Tech Q for the site managers

HairbearTE · Post by **HairbearTE** » Wed Apr 25, 2007 6:07 pm

Guys I got a mate who uses this forum template on his website and he gets terrible problems with spammers, spamming bots etc. Its only a small forum that keeps all our buddies in touch and chatting about holidays, xbox, that kind of stuff. What progs do you use to keep this site clean? Help greatly appreciated as its killing our forum

Alley Kat · Post by **Alley Kat** » Wed Apr 25, 2007 6:13 pm

Nothing done here - there are spam bots for this software because it's very popular. We just keep a close eye on new threads...

I take it people have to register to post - if not, that's 100% essential.
The other thing he can do is install a "mod" which uses number verification - generates a random series of numbers/letters that you have to type in; specifically to defeat the robots.

If it doesn't need to take new members automatically, set the registration so it has to be approved by the admin - that way admin sees new registrations and can accept/reject 'em.

Post by **katanaman** » Wed Apr 25, 2007 7:06 pm

As Bill said above, our main weapon is the fact that people have to reply to an email and their address has to be unique which means they generally have to be real people. There are other settings in place like a time delay between posts which means you cant get a 100 spam posts all of a sudden. If its a small group you could also set it so that admins have to activate the accounts as well.

Would be happy to take a look at the settings if your admin wanted.

Eliot · Post by **Eliot** » Thu Apr 26, 2007 6:30 am

I'm running phpbb on my little site, i was getting lots of bots creating new accounts, just so they could have a link back to their own site in their profile.
The funny numbers thing was so easily circumvented that i removed it.

I solved the problem in the end by having a simple question that says "what colour is my car" - only a human can answer that one!

Not had one bot sign up since that change 4+ months ago.

Alley Kat · Post by **Alley Kat** » Thu Apr 26, 2007 7:38 am

It works for ebay, google etc etc and there's a good reason for their existence - it's hard for a robot to view a GIF. But, if the actual generated key is available somehow, then it could be got round - but must be something very wrong with the code or implementation.

Post by **katanaman** » Thu Apr 26, 2007 8:52 am

I remembered after I posted yesterday that we use a question and answer on here too. I only remembered after Spittiev8 sent me a PM asking questions. I wont say publicly what the mod is but if you want the name PM me and I will sent it to you.

Eliot · Post by **Eliot** » Thu Apr 26, 2007 9:52 am

Alley Kat wrote:It works for ebay, google etc etc and there's a good reason for their existence - it's hard for a robot to view a GIF. But, if the actual generated key is available somehow, then it could be got round - but must be something very wrong with the code or implementation.

That's what i thought - but still got bots signing up - found a website that would test your board for free and it created an account even though I had the jumbled numbers thing turned on. Looking through the code of the PHP, the form seems to include a hash of the correct answer in a hidden form field - so i dont think they actually read the gif, but actually work out the correct answer by reading the hidden field and crunching the answer.
I solved my by making MY OWN mods and not one that someone else posted - because if the mod becomes popular, the spammers just mod their code accordingly. My one is simple and easily circumvented by a human - but spambots aren't humans!

They have two motives:
1) just signup with a URL in their homepage field that links to their meds or whatever. When google spiders your forum, it indexes that link and appears like your site is voting for the spammers site. I block the homepage URL, the memberlist function and also use robots.txt to tell crawlers not to index member URL stuff.

2) They sign up and post crap.
Not much you can do about that - just bin the posts.

Alley Kat · Post by **Alley Kat** » Thu Apr 26, 2007 11:30 am

yeah probably worked out how to decrypt the field or mimic the encryption since the source is available. So much krap from Russia these days...

shinnster · Post by **shinnster** » Fri Apr 27, 2007 9:46 am

Hello people
Thanks for all the info, much appreciated. it is my forum that HairbearTE was talking about. I have now installed an anti spam mod and a simple question that needs to be answered in order to join, hopefully it will keep tham at bay.
we have been getting about 30+ posts a day of crap so hopefully this will stop it.
Again, cheers for the help

Post by **katanaman** » Fri Apr 27, 2007 3:58 pm

glad we could help.