Phpbb3: spam problems

[admin (no pm's please)]

http://blog.bbprotection.net/2009/02/25/phpbb3-captcha-cracked/

As suspected image verification on phpbb3 has been cracked and the developers are being pretty slow in dealing with things

On phpbb2 to avoid this sort of issue arising we implemented our own customized anti-spam system.

Which may make for another "told you not to change to phpbb3" moment   but does not address the immediate issue.

The official thread is here:

http://www.phpbb.com/community/viewtopic.php?f=46&t=1437125

I think the custom profile field approach is simplest for now.

It seems pointless for us to implement an anti-spam mod, when the developers must surely add an official system soon.

---

_________________

Family Friendly Shareware | | Web Design/Services | Free Forums

[admin (no pm's please)]

For good measure create two custom profile fields. One will be a "radio" box, the other a question that must be answered correctly.

For the customer profile field option set up a "Boolean" field like:




Note it displays at registration and is required.

On the next screen DO NOT enter a default value.


Next the maths question




Make the question your own, and in the next screen enter the answer as both minimum and maximum allowed value.
_________________

Family Friendly Shareware | | Web Design/Services | Free Forums

[Zina2008]

Am I correct in thinking that if the question is phrased in words (e.g. "What is two and two?") and the answer in figures (e.g. "23") the Bots will find it harder to make the link and supply an answer?

I have also added profile fields which are compulsory, and relate to the board's content. If the would-be member can't tell me which area he's interested in, there's not much point in his being there, so out he goes.

[admin (no pm's please)]

[interlog]

It was only a matter of time before the phpBB3 CAPCHA was broken. It lasted well over a year before it did which is not bad going.

Developers thinking I believe is to reduce the number of upgrades (unless an upgrade is security critical which spam is not) following complaints from users and bundle fixes to bugs in as few as possible upgrades.

[Zudane]

Oooh.. just implemented that onto my own ^_^ I hope it helps, I've been getting 10+ a day lately all with gmail domains -.-
_________________


Harsh Reality - Unleash your creativity!

[admin (no pm's please)]

On my spammed forum, it has been totally clear since these measures were put in place.
_________________

Family Friendly Shareware | | Web Design/Services | Free Forums

[P Shivers]

I have been noticing a lot of inactive users that I am just deleting, but I am wondering if I am just catching them before validation of email or if they are not able to validate the email. I really don't mind, as long as they are not posting. I would rather delete inactive members than ask for more info at registration.
I was waiting to see if they could get past the validation before adding the questions at registration and it seems that, for now, they aren't getting past.
_________________
http://arachnophiles.myfreeforum.org

[Zina2008]

If they're using a fake e-mail address - as most do - they won't be able to validate because they will never receive the validation e-mail. You may well find that you will get it instead, with a note that it has bounced back.

However the (allegedly) human species of spammer may use a real one and get in that way. So if you're getting more of these things than usual, and you're worried about it, make sure that new members have to be validated by an Admin.

Alternatively, you can set it so that all new members are put on moderation. They will be able to post, but only in a hidden area where ordinary members won't see what they have to say, until such time as you decide you can trust them on the open forums.

I still say capital punishment is the best long-term solution, mind.

[NickXmL]

Where in the ACP do you implement this?

I am confused as to where I reach the shown page in PHPBB3.

Thanks in advance,
Nick
_________________
To Help Flight Sim Forum, click the sig once a day

[admin (no pm's please)]

Users and Groups/Custom profile fields.
_________________

Family Friendly Shareware | | Web Design/Services | Free Forums

[NickXmL]

Thanks, but which field type should the math question be?

Thanks in advance,
Nick
_________________
To Help Flight Sim Forum, click the sig once a day

[admin (no pm's please)]

Numeric
_________________

Family Friendly Shareware | | Web Design/Services | Free Forums

[Zudane]

I got to the point of adding a -massive- list of spam domains to the ban list, and was still getting a bunch of gmail spam accounts that never activated.

The longer it is since you started to get spam, the more spam lists your on and the more you get - stop it when they are small!

I added two simple fields - both briefly explaining they stop spambots, and in 2 weeks I haven't seen a single account even register as a spam account!  And all real accounts haven't complained about the anti-spam fields ^_^

I would highly recommend adding the anti-spam questions for phpbb3.
_________________


Harsh Reality - Unleash your creativity!

[Rextreme]

I have created the two custom profile fields as recommended but they are not showing up on registration. Any ideas? Thanks


ETA...Its okay, I have worked it out. This forum is great- thanks.  

---