We have a serious spammer on this board

For technical issues, problems, bugs, suggestions on improving these forums, discussion of the rules, etc.
Nonamer
Jedi Knight
Posts: 269
Joined: Sun Aug 20, 2006 7:05 pm
Location: Outer Space

We have a serious spammer on this board

Post by Nonamer » Tue Jan 23, 2007 5:16 pm

Somebody is constantly reregistering and spamming this board. An IP ban may be necessary.

Jedi Master Spock
Site Admin
Posts: 2164
Joined: Mon Aug 14, 2006 8:26 pm
Contact:

Post by Jedi Master Spock » Wed Jan 24, 2007 2:04 am

I am aware of this and am looking into effective permanent solutions. It appears we have a very human enemy interested in mimicking commercial spambots to harass the board.

Socar
Bridge Officer
Posts: 234
Joined: Thu Aug 17, 2006 9:09 pm

Post by Socar » Wed Jan 24, 2007 4:31 am

Actually, this is quite common for phpBB boards (trust me, I used to run one), and it's not a "human enemy". There are spam bots which are programmed to find live active phpBB boards, that are capable to bypassing the confirmation code, register, and then post in random forums. This happened multiple times a day, every day, for many months at a time at many boards I know. The solution is actually quite simple: turn on the user activation email thing (the thing that, when a user registers an account, will send an email to them asking them to activate their account so that they can post). If you do this, 99% of the spam bots will be unable to post. This is really the only way to fix this. The spam bots themselves have random rotating IP addresses, rotating email address domains, etc, and you can't really block them or stop them from coming or registering at the board, but they aren't able to check email and activate their own account, so they will be unable to post at the board if you turn it on.

Jedi Master Spock
Site Admin
Posts: 2164
Joined: Mon Aug 14, 2006 8:26 pm
Contact:

Post by Jedi Master Spock » Wed Jan 24, 2007 5:00 am

Socar wrote:Actually, this is quite common for phpBB boards (trust me, I used to run one), and it's not a "human enemy". There are spam bots which are programmed to find live active phpBB boards, that are capable to bypassing the confirmation code, register, and then post in random forums. This happened multiple times a day, every day, for many months at a time at many boards I know. The solution is actually quite simple: turn on the user activation email thing (the thing that, when a user registers an account, will send an email to them asking them to activate their account so that they can post).
We do have user activation e-mails set to on. The visual confirmation code is a relatively easy thing to bypass.

I double checked that after this latest batch.

I used the phrase "human enemy" based entirely on reasons that don't have a thing to do with phpBB registration security - although, as you mentioned, e-mail confirmation usually prevents most spambots.

This whole thing is not, at this point in time, anything to worry about, even if we do have some mysterious (or not-so-mysterious) "enemy" out to irritate us by posting spam on this board.

Nonamer
Jedi Knight
Posts: 269
Joined: Sun Aug 20, 2006 7:05 pm
Location: Outer Space

Post by Nonamer » Wed Jan 24, 2007 5:17 am

The only real way to stop a determined spammer (or spambot) is to stop user activation all together except activating new users by hand.

User avatar
2046
Starship Captain
Posts: 2040
Joined: Sat Sep 02, 2006 9:14 pm
Contact:

Post by 2046 » Wed Jan 24, 2007 12:59 pm

I get hundreds of new user requests per month from spambots trying to get on my old board. Back when it was just a few and they weren't going straight to my spam folder I noticed that some are actually pretty good efforts, but most are just obvious spam-type names.

I do not envy you the trouble of dealing with them.

Here is a link to a selection of artillery you can employ, if you haven't seen it already. (Wong was once a mod there, btw, so if he still posts there you might get assistance from an unusual source. ;) )

Jedi Master Spock
Site Admin
Posts: 2164
Joined: Mon Aug 14, 2006 8:26 pm
Contact:

Post by Jedi Master Spock » Wed Jan 24, 2007 3:58 pm

I may be installing some of those soon, as the lighter-grade material hasn't been working.

Nonamer
Jedi Knight
Posts: 269
Joined: Sun Aug 20, 2006 7:05 pm
Location: Outer Space

Post by Nonamer » Mon Feb 05, 2007 3:02 am

They're still coming, but slower.

Socar
Bridge Officer
Posts: 234
Joined: Thu Aug 17, 2006 9:09 pm

Post by Socar » Mon Feb 05, 2007 3:22 am

I think JMS activated admin activation for accounts, so if there's a really suspicous looking profile, it'll just be left unactivated.

Jedi Master Spock
Site Admin
Posts: 2164
Joined: Mon Aug 14, 2006 8:26 pm
Contact:

Post by Jedi Master Spock » Mon Feb 05, 2007 5:47 am

I have not actually activated admin approval of accounts. There was a small modification to the forum's operating code on the 2nd.

That said, confirmation e-mails have always been spotty for this forum.

Nonamer
Jedi Knight
Posts: 269
Joined: Sun Aug 20, 2006 7:05 pm
Location: Outer Space

Post by Nonamer » Tue Feb 06, 2007 6:26 pm

Jedi Master Spock wrote:I have not actually activated admin approval of accounts. There was a small modification to the forum's operating code on the 2nd.

That said, confirmation e-mails have always been spotty for this forum.
I think you may have to. The spammer is still coming back.

Dragoon
Bridge Officer
Posts: 109
Joined: Sun Jan 28, 2007 9:26 am
Location: California
Contact:

Post by Dragoon » Tue Feb 06, 2007 7:21 pm

Seriously. This is getting annoying.

Jedi Master Spock
Site Admin
Posts: 2164
Joined: Mon Aug 14, 2006 8:26 pm
Contact:

Post by Jedi Master Spock » Tue Feb 06, 2007 8:06 pm

More code tweaks incoming (I just finished debugging one that prevented everybody from posting for a little bit). If you start having trouble posting, reading, logging in, editing your profile, or registering, send me details of your problems.

watchdog
Jedi Knight
Posts: 342
Joined: Sun Dec 31, 2006 12:26 am
Location: Not at home

Post by watchdog » Wed Feb 07, 2007 12:07 am

I did have a couple of problems posting earlier today, I'd hit submit and would instead get the preview.

User avatar
AnonymousRedShirtEnsign
Jedi Knight
Posts: 380
Joined: Thu Aug 17, 2006 10:05 pm
Location: Six feet under the surface of some alien world

Post by AnonymousRedShirtEnsign » Wed Feb 07, 2007 7:43 am

That happened to me too. But what was even weirder was clicking on the "post a reply" and having a blank page load. That probably had something to do with JMS fixing the other problem.

Post Reply