| Archive for myfreeforum.org Before posting please check the "stickies" in the support forums. Please ask questions in real English and not "txt". You will get a better response. Please do not ask support questions via PMs. |
| admin (no pm's please) |
Phpbb3: spam problemshttp://blog.bbprotection.net/2009/02/25/phpbb3-captcha-cracked/As suspected image verification on phpbb3 has been cracked and the developers are being pretty slow in dealing with things 
On phpbb2 to avoid this sort of issue arising we implemented our own customized anti-spam system. Which may make for another "told you not to change to phpbb3" moment  but does not address the immediate issue.
The official thread is here: http://www.phpbb.com/community/viewtopic.php?f=46&t=1437125 I think the custom profile field approach is simplest for now. It seems pointless for us to implement an anti-spam mod, when the developers must surely add an official system soon. |
||||
| admin (no pm's please) |
For good measure create two custom profile fields. One will be a "radio" box, the other a question that must be answered correctly.
For the customer profile field option set up a "Boolean" field like: 
Note it displays at registration and is required. On the next screen DO NOT enter a default value. Next the maths question 
Make the question your own, and in the next screen enter the answer as both minimum and maximum allowed value. |
||||
| Zina2008 |
Am I correct in thinking that if the question is phrased in words (e.g. "What is two and two?") and the answer in figures (e.g. "23") the Bots will find it harder to make the link and supply an answer?
I have also added profile fields which are compulsory, and relate to the board's content. If the would-be member can't tell me which area he's interested in, there's not much point in his being there, so out he goes. |
||||
| admin (no pm's please) |
The bots won't be clever enough hopefully to even figure out 2+2. But it is a running battle. |
||||
| interlog |
It was only a matter of time before the phpBB3 CAPCHA was broken. It lasted well over a year before it did which is not bad going.
Developers thinking I believe is to reduce the number of upgrades (unless an upgrade is security critical which spam is not) following complaints from users and bundle fixes to bugs in as few as possible upgrades. |
||||
| Zudane |
Oooh.. just implemented that onto my own ^_^ I hope it helps, I've been getting 10+ a day lately all with gmail domains -.- | ||||
| admin (no pm's please) |
On my spammed forum, it has been totally clear since these measures were put in place. | ||||
| P Shivers |
I have been noticing a lot of inactive users that I am just deleting, but I am wondering if I am just catching them before validation of email or if they are not able to validate the email. I really don't mind, as long as they are not posting. I would rather delete inactive members than ask for more info at registration.
I was waiting to see if they could get past the validation before adding the questions at registration and it seems that, for now, they aren't getting past. |
||||
| Zina2008 |
If they're using a fake e-mail address - as most do - they won't be able to validate because they will never receive the validation e-mail. You may well find that you will get it instead, with a note that it has bounced back.
However the (allegedly) human species of spammer may use a real one and get in that way. So if you're getting more of these things than usual, and you're worried about it, make sure that new members have to be validated by an Admin. Alternatively, you can set it so that all new members are put on moderation. They will be able to post, but only in a hidden area where ordinary members won't see what they have to say, until such time as you decide you can trust them on the open forums. I still say capital punishment is the best long-term solution, mind. |
||||
| NickXmL |
Where in the ACP do you implement this?
I am confused as to where I reach the shown page in PHPBB3. Thanks in advance, Nick |
||||
| admin (no pm's please) |
Users and Groups/Custom profile fields. | ||||
| NickXmL |
Thanks, but which field type should the math question be?
Thanks in advance, Nick |
||||
| admin (no pm's please) |
Numeric | ||||
| Zudane |
I got to the point of adding a -massive- list of spam domains to the ban list, and was still getting a bunch of gmail spam accounts that never activated.
The longer it is since you started to get spam, the more spam lists your on and the more you get - stop it when they are small! I added two simple fields - both briefly explaining they stop spambots, and in 2 weeks I haven't seen a single account even register as a spam account! And all real accounts haven't complained about the anti-spam fields ^_^ I would highly recommend adding the anti-spam questions for phpbb3. |
||||
| Rextreme |
I have created the two custom profile fields as recommended but they are not showing up on registration. Any ideas? Thanks
ETA...Its okay, I have worked it out. This forum is great- thanks. 
|
||||
| Zudane |
Make sure you also have them required at registration - And if you are using phpbb3 (I'm not sure about phpbb2) make sure you have it set to not show - or else you have fairly random looking questions showing in your user's profiles. | ||||
| Rextreme |
Okay thanks- I hadn't thought of that. | ||||
| Zudane |
I missed the option for it on both and was annoyed to see them showing up on profiles, lol.
Name: Joe Are you human? Yes What is 5+6? 11 Ya, that's what I want profiles to look like
|
||||
| Rextreme |
Your sum is easier than mine....but I have given the option of one number either side...just in case. LOL
ETA..Very nice forum you have there. 
|
||||
| Zina2008 |
Depending on what your Forum is about, you can even make the "spambusting" questions useful for information-gathering.
