrina was faster than Hugo,
Frankfurt Motor Show, 2005
World of Warcraft
India Won : Dravid Man of Match
NIGHTWISH!
IPBanned Battle.net?
Question About RaC Mod
Reply to topic    Frihost Forum Index -> General -> Suggestions

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.