Log in

No account? Create an account

It not a joke!!! It is the truth!!!

Giving people what they want: violence and sloppy eating

Previous Entry Share Next Entry
Is anyone else responsible for a phpBB message board?
mini me + poo
I'll post this somewhere else as well, but...

I offered to help one recover from spammers (mostly spam registrations rather than posts, fortunately), and it's an uphill task.

It was running a vanilla 1.0.22 phpBB setup. I've added a MOD to make deleting users easier (as a result, it's gone from about 480 to 30 'real' users plus about 10 others I'm not sure about but which aren't doing anything naughty). I've made a couple of changes to the registration process to catch out stupid scripts. I've made registration spam pointless (now you don't even appear in the user list until an admin says so) but of course, they're still doing it... to the tune of about ten a day.

I'm about to do another tweak to catch out about half of those, but I'd like to get it down to a maximum of one a day.

I can see that the standard CAPTCHA has been completely cracked - is it worth changing to a more robust one? (Either something that's not OCRable or the 'here are 20 pictures, which ones are kittens and which cars?' type.)

Or do I just say 'sod it' and suggest they move to SMF?

  • 1
http://recaptcha.net/ is a new captcha system (that also does some useful work). There's also a phpBB plugin - http://recaptcha.net/plugins/phpbb/ which at least might make it painless to add.

I have a phpBB but I'm such a beginner use that I remove everything by hand, pretty much one at a time. Not looking forward to it again this year. Especially as it's not an active site, it's just an archive walk down memory lane.

What looks to have worked is upgrading the CAPTCHA (not to the one above, but it seems good enough) plus rejecting registations from 'users' who give info (IM contact details) when they're told not to.

good luck with that, i'm running two phpbb installations and it's a nightmare trying to keep up with the bot registrations. mostly i use phpmyadmin every so often to go through and delete anyone who hasn't posted within a certain period of registering. post again if you have luck with the new captcha and i may give it a try too.

See above.

http://www.phpbb.com/community/viewtopic.php?t=495004 is the CAPTCHA.

http://www.phpbb.com/community/viewtopic.php?f=15&t=404113&st=0&sk=t&sd=a is the MOD to make deleting the bastards much easier - the end of the thread has a link to an update which should improve things even more.

http://www.phpbb.com/community/viewtopic.php?f=15&t=227860&st=0&sk=t&sd=a makes spam registration largely pointless by only showing active users in the membership list. I altered it to show everyone to admin users, otherwise it undoes some of the benefit of the previous one.

http://www.phpbb.com/community/viewtopic.php?t=373695 takes out the option to specify a website etc on registering and to delete users (and optionally blacklist the IP) if they do - they must be a script.

I expanded this one by saying 'don't fill in [IM address] fields' on the registration page and then reject the registration if they do but with a different error message (and not blacklist, because nice people can make the mistake too). I also added an email to me when this works, so I can see how often it happens: 16 times in the last 24 hours, all spammers.

http://www.phpbb.com/community/viewtopic.php?f=1&t=427852 is where I got the idea to use some of these from.

  • 1