Increase in Bots/Spam Accounts

Message

guinness · #1 Post by **guinness** » Mon Jan 24, 2011 1:44 pm

I was just wondering why there has been an increase in the creation of Spam Accounts, when before this hasn't been the case? Is there some new backdoor in phpBB or is the Sign up process easy to automate with Program?

m^(2) · #2 Post by **m^(2)** » Tue Jan 25, 2011 4:40 am

I've noticed in on one MyBB forum that I frequently visit too.
I guess it's just one person or organization that became serious about it.

#3 Post by **webfork** » Fri Feb 04, 2011 10:02 am

The difficulty will always be a balance between making new users feel welcome on the forums while having as little spam as possible. I recommended to Andrew that we block all new users' posts from going live, but I'm sure there's many ways to approach this.

m^(2) · #4 Post by **m^(2)** » Fri Feb 04, 2011 11:00 am

I suggest passing all posts with links, created by new members through moderators. The same with signatures. It sure takes time, but at least it should be accurate.
"New" means few posts, not short time, obviously.
I've seen a bot wait for circa a year and then put spam in the sig.

carbonize · #5 Post by **carbonize** » Fri Feb 04, 2011 12:23 pm

I use a stopforumspam mod on both SMF forums I run as well as my blog and it's cut the spam sign ups a lot. There is a similar mod for PHPBB 3 at http://www.phpbb.com/community/viewtopi ... &t=1349145

Wolfghost · #6 Post by **Wolfghost** » Fri Feb 04, 2011 1:20 pm

carbonize wrote:There is a similar mod for PHPBB 3 at http://www.phpbb.com/community/viewtopi ... &t=1349145

Please Andrew try this out, we need all help we can get

#7 Post by **webfork** » Fri Feb 04, 2011 5:29 pm

Thanks to everyone who's been posting spam reports. Sometimes the spammers get by me, really helps out.

carbonize · #8 Post by **carbonize** » Sat Feb 05, 2011 2:10 am

Well unless I am mistaken aren't all the admin and moderators based in the US which means that you all keep the same hours?

SYSTEM · #9 Post by **SYSTEM** » Sat Feb 05, 2011 5:54 am

m^(2) wrote:I suggest passing all posts with links, created by new members through moderators. The same with signatures. It sure takes time, but at least it should be accurate.

I second that.

guinness · #10 Post by **guinness** » Sat Feb 05, 2011 7:37 am

Or until they have 50 posts?!

lyx · #11 Post by **lyx** » Sat Feb 05, 2011 12:12 pm

I'd propose this:

- If it isn't the case yet: captcha on registration
- If the first post contains an URL or mailaddress, then the user's account gets switched into readonly, and a moderator/admin must check the post and set the account to normal again. So, this would only trigger on the first post, and only if it contains URLs/mailaddresses.
- If a user with less than 50 posts sets a signature that contains links, then notify all moderators (so, it gets enabled, but if it contains spam, mods will soon be over the account)

guinness · #12 Post by **guinness** » Sat Feb 05, 2011 12:39 pm

- If it isn't the case yet: captcha on registration

This is the case at the moment.

Your other suggestions are good but I don't know how possible it is in phpBB3?!

lyx · #13 Post by **lyx** » Sat Feb 05, 2011 1:08 pm

Okay, so there is already recaptcha in registration, yet bot-like posts get through. That means that those that get through, are done in a way where a human does the registration (though, perhaps partially automated), and then a bot takes over and does the posts. So, the bot automates most stuff, and the human just verifies captchas over and over.

In that case, forget what i proposed before. I'd go with a simpler method, that DOES annoy newbies slightly:

- For the first 2 posts of a user, require him to do a captcha. (thus making it impossible for bots to totally automate posts)
- If one of the first 2 posts contains an URL/emailaddress, send a PM to mods.
- If the first signature that a user sets, contains links, send a PM to mods.

That should cover almost all of em, for the price of newbies getting annoyed by one captcha on each of their first 2 posts.

P.S.: Another possibility would be to switch to a more obscure captcha. Everyone and their cat uses recaptcha (which SUCK! Sorry, but recaptcha not just wants to keep machines out, but also humans). Those automated spamtools probably are coded so that they scan the website source for recaptcha, and then present the tool-user in an automated way with the captcha. It may very well be that with a more obscure captcha, you'll immediatelly get rid of the spammers, even if it's low-security DIY one (i.e. just 4 photos with animals, and then showing the user one and requiring him to say what animal this is).

carbonize · #14 Post by **carbonize** » Sat Feb 05, 2011 3:23 pm

reCaptcha is as fallible as any other captcha.

NickR · #15 Post by **NickR** » Sun Feb 06, 2011 6:32 am

Crazy theory:
Perhaps some folks abroad are given discount on their language/computer training.
If they use their eyes and language skills to register through a Captcha system.
They are 'paid' for each screen dump showing a simple forum entry e.g. 'Hi' or whatever.
The value is trivial to us but worthwhile and good practice for them.

Proof? Try for a time requiring Captcha on each login

Just a suggestion
Keep up the good work

The Portable Freeware Collection Forums

Increase in Bots/Spam Accounts

Increase in Bots/Spam Accounts

Re: Increase in Bots/Spam Accounts

Re: Increase in Bots/Spam Accounts

Re: Increase in Bots/Spam Accounts

Re: Increase in Bots/Spam Accounts

Re: Increase in Bots/Spam Accounts

Re: Increase in Bots/Spam Accounts

Re: Increase in Bots/Spam Accounts

Re: Increase in Bots/Spam Accounts

Re: Increase in Bots/Spam Accounts

Re: Increase in Bots/Spam Accounts

Re: Increase in Bots/Spam Accounts

Re: Increase in Bots/Spam Accounts

Re: Increase in Bots/Spam Accounts

Re: Increase in Bots/Spam Accounts