forum spam

has anyone else noticed it? can anything be done?

Last updated 15 years ago

Re: forum spam    

(ode$lingerhas anyone else noticed it? can anything be done?

   This is definitely a problem. Although we have mechanisms to verify users from scripts, some spammers do take the burden of creating accounts and activating the account through received emails. All these steps are also followed by normal users when first creating an account. So in essence, spammers (who take all steps to register) and legitimate users cannot be separated out.    I am open to suggestions.    --Mahesh

Can you verify that these are actual people doing the spamming?    From what I've noted, spamming is only profitable if it can be done en masse. It almost always involves automation, perhaps some pretty clever automation though. answering e-mails doesn't seem like such a tough thing for a spamming bot to do however.    Suggestions:  - I don't know. Some sort of CAPTCHA maybe.  - Active moderation that involves checking and banning such offenses.    I've seen forums with "report abuse" buttons. Can that be set up with this forum?

(ode$lingerCan you verify that these are actual people doing the spamming?    From what I've noted, spamming is only profitable if it can be done en masse. It almost always involves automation, perhaps some pretty clever automation though. answering e-mails doesn't seem like such a tough thing for a spamming bot to do however.    Suggestions:  - I don't know. Some sort of CAPTCHA maybe.  - Active moderation that involves checking and banning such offenses.    I've seen forums with "report abuse" buttons. Can that be set up with this forum?

   We have CAPTCHA for prompting user to type the given text. It may be that there are technologies to circumvent CAPTCHA too.    Whenever I see SPAM post, I delete the post and the user. If the user registered with some account that seems like it came from the spamming website, I go ahead and ban that email address.      --Mahesh

We have CAPTCHA for prompting user to type the given text. It may be that there are technologies to circumvent CAPTCHA too.

   Unfortunately you're right. There are technologies for this, but there are also other means of doing this, for example, have the applicant fill out a question like "what is two plus two?". I'm not sure if any of these methods are supported, but I'm just throwing out an idea.    Thank you for doing what you can to get rid of the spam. It's great to have a web based forum such as this for everything subversion and I for one appreciate the effort that goes into making this possible.

Another phpBB forum I'm a member of has recently implemented this mod. According to our benevolent dictator:

The results so far? In the ~13 hours since performing the mod, there've been zero spam accounts registered. Typically, there are ~10 spam accounts registered by bots every day (sometimes as many as 20-30).

andylAnother phpBB forum I'm a member of has recently implemented this mod. According to our benevolent dictator:

The results so far? In the ~13 hours since performing the mod, there've been zero spam accounts registered. Typically, there are ~10 spam accounts registered by bots every day (sometimes as many as 20-30).

   Thanks Andyl, will look into it.    --Mahesh

There's been a lot more spam once more. Has that mod been tried?    Would it help things to have a waiting period after signing up before a user can post?

(ode$lingerThere's been a lot more spam once more. Has that mod been tried?    Would it help things to have a waiting period after signing up before a user can post?

   I have put up another method of SPAM prevention, after careful study of behavioral characteristics of SPAMMERS.    The last SPAM messages you saw was by one single user who SPAMMED 15 messages. on various topics. Now this was a very determined SPAMMER and it is very difficult to separate SPAMMERS from legitimate user.    Regarding you suggestion of having a waiting period, it would discourage users from joining.    In the meantime, I am doing a careful study of the pattern of spammers.    Thanks,  Mahesh

My PM inbox has two spam messages in it from mrsmargaretallen.

jeremypMy PM inbox has two spam messages in it from mrsmargaretallen.

I got one myself overnight.

andyl

jeremypMy PM inbox has two spam messages in it from mrsmargaretallen.

I got one myself overnight.

   I have deleted that user.    --Mahesh

PM spam    I got PM spam from user shohobanvarsd. First time I've ever gotten web forum PM spam.

Re: PM spam    

khym_chanurI got PM spam from user shohobanvarsd. First time I've ever gotten web forum PM spam.

   I have deleted the user.    --Mahesh

You are using the standard phpbb captcha for registering. This one has been cracked a while ago, so bots can read the captcha. Also, the mail registration does not stop bots, they have means to "click the link" in the mail. You may think those are human spammers, but most likely they are not.    I had the same problem in my phpbb, but I made a few changes. First of all I installed a better captcha (try this one : )  http://www.phpbb.com/community/viewtopic.php?f=15&t=495004    Second, I used a sort of honeypot method. I renamed the field where people have to enter the captcha, and put a hidden field next to it with the name that the captcha field used to have.  So bots will send the "standard"captcha field to login, and if that one is filled out, I will block them. Real users will fill in the field they see.    Since half a year or so, I did not have a single spam post (used to be around 5 a day).    If you are interested, pm me and I can send you instructions on how to use it.

DestinyYou are using the standard phpbb captcha for registering. This one has been cracked a while ago, so bots can read the captcha. Also, the mail registration does not stop bots, they have means to "click the link" in the mail. You may think those are human spammers, but most likely they are not.    I had the same problem in my phpbb, but I made a few changes. First of all I installed a better captcha (try this one : )  http://www.phpbb.com/community/viewtopic.php?f=15&t=495004    Second, I used a sort of honeypot method. I renamed the field where people have to enter the captcha, and put a hidden field next to it with the name that the captcha field used to have.  So bots will send the "standard"captcha field to login, and if that one is filled out, I will block them. Real users will fill in the field they see.    Since half a year or so, I did not have a single spam post (used to be around 5 a day).    If you are interested, pm me and I can send you instructions on how to use it.

   Thanks Destiny. I really needed that input. I'll follow your instructions and contact you if I face any problems.    --Mahesh

DestinyYou are using the standard phpbb captcha for registering. This one has been cracked a while ago, so bots can read the captcha. Also, the mail registration does not stop bots, they have means to "click the link" in the mail. You may think those are human spammers, but most likely they are not.    I had the same problem in my phpbb, but I made a few changes. First of all I installed a better captcha (try this one : )  http://www.phpbb.com/community/viewtopic.php?f=15&t=495004    Second, I used a sort of honeypot method. I renamed the field where people have to enter the captcha, and put a hidden field next to it with the name that the captcha field used to have.  So bots will send the "standard"captcha field to login, and if that one is filled out, I will block them. Real users will fill in the field they see.    Since half a year or so, I did not have a single spam post (used to be around 5 a day).    If you are interested, pm me and I can send you instructions on how to use it.

   I have installed the new CAPTCHA, I'm sure it will help.    --Mahesh

great, hope it stops the evil spambots :)