LOGO
Reply to Thread New Thread
Old 01-30-2007, 04:33 AM   #1
Lorionasodi

Join Date
Oct 2005
Posts
480
Senior Member
Default Question for phpBB forum admins
Hi Guys,

I am sure the phpBB admins community is aware of the issues with the of-the-box captcha, in that it has been compromised.

I have been forced to switch on admin enabling on new accounts, I get no bad posts but I still get about ten spammer registrations every week on our club site.

I have been searching through the phpBB community forums on proposed solutions but the ammount of posts is overwhelming. Has anyone come across or implemented a good system/algorithm that is more or less guaranteed to work?

Cheers,


JCM
Lorionasodi is offline


Old 01-30-2007, 04:37 AM   #2
Anamehuskeene

Join Date
Oct 2005
Posts
432
Senior Member
Default
got the same problem on my dojo forum which I maintain. its not so bad, when a new one pops up I ban the domain from his email. usually keeps em out. only get a new one every 2 weeks or so.
for other sites I am using vBulletin, but licences are costy
Anamehuskeene is offline


Old 01-30-2007, 04:45 AM   #3
PHOTOSHOPoem

Join Date
Oct 2005
Posts
369
Senior Member
Default
Yes, I wish we had the means but is an expense I could not justify to the club.

I have started banning domains, but the f*****s manage to shift domains constantly, the most annoying thing is that I know is mostly the same spammers by the look of their entries. Plus they managed to mask them too and it resulted on some genuine users being banned.

Anyway, good luck with yours
PHOTOSHOPoem is offline


Old 01-30-2007, 05:48 AM   #4
prowsnobswend

Join Date
Oct 2005
Posts
412
Senior Member
Default
normally you get about 5-6 different @blabla.bla domains
just add each one like *@blabla.bla to the email ban list and you're good to go.
where is your forum located? I could have a quick look through your memberlist to see any similarities.

how many users do you have on your forum? how many new registrations (real ones) do you have a week? you could set up alternative registering procedures if the numbers arent to high
prowsnobswend is offline


Old 01-30-2007, 05:57 AM   #5
TimoDass

Join Date
Oct 2005
Posts
641
Senior Member
Default
Hi, the website is www.dublinkendo.com

Unfortunately I have just cleaned registrations so all you can see is genuine members, we have about 40 of them

We usually get on average about 1 or 2 genuine registrations a month, so is not a huge deal
TimoDass is offline


Old 01-30-2007, 06:00 AM   #6
venediene

Join Date
Oct 2005
Posts
433
Senior Member
Default
seems small size forum,
what you can do is this: not 100% sure you have the option in phpBB, but I think you do, at work now so cant really check.
set your registrations to manual, each time a new user tries to register, you have to moderate them. so you manually go through the registrations and you decide wich ones are ok, and wich ones should be denied.
venediene is offline


Old 01-30-2007, 06:28 AM   #7
joulseenjoync

Join Date
Oct 2005
Posts
488
Senior Member
Default
Thanks, I'll check it out
joulseenjoync is offline


Old 01-30-2007, 06:37 AM   #8
Vkowefek

Join Date
Oct 2005
Posts
389
Senior Member
Default
JCM.. which version of phpBB are you using?
Vkowefek is offline


Old 01-30-2007, 06:43 AM   #9
Sxedlawb

Join Date
Oct 2005
Posts
401
Senior Member
Default
Good question, is an ancient version (2.0.14). The reason why I brough it up is that I am planning to upgrade to the latest (2.0.22 ??) and implement the new capcha while I am at it.
Sxedlawb is offline


Old 01-30-2007, 07:32 AM   #10
letittbe

Join Date
Nov 2005
Posts
407
Senior Member
Default
Good question, is an ancient version (2.0.14). The reason why I brough it up is that I am planning to upgrade to the latest (2.0.22 ??) and implement the new capcha while I am at it.
I use phpBB here: www.aikido-yuishinkai.co.uk I would recommend updating to 2.0.22 IMMEDIATELY. We were hacked by some bastard in Turkey a while back on 2.0.1something...

I too am thoroughly pissed off with the spammers and have set registrations to be moderated by me as of yesterday, prior to that users needed a working email address and even that didn't stop manual registrations. Plus, even if they use a bogus email address their profile still appears in the member list along with links to their hompage full of spyware/trojans. The only other thing you can do is ban email addresses as already suggested. Or there is a forum mod that lets you log the IP of users and you can then ban IP addresses instead of mail domains (or in combination with).

I've got the mod on my PC at home but not here at work, I'll PM you with the details if you like, prob won't be until tomorrow though.

