Question for phpBB forum admins
 

Hi Guys,

I am sure the phpBB admins community is aware of the issues with the of-the-box captcha, in that it has been compromised.

I have been forced to switch on admin enabling on new accounts, I get no bad posts but I still get about ten spammer registrations every week on our club site.

I have been searching through the phpBB community forums on proposed solutions but the ammount of posts is overwhelming. Has anyone come across or implemented a good system/algorithm that is more or less guaranteed to work?

Cheers,


JCM

got the same problem on my dojo forum which I maintain. its not so bad, when a new one pops up I ban the domain from his email. usually keeps em out. only get a new one every 2 weeks or so.
for other sites I am using vBulletin, but licences are costy http://www.discussworldissues.com/fo...lies/smile.gif

Yes, I wish we had the means but is an expense I could not justify to the club.

I have started banning domains, but the f*****s manage to shift domains constantly, the most annoying thing is that I know is mostly the same spammers by the look of their entries. Plus they managed to mask them too and it resulted on some genuine users being banned.

Anyway, good luck with yours http://www.discussworldissues.com/fo...s/cheerful.gif

normally you get about 5-6 different @blabla.bla domains
just add each one like *@blabla.bla to the email ban list and you're good to go.
where is your forum located? I could have a quick look through your memberlist to see any similarities.

how many users do you have on your forum? how many new registrations (real ones) do you have a week? you could set up alternative registering procedures if the numbers arent to high

Hi, the website is www.dublinkendo.com

Unfortunately I have just cleaned registrations so all you can see is genuine members, we have about 40 of them

We usually get on average about 1 or 2 genuine registrations a month, so is not a huge deal

seems small size forum,
what you can do is this: not 100% sure you have the option in phpBB, but I think you do, at work now so cant really check.
set your registrations to manual, each time a new user tries to register, you have to moderate them. so you manually go through the registrations and you decide wich ones are ok, and wich ones should be denied.

Thanks, I'll check it out

JCM.. which version of phpBB are you using?

Good question, is an ancient version (2.0.14). The reason why I brough it up is that I am planning to upgrade to the latest (2.0.22 ??) and implement the new capcha while I am at it.

I use phpBB here: www.aikido-yuishinkai.co.uk I would recommend updating to 2.0.22 IMMEDIATELY. We were hacked by some bastard in Turkey a while back on 2.0.1something...

I too am thoroughly pissed off with the spammers and have set registrations to be moderated by me as of yesterday, prior to that users needed a working email address and even that didn't stop manual registrations. Plus, even if they use a bogus email address their profile still appears in the member list along with links to their hompage full of spyware/trojans. The only other thing you can do is ban email addresses as already suggested. Or there is a forum mod that lets you log the IP of users and you can then ban IP addresses instead of mail domains (or in combination with).

I've got the mod on my PC at home but not here at work, I'll PM you with the details if you like, prob won't be until tomorrow though.

Regards

Mike

Being a novice in the web maintenance thing, i had to delete the forum entirely from our site www.akumaldiveshop.com . the bastards were even mocking me after placing posts.

the thing is I dont have the time to monitor it, and every third day I had to delete dozens of smap posts, that ranged form medications to pornography.

So, no forum

JCM i feel your pain.... i get about 20 fake accounts on KNHE site every DAY!!! I moderate and delete straight from phpmysql so it only takes bout 4 minutes a week.

FOr small sites you can CLOSE regristration and have people email you if they want to join, or you can put a php ip filter script, i find they have multiple domains but a pareto 80/20 style range of ip addresses, you can take a hugh chunk out of spam your self that way.

what you can do is create a usergroup, and manually add those that can post to that usergroup. set rights accordingly. normal registerd users should only have view rights. Its a workaround if you cant do the manual moderation of new members. wont keep them from registering, but you'll keep them from posting.

Thanks, brothers in arms against spam http://www.discussworldissues.com/fo...lies/smile.gif

I look forward to that PM, I am not in a rush as I will not be able to make the changes this week.

Btw, ever since I implemented email and admin control no posts were made but I am still sick and tired of bogus registrations. I will keep researching and update you all. I found a really cool spin on captcha, but is a lot of code to write, is the cat and car thingy.

I also found this and might give it a go: http://www.matthewleverton.com/howto...2-captcha.html

Ganbatte

JCM

surely there must be some plugin that requires the image verification? vBulletin has it by default.
if not there should be plenty available on the web, just make sure your registration page is only accessibly through the image verification page, that means https

Success!!!!, check the new captcha at (go to the registration page):

http://www.dublinkendo.com/forum/index.php


Is a lot safer, the only problem is that is a bit too safe and it might take a few attempts to get it right. I am going to tweak it to make it a bit easier.

I will inform you guys on wether or not this stops spam registrations.

Bobdonny->If it works I'll email ye the details, hopefully that will reduce the spammers on the KNHE website

Its nice JCM, but unfortunately a lot of spammers are hired eastern europeans or far eastern people that can read the image verification..
http://en.wikipedia.org/wiki/Captcha#Circumvention

Defo email me the results and script any little thing that helps http://www.discussworldissues.com/fo...ilies/wink.gif

Yep, I heard that too. I will give it a few days and see if it works.

If it doesn't I might just put together an e-mail form to be sent to the admins

nice job there jorge http://www.discussworldissues.com/fo...es/biggrin.gif i too might implement this captcha system if the spam gets worse.... i'll be emailing/PMing you for the codes...

cheers http://www.discussworldissues.com/fo...es/biggrin.gif

Sadly I doubt it will do much, my site has an image verification and it does nothing to stop them, I'm forced to ban email addresses, I've noticed that @mail.ru is a good one to ban incidentally.

I'll PM u with the IP mod tongith sometime.

Good luck with the forums

Mike