Starfleet Jedi

Somebody is constantly reregistering and spamming this board. An IP ban may be necessary.

I am aware of this and am looking into effective permanent solutions. It appears we have a very human enemy interested in mimicking commercial spambots to harass the board.

Actually, this is quite common for phpBB boards (trust me, I used to run one), and it's not a "human enemy". There are spam bots which are programmed to find live active phpBB boards, that are capable to bypassing the confirmation code, register, and then post in random forums. This happened multiple times a day, every day, for many months at a time at many boards I know. The solution is actually quite simple: turn on the user activation email thing (the thing that, when a user registers an account, will send an email to them asking them to activate their account so that they can post). If you do this, 99% of the spam bots will be unable to post. This is really the only way to fix this. The spam bots themselves have random rotating IP addresses, rotating email address domains, etc, and you can't really block them or stop them from coming or registering at the board, but they aren't able to check email and activate their own account, so they will be unable to post at the board if you turn it on.

Socar wrote:Actually, this is quite common for phpBB boards (trust me, I used to run one), and it's not a "human enemy". There are spam bots which are programmed to find live active phpBB boards, that are capable to bypassing the confirmation code, register, and then post in random forums. This happened multiple times a day, every day, for many months at a time at many boards I know. The solution is actually quite simple: turn on the user activation email thing (the thing that, when a user registers an account, will send an email to them asking them to activate their account so that they can post).

We do have user activation e-mails set to on. The visual confirmation code is a relatively easy thing to bypass.

I double checked that after this latest batch.

I used the phrase "human enemy" based entirely on reasons that don't have a thing to do with phpBB registration security - although, as you mentioned, e-mail confirmation usually prevents most spambots.

This whole thing is not, at this point in time, anything to worry about, even if we do have some mysterious (or not-so-mysterious) "enemy" out to irritate us by posting spam on this board.

The only real way to stop a determined spammer (or spambot) is to stop user activation all together except activating new users by hand.

I get hundreds of new user requests per month from spambots trying to get on my old board. Back when it was just a few and they weren't going straight to my spam folder I noticed that some are actually pretty good efforts, but most are just obvious spam-type names.

I do not envy you the trouble of dealing with them.

Here is a link to a selection of artillery you can employ, if you haven't seen it already. (Wong was once a mod there, btw, so if he still posts there you might get assistance from an unusual source. ;) )

I may be installing some of those soon, as the lighter-grade material hasn't been working.

They're still coming, but slower.

I think JMS activated admin activation for accounts, so if there's a really suspicous looking profile, it'll just be left unactivated.

I have not actually activated admin approval of accounts. There was a small modification to the forum's operating code on the 2nd.

That said, confirmation e-mails have always been spotty for this forum.

Jedi Master Spock wrote:I have not actually activated admin approval of accounts. There was a small modification to the forum's operating code on the 2nd.

That said, confirmation e-mails have always been spotty for this forum.

I think you may have to. The spammer is still coming back.

Seriously. This is getting annoying.

More code tweaks incoming (I just finished debugging one that prevented everybody from posting for a little bit). If you start having trouble posting, reading, logging in, editing your profile, or registering, send me details of your problems.

I did have a couple of problems posting earlier today, I'd hit submit and would instead get the preview.

That happened to me too. But what was even weirder was clicking on the "post a reply" and having a blank page load. That probably had something to do with JMS fixing the other problem.