Regards

Mike
letittbe is offline


Old 01-30-2007, 07:42 AM   #11
AndreasLV

Join Date
Oct 2005
Posts
492
Senior Member
Default
Being a novice in the web maintenance thing, i had to delete the forum entirely from our site www.akumaldiveshop.com . the bastards were even mocking me after placing posts.

the thing is I dont have the time to monitor it, and every third day I had to delete dozens of smap posts, that ranged form medications to pornography.

So, no forum
AndreasLV is offline


Old 01-30-2007, 07:44 AM   #12
mplawssix

Join Date
Oct 2005
Posts
382
Senior Member
Default
JCM i feel your pain.... i get about 20 fake accounts on KNHE site every DAY!!! I moderate and delete straight from phpmysql so it only takes bout 4 minutes a week.

FOr small sites you can CLOSE regristration and have people email you if they want to join, or you can put a php ip filter script, i find they have multiple domains but a pareto 80/20 style range of ip addresses, you can take a hugh chunk out of spam your self that way.
mplawssix is offline


Old 01-30-2007, 07:46 AM   #13
mitiaycatq

Join Date
Oct 2005
Posts
367
Senior Member
Default
what you can do is create a usergroup, and manually add those that can post to that usergroup. set rights accordingly. normal registerd users should only have view rights. Its a workaround if you cant do the manual moderation of new members. wont keep them from registering, but you'll keep them from posting.
mitiaycatq is offline


Old 01-30-2007, 08:11 AM   #14
Alkanyadela

Join Date
Oct 2005
Posts
460
Senior Member
Default
Thanks, brothers in arms against spam

I look forward to that PM, I am not in a rush as I will not be able to make the changes this week.

Btw, ever since I implemented email and admin control no posts were made but I am still sick and tired of bogus registrations. I will keep researching and update you all. I found a really cool spin on captcha, but is a lot of code to write, is the cat and car thingy.

I also found this and might give it a go: http://www.matthewleverton.com/howto...2-captcha.html

Ganbatte

JCM
Alkanyadela is offline


Old 01-30-2007, 08:16 AM   #15
Assauraarguck

Join Date
Nov 2005
Posts
464
Senior Member
Default
surely there must be some plugin that requires the image verification? vBulletin has it by default.
if not there should be plenty available on the web, just make sure your registration page is only accessibly through the image verification page, that means https
Assauraarguck is offline


Old 01-30-2007, 09:34 AM   #16
bingookenoo

Join Date
Oct 2005
Posts
380
Senior Member
Default
Success!!!!, check the new captcha at (go to the registration page):

http://www.dublinkendo.com/forum/index.php


Is a lot safer, the only problem is that is a bit too safe and it might take a few attempts to get it right. I am going to tweak it to make it a bit easier.

I will inform you guys on wether or not this stops spam registrations.

Bobdonny->If it works I'll email ye the details, hopefully that will reduce the spammers on the KNHE website
bingookenoo is offline


Old 01-30-2007, 10:43 AM   #17
Misebeita

Join Date
Oct 2005
Posts
368
Senior Member
Default
Its nice JCM, but unfortunately a lot of spammers are hired eastern europeans or far eastern people that can read the image verification..
http://en.wikipedia.org/wiki/Captcha#Circumvention

Defo email me the results and script any little thing that helps
Misebeita is offline


Old 01-30-2007, 10:48 AM   #18
TheBest-Host

Join Date
Oct 2005
Posts
463
Senior Member
Default
Yep, I heard that too. I will give it a few days and see if it works.

If it doesn't I might just put together an e-mail form to be sent to the admins
TheBest-Host is offline


Old 01-30-2007, 11:47 PM   #19
RooldpalApata

Join Date
Oct 2005
Posts
461
Senior Member
Default
nice job there jorge i too might implement this captcha system if the spam gets worse.... i'll be emailing/PMing you for the codes...

cheers
RooldpalApata is offline


Old 01-31-2007, 06:11 AM   #20
kenowinnumberss

Join Date
Oct 2005
Posts
458
Senior Member
Default
Success!!!!, check the new captcha at (go to the registration page):

http://www.dublinkendo.com/forum/index.php


Is a lot safer, the only problem is that is a bit too safe and it might take a few attempts to get it right. I am going to tweak it to make it a bit easier.

I will inform you guys on wether or not this stops spam registrations.

Bobdonny->If it works I'll email ye the details, hopefully that will reduce the spammers on the KNHE website
Sadly I doubt it will do much, my site has an image verification and it does nothing to stop them, I'm forced to ban email addresses, I've noticed that @mail.ru is a good one to ban incidentally.

I'll PM u with the IP mod tongith sometime.

Good luck with the forums

Mike
kenowinnumberss is offline



Reply to Thread New Thread

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 

All times are GMT +1. The time now is 07:54 PM.
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 PL2
Design & Developed by Amodity.com
Copyright© Amodity