Increase in Bots/Spam Accounts

All suggestions about TPFC should be posted here. Discussions about changes to TPFC will also be carried out here.
Message
Author
User avatar
guinness
Posts: 4118
Joined: Mon Aug 27, 2007 2:00 am
Contact:

Increase in Bots/Spam Accounts

#1 Post by guinness » Mon Jan 24, 2011 1:44 pm

I was just wondering why there has been an increase in the creation of Spam Accounts, when before this hasn't been the case? Is there some new backdoor in phpBB or is the Sign up process easy to automate with Program?
Added 179 Applications: Portable

User avatar
m^(2)
Posts: 890
Joined: Sat Mar 31, 2007 2:38 am
Location: Kce,PL
Contact:

Re: Increase in Bots/Spam Accounts

#2 Post by m^(2) » Tue Jan 25, 2011 4:40 am

I've noticed in on one MyBB forum that I frequently visit too.
I guess it's just one person or organization that became serious about it.

User avatar
webfork
Posts: 9782
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: Increase in Bots/Spam Accounts

#3 Post by webfork » Fri Feb 04, 2011 10:02 am

The difficulty will always be a balance between making new users feel welcome on the forums while having as little spam as possible. I recommended to Andrew that we block all new users' posts from going live, but I'm sure there's many ways to approach this.

User avatar
m^(2)
Posts: 890
Joined: Sat Mar 31, 2007 2:38 am
Location: Kce,PL
Contact:

Re: Increase in Bots/Spam Accounts

#4 Post by m^(2) » Fri Feb 04, 2011 11:00 am

I suggest passing all posts with links, created by new members through moderators. The same with signatures. It sure takes time, but at least it should be accurate.
"New" means few posts, not short time, obviously.
I've seen a bot wait for circa a year and then put spam in the sig.

carbonize
Posts: 363
Joined: Wed Jan 09, 2008 1:16 am
Location: Bristol, UK
Contact:

Re: Increase in Bots/Spam Accounts

#5 Post by carbonize » Fri Feb 04, 2011 12:23 pm

I use a stopforumspam mod on both SMF forums I run as well as my blog and it's cut the spam sign ups a lot. There is a similar mod for PHPBB 3 at http://www.phpbb.com/community/viewtopi ... &t=1349145

User avatar
Wolfghost
Posts: 253
Joined: Fri Jul 02, 2010 6:14 am
Location: Norway

Re: Increase in Bots/Spam Accounts

#6 Post by Wolfghost » Fri Feb 04, 2011 1:20 pm

carbonize wrote:There is a similar mod for PHPBB 3 at http://www.phpbb.com/community/viewtopi ... &t=1349145
Please Andrew try this out, we need all help we can get :wink:

User avatar
webfork
Posts: 9782
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: Increase in Bots/Spam Accounts

#7 Post by webfork » Fri Feb 04, 2011 5:29 pm

Thanks to everyone who's been posting spam reports. Sometimes the spammers get by me, really helps out.

carbonize
Posts: 363
Joined: Wed Jan 09, 2008 1:16 am
Location: Bristol, UK
Contact:

Re: Increase in Bots/Spam Accounts

#8 Post by carbonize » Sat Feb 05, 2011 2:10 am

Well unless I am mistaken aren't all the admin and moderators based in the US which means that you all keep the same hours?

User avatar
SYSTEM
Posts: 1968
Joined: Sat Jul 31, 2010 1:19 am
Location: Helsinki, Finland

Re: Increase in Bots/Spam Accounts

#9 Post by SYSTEM » Sat Feb 05, 2011 5:54 am

m^(2) wrote:I suggest passing all posts with links, created by new members through moderators. The same with signatures. It sure takes time, but at least it should be accurate.
I second that.
My YouTube channel | Release date of my 13th playlist: August 24, 2020

User avatar
guinness
Posts: 4118
Joined: Mon Aug 27, 2007 2:00 am
Contact:

Re: Increase in Bots/Spam Accounts

#10 Post by guinness » Sat Feb 05, 2011 7:37 am

Or until they have 50 posts?!
Added 179 Applications: Portable

lyx
Posts: 84
Joined: Mon Feb 15, 2010 1:23 am

Re: Increase in Bots/Spam Accounts

#11 Post by lyx » Sat Feb 05, 2011 12:12 pm

I'd propose this:

- If it isn't the case yet: captcha on registration
- If the first post contains an URL or mailaddress, then the user's account gets switched into readonly, and a moderator/admin must check the post and set the account to normal again. So, this would only trigger on the first post, and only if it contains URLs/mailaddresses.
- If a user with less than 50 posts sets a signature that contains links, then notify all moderators (so, it gets enabled, but if it contains spam, mods will soon be over the account)

User avatar
guinness
Posts: 4118
Joined: Mon Aug 27, 2007 2:00 am
Contact:

Re: Increase in Bots/Spam Accounts

#12 Post by guinness » Sat Feb 05, 2011 12:39 pm

- If it isn't the case yet: captcha on registration
This is the case at the moment.

Your other suggestions are good but I don't know how possible it is in phpBB3?!
Added 179 Applications: Portable

lyx
Posts: 84
Joined: Mon Feb 15, 2010 1:23 am

Re: Increase in Bots/Spam Accounts

#13 Post by lyx » Sat Feb 05, 2011 1:08 pm

Okay, so there is already recaptcha in registration, yet bot-like posts get through. That means that those that get through, are done in a way where a human does the registration (though, perhaps partially automated), and then a bot takes over and does the posts. So, the bot automates most stuff, and the human just verifies captchas over and over.

In that case, forget what i proposed before. I'd go with a simpler method, that DOES annoy newbies slightly:

- For the first 2 posts of a user, require him to do a captcha. (thus making it impossible for bots to totally automate posts)
- If one of the first 2 posts contains an URL/emailaddress, send a PM to mods.
- If the first signature that a user sets, contains links, send a PM to mods.

That should cover almost all of em, for the price of newbies getting annoyed by one captcha on each of their first 2 posts.

P.S.: Another possibility would be to switch to a more obscure captcha. Everyone and their cat uses recaptcha (which SUCK! Sorry, but recaptcha not just wants to keep machines out, but also humans). Those automated spamtools probably are coded so that they scan the website source for recaptcha, and then present the tool-user in an automated way with the captcha. It may very well be that with a more obscure captcha, you'll immediatelly get rid of the spammers, even if it's low-security DIY one (i.e. just 4 photos with animals, and then showing the user one and requiring him to say what animal this is).

carbonize
Posts: 363
Joined: Wed Jan 09, 2008 1:16 am
Location: Bristol, UK
Contact:

Re: Increase in Bots/Spam Accounts

#14 Post by carbonize » Sat Feb 05, 2011 3:23 pm

reCaptcha is as fallible as any other captcha.

NickR
Posts: 105
Joined: Thu Aug 26, 2010 6:37 am

Re: Increase in Bots/Spam Accounts

#15 Post by NickR » Sun Feb 06, 2011 6:32 am

Crazy theory:
Perhaps some folks abroad are given discount on their language/computer training.
If they use their eyes and language skills to register through a Captcha system.
They are 'paid' for each screen dump showing a simple forum entry e.g. 'Hi' or whatever.
The value is trivial to us but worthwhile and good practice for them.

Proof? Try for a time requiring Captcha on each login

Just a suggestion
Keep up the good work

Post Reply