If you had a car forum, say, you could ask what the applicant's favourite model was, or even colour - bots aren't likely to have an opinion. And if you have a family history forum, you could ask for the relevant surname. Bots don't have surnames. |
||||
| admin (no pm's please) |
Some bots will fill in a value, hence the idea of two fields to be filled.
One a radio field that may be missed by a bot, and one a field will a numeric answer the system can check on for you. So favorite car/colour is not good for this. |
||||
| Zina2008 |
No, I take your point - cars are probably too weel-kent to work. I don't use cars myself.
You could do a foodie thing - baked or fried? Rotisserie or flambe? That might be safer, with buttons. Best if you have a really obscure subject, though. It would work with villages of the Outer Hebrides, probably. |
||||
| Zudane |
What admin was referring to.. is you need something more than just fields that need to be filled in or boxes that need to be checked.
What you need is that if a bot spots a field, it may put in a 'guess' to what the answer might be, if the question is simply an opinion, then it would get it 'correct'. If the question is something with a definitive answer, then the bots 'guess' wouldn't be correct and the bot is denied (unless it got lucky) |
||||
| RebeckaJayne |
We seem to have an influx of spammers trying to get onto our site at the moment.
Followed the steps in this topic to try and catch them and it's working. We added two required fields on registration,The first being Date of Birth and the second Location. They still apply to join but the give away is the results..... Date of Birth: 01 Jan 1909
Location: Canada The country and date of birth varies but it's always the same year. We now register all details from these applicants on this site Stop Forum Spam and then all we do is ban by IP. Working well so far. Thanks for the advice. |
||||
| Zudane |
Giving the choice of just added words they can fill in is simple. You want abnormal questions, things that a person would not tell a computer to look for.
A simple math question, "What is 4 + 1" and the answer being a number field with 5 as the correct answer, and the default being 82. And then a dropdown box of "are you a human" with the answers yes and no, and the default being no. This way a bot would not attempt to answer both of those, or would fail to answer them correctly, and would be denied access. |
||||
| RebeckaJayne |
Thanks for the advice Zudane.
Will have a go at that today. Didn't mind having to sift through them but it seems like that way would be easier. |
||||
| Lord of the Norge |
I'm having this problem as well. What am I missing? http://thenewotforum.myfreeforum.org/index.php |
||||
| admin (no pm's please) |
Check the field options, show us a screenshot. | ||||
| Lord of the Norge |
|
||||
| Zina2008 |
For the numerical one, the default must be the wrong answer.
A human will change it to the correct figure, but a bot is likely to accept the value given. For the same reason, the lowest and highest acceptable figures must be the same right answer. Or give them a small range if your potential new members can't count, or have a silly sense of humour! |
||||
| Lord of the Norge |
Ok, that's fine, but it doesn't explain why it isn't showing up on the registration page at all. |
||||
| Zina2008 |
Sorry - I can't help you with that bit. I have the same problem myself, with the same settings! | ||||
| Zudane |
Easy way to test it - have 2 different browsers open - have one at the registration screen, the other in the admin panel. Turn on all the settings to show it everywhere, and then turn off settings one at a time to get it to where you want and it still showing.
Then you can pinpoint which setting is causing trouble. |
||||
| Lord of the Norge |
That didn't work for me because when I tried to do something at the log in screen and then I would go back to the log in screen it logged me out as admin. |
||||
| Zudane |
I mean two different browsers, like firefox and internet explorer. They have different sessions, so you can be logged in on one, logged off on the other. | ||||
| Lord of the Norge |
That isn't it. There is nothing wrong with the settings. I have changed them to be exactly as they are here. Any other suggestions? |
||||
| Zudane |
If you use 2 windows of the same browser, say 2 windows of firefox or 2 windows of internet explorer, then when you log out of one you will log out the other. If you use 1 window of firefox at the admin panel, and 1 window of internet explorer at the registration screen, you can remain logged in the admin panel on the firefox window. |
||||
| Lord of the Norge |
I understand that, but I am not going to download another browser when my settings are exactly the same as the admins here. The checkbox is clearly marked to require an answer and it's clearly marked to require it at time of registration. |
||||
| admin (no pm's please) |
What are the custom profile field settings at the bottom of "load settings" in "server configuration"? | ||||
| Lord of the Norge |
All yes: 
|
||||
| admin (no pm's please) |
Try another template like proSilver. | ||||
| Lord of the Norge |
That was what I was thinking too. Do you know if I can see the coding before I install? Perhaps I might be able to find it and keep the one we have. |
||||
| admin (no pm's please) |
It would take 5 minutes to switch and find out if that is the issue, then we can figure where to go from there. | ||||