Increase in Bots/Spam Accounts
Increase in Bots/Spam Accounts
I was just wondering why there has been an increase in the creation of Spam Accounts, when before this hasn't been the case? Is there some new backdoor in phpBB or is the Sign up process easy to automate with Program?
Re: Increase in Bots/Spam Accounts
I've noticed in on one MyBB forum that I frequently visit too.
I guess it's just one person or organization that became serious about it.
I guess it's just one person or organization that became serious about it.
Re: Increase in Bots/Spam Accounts
The difficulty will always be a balance between making new users feel welcome on the forums while having as little spam as possible. I recommended to Andrew that we block all new users' posts from going live, but I'm sure there's many ways to approach this.
Re: Increase in Bots/Spam Accounts
I suggest passing all posts with links, created by new members through moderators. The same with signatures. It sure takes time, but at least it should be accurate.
"New" means few posts, not short time, obviously.
I've seen a bot wait for circa a year and then put spam in the sig.
"New" means few posts, not short time, obviously.
I've seen a bot wait for circa a year and then put spam in the sig.
Re: Increase in Bots/Spam Accounts
I use a stopforumspam mod on both SMF forums I run as well as my blog and it's cut the spam sign ups a lot. There is a similar mod for PHPBB 3 at http://www.phpbb.com/community/viewtopi ... &t=1349145
Re: Increase in Bots/Spam Accounts
Please Andrew try this out, we need all help we can getcarbonize wrote:There is a similar mod for PHPBB 3 at http://www.phpbb.com/community/viewtopi ... &t=1349145
Re: Increase in Bots/Spam Accounts
Thanks to everyone who's been posting spam reports. Sometimes the spammers get by me, really helps out.
Re: Increase in Bots/Spam Accounts
Well unless I am mistaken aren't all the admin and moderators based in the US which means that you all keep the same hours?
Re: Increase in Bots/Spam Accounts
I second that.m^(2) wrote:I suggest passing all posts with links, created by new members through moderators. The same with signatures. It sure takes time, but at least it should be accurate.
My YouTube channel | Release date of my 13th playlist: August 24, 2020
Re: Increase in Bots/Spam Accounts
Or until they have 50 posts?!
Re: Increase in Bots/Spam Accounts
I'd propose this:
- If it isn't the case yet: captcha on registration
- If the first post contains an URL or mailaddress, then the user's account gets switched into readonly, and a moderator/admin must check the post and set the account to normal again. So, this would only trigger on the first post, and only if it contains URLs/mailaddresses.
- If a user with less than 50 posts sets a signature that contains links, then notify all moderators (so, it gets enabled, but if it contains spam, mods will soon be over the account)
- If it isn't the case yet: captcha on registration
- If the first post contains an URL or mailaddress, then the user's account gets switched into readonly, and a moderator/admin must check the post and set the account to normal again. So, this would only trigger on the first post, and only if it contains URLs/mailaddresses.
- If a user with less than 50 posts sets a signature that contains links, then notify all moderators (so, it gets enabled, but if it contains spam, mods will soon be over the account)
Re: Increase in Bots/Spam Accounts
This is the case at the moment.- If it isn't the case yet: captcha on registration
Your other suggestions are good but I don't know how possible it is in phpBB3?!
Re: Increase in Bots/Spam Accounts
Okay, so there is already recaptcha in registration, yet bot-like posts get through. That means that those that get through, are done in a way where a human does the registration (though, perhaps partially automated), and then a bot takes over and does the posts. So, the bot automates most stuff, and the human just verifies captchas over and over.
In that case, forget what i proposed before. I'd go with a simpler method, that DOES annoy newbies slightly:
- For the first 2 posts of a user, require him to do a captcha. (thus making it impossible for bots to totally automate posts)
- If one of the first 2 posts contains an URL/emailaddress, send a PM to mods.
- If the first signature that a user sets, contains links, send a PM to mods.
That should cover almost all of em, for the price of newbies getting annoyed by one captcha on each of their first 2 posts.
P.S.: Another possibility would be to switch to a more obscure captcha. Everyone and their cat uses recaptcha (which SUCK! Sorry, but recaptcha not just wants to keep machines out, but also humans). Those automated spamtools probably are coded so that they scan the website source for recaptcha, and then present the tool-user in an automated way with the captcha. It may very well be that with a more obscure captcha, you'll immediatelly get rid of the spammers, even if it's low-security DIY one (i.e. just 4 photos with animals, and then showing the user one and requiring him to say what animal this is).
In that case, forget what i proposed before. I'd go with a simpler method, that DOES annoy newbies slightly:
- For the first 2 posts of a user, require him to do a captcha. (thus making it impossible for bots to totally automate posts)
- If one of the first 2 posts contains an URL/emailaddress, send a PM to mods.
- If the first signature that a user sets, contains links, send a PM to mods.
That should cover almost all of em, for the price of newbies getting annoyed by one captcha on each of their first 2 posts.
P.S.: Another possibility would be to switch to a more obscure captcha. Everyone and their cat uses recaptcha (which SUCK! Sorry, but recaptcha not just wants to keep machines out, but also humans). Those automated spamtools probably are coded so that they scan the website source for recaptcha, and then present the tool-user in an automated way with the captcha. It may very well be that with a more obscure captcha, you'll immediatelly get rid of the spammers, even if it's low-security DIY one (i.e. just 4 photos with animals, and then showing the user one and requiring him to say what animal this is).
Re: Increase in Bots/Spam Accounts
reCaptcha is as fallible as any other captcha.
Re: Increase in Bots/Spam Accounts
Crazy theory:
Perhaps some folks abroad are given discount on their language/computer training.
If they use their eyes and language skills to register through a Captcha system.
They are 'paid' for each screen dump showing a simple forum entry e.g. 'Hi' or whatever.
The value is trivial to us but worthwhile and good practice for them.
Proof? Try for a time requiring Captcha on each login
Just a suggestion
Keep up the good work
Perhaps some folks abroad are given discount on their language/computer training.
If they use their eyes and language skills to register through a Captcha system.
They are 'paid' for each screen dump showing a simple forum entry e.g. 'Hi' or whatever.
The value is trivial to us but worthwhile and good practice for them.
Proof? Try for a time requiring Captcha on each login
Just a suggestion
Keep up the good work