Forum Administration - Spam Bot Woes
Posted 19 November 2006 - 07:58 PM
... for all the guild forum admins out there, what forum software do you use? If it's phpBB, have you been getting a flood spam bots lately, all with the naming pattern <first initial>_<surname> or <firstname>_<surname>?
Their country is always USA, and their e-mail is always from some odd domain like rumail.com.
Their website is ALWAYS some sort of stupid viagra or the like selling phony little page, like for instance:
Don't click that! - I have no idea where it goes, but I take no responsibility if you get totally destroyed by malware lurking on that page.
I have the "humanizer" check going with "please enter the digits/letters from this randomly generated gif", but it doesn't seem to deter them. We get a decent number of applicants so I'm definitely against moving to "administrator must personally authorize each account", at least for now. Right now, I just run through every 2 weeks and clean out the 20-30 bots that have registered.
I've been banning each of their strange e-mail domains one at a time, but there are always more popping up it seems.
Any suggestions out there or anyone having similar problems?
Posted 19 November 2006 - 08:01 PM
Try banning the IP range of the posters if you can (that is what the mods here do sometimes).
Posted 19 November 2006 - 08:07 PM
Posted 19 November 2006 - 08:26 PM
Nite_Moogle had to change the site to punbb, which seems to have fixed the bot problem. I recall him saying it was extremely annoying and despite using several plugins for phpbb, they still came. He fixed it so they couldn't post, but they could still register and still had those website links on their profiles. He even had the humanity register like you mentioned, but they still registered. You would have to ask someone else about other possible solutions as I know next to nothing about running a website. Good luck on finding a solution.
Posted 19 November 2006 - 09:16 PM
All about sosowowoh
Joined: 16 Nov 2006
Total posts: 0
[0.00% of total / 0.00 posts per day]
Find all posts by sosowowoh
here is some awareness. If you dont like it then dont read it. It doesnt effecct you so why care,...right? RIGHT?
Posted 19 November 2006 - 11:15 PM
I then modified the registration page, with BIG BOLD RED LETTERS (really frickin huge. Almost annoyingly large), notifying actual real people really registering to skip the personal info till after the activation of the user.
Doing that simple check made me not have a spambot registration in a few months. Dunno how long it'll hold though. If they start finding that behavior, and creating a bot to counterract that, there are other checks in place I can utilize.
(note: I am not a programmer, but I can understand scripting. Practically anyone who can read and compare file data should be able to implement a fix on phpbb's stuff.)
Posted 20 November 2006 - 11:17 AM
2) Get a forum registration software that requires picture verification.
Fingering a girl while she argues with her husband-to-be is perhaps my new low point morally in my horribly debauched life
Posted 20 November 2006 - 12:39 PM
Posted 20 November 2006 - 02:09 PM
If you've got access to your weblogs, and are recording the IP's on registration, matching that info up probably wouldn't hurt. The first thing you want to do is prevent the mechanism they are using right now. Otherwise you're blindly going to just be changing stuff not knowing whether you're actually addressing the problem.
If you havn't bothered to update your version of phpbb since doing your initial install and want a scare, I suggest going to wikipedia, looking up "SQL injection", then googling for your version of phpbb. Most of their patches are for SQL injections ;)
Posted 20 November 2006 - 04:12 PM
Though I have yet to fix the news.
Eh, my nostalgia goggles aren't as good as they used to be.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users