Author |
Message |
Cerium Server Help Squatter
Age:41 Gender: Joined: Mar 05 2005 Posts: 807 Location: I will stab you. Offline
|
Posted: Mon Jun 05, 2006 8:25 pm Post maybe stupid Post subject: MGB vs Spambots |
|
|
|
|
What method(s) do you use to go about fighting the plethora of spambots which assault forums setup like this?
Every day I find myself having to delete 1-2 fake usernames who register just to have a link posted in their 'homepage' field. If that wasnt enough, periodically I have one of them post under a guest to spam a couple hundred links.
I dont see that happening here very often, yet we have the same (basic) setup. What have you changed in your version that makes it relatively secure from spam? _________________ There are 7 user(s) ignoring me right now. |
|
Back to top |
|
|
CypherJF I gargle nitroglycerin
Gender: Joined: Aug 14 2003 Posts: 2582 Location: USA Offline
|
Posted: Mon Jun 05, 2006 9:39 pm Post maybe stupid Post subject: |
|
|
|
|
omega fire forums have the same issue; i have a phpBB hack that lets me mass-edit/delete users on a whim. _________________ Performance is often the art of cheating carefully. - James Gosling |
|
Back to top |
|
|
Smong Server Help Squatter
Joined: 1043048991 Posts: 0x91E Offline
|
Posted: Tue Jun 06, 2006 6:20 am Post maybe stupid Post subject: |
|
|
|
|
I think you can check the useragent to see if it's blank and also rename form variables so bots can't use forms such as register or post. |
|
Back to top |
|
|
CypherJF I gargle nitroglycerin
Gender: Joined: Aug 14 2003 Posts: 2582 Location: USA Offline
|
Posted: Tue Jun 06, 2006 7:19 am Post maybe stupid Post subject: |
|
|
|
|
maybe i didn't implement it correctly; I added a checkbox that they need/should have to click in order to create an account and there should also be a captcha box. :shrug: |
|
Back to top |
|
|
SpecShip* Guest
Offline
|
Posted: Tue Jun 06, 2006 9:06 am Post maybe stupid Post subject: |
|
|
|
|
CypherJF wrote: | omega fire forums have the same issue; i have a phpBB hack that lets me mass-edit/delete users on a whim. |
You do realise you can just use the prune feature, right?
Anyway, enable all sorts of registration security measures, disable guest posting or install modules like this one has to verify the guest poster will have interaction with the forum that'll prove it's at least a human and will prevent bots from shitting around.
|
|
Back to top |
|
|
CypherJF I gargle nitroglycerin
Gender: Joined: Aug 14 2003 Posts: 2582 Location: USA Offline
|
Posted: Tue Jun 06, 2006 6:42 pm Post maybe stupid Post subject: |
|
|
|
|
pruning doesnt affect user accounts, does it? |
|
Back to top |
|
|
SpecShip* Guest
Offline
|
Posted: Wed Jun 07, 2006 4:07 am Post maybe stupid Post subject: |
|
|
|
|
If by affect you mean ban, then no.
If by affect you mean del all posts, then yes. |
|
Back to top |
|
|
CypherJF I gargle nitroglycerin
Gender: Joined: Aug 14 2003 Posts: 2582 Location: USA Offline
|
Posted: Wed Jun 07, 2006 7:00 am Post maybe stupid Post subject: |
|
|
|
|
I don't want to delete posts; I just want to delete known account's that are spammers. I knew about the pruning of topics etc etc but regarding user del/ban etc options phpBB doesnt have a quick way of doing it so using that bulk edit-user hack is pretty nice. |
|
Back to top |
|
|
Animate Dreams Gotta buy them all! (Consumer whore)
Age:36 Gender: Joined: May 01 2004 Posts: 821 Location: Middle Tennessee Offline
|
Posted: Sat Jun 10, 2006 11:07 pm Post maybe stupid Post subject: |
|
|
|
|
Maybe, people just aren't interested in MGB forums. I mean, they aren't very big, so advertising won't get a lot done, and some of the people here can not only forum ban you, but take your IP and ban you from SS(It makes sense that they could, anyway), and no one that's not an SS player is going to hear of these forums anyway. Or such is my theory. |
|
Back to top |
|
|
Mine GO BOOM Hunch Hunch What What
Age:40 Gender: Joined: Aug 01 2002 Posts: 3614 Location: Las Vegas Offline
|
Posted: Sat Jun 10, 2006 11:19 pm Post maybe stupid Post subject: |
|
|
|
|
He is talking about bots that go around and auto-post in every phpbb forum or every wiki. My best fix, as even renaming posting.php to makemessage.php didn't stop everything, was the little useless checkbox. Its there whenever you attempt to post as a guest user or sign up for the ASSS Wiki. The only code for it is the error checking if it wasn't checked. So far, not a single bot has gotten by that.
Since I have guest posting enabled, no bots even attempt to register here. Another not-so-successful anti-spam feature I tried was checking the referral. Almost every single spam bot or human attempting to mass spam has the referral being the exact page they are loading. Well, makemessage.php has no link to itself, so technically, you can never visit that page and have the referral being that page with a GET (POST doesn't count). But, problems occurred because for some stupid reason, some people's browsers here do exactly that. If you look at the source on makemessage.php, you'll still notice my testing for referrals. With every post it stores the originally referral for that message, which was how I was able to determine which idiot users caused problems.
It is still enabled and on every person's post, I still have a small light-orange colored text with the person's referral. It doesn't actually do me any good, but too lazy to remove it and its interesting seeing how many people actually browse with their referrals blocked all the time. Oh no! The secret haxors will catch me because I'm sending referrals!! |
|
Back to top |
|
|
Cerium Server Help Squatter
Age:41 Gender: Joined: Mar 05 2005 Posts: 807 Location: I will stab you. Offline
|
Posted: Sun Jun 11, 2006 1:07 am Post maybe stupid Post subject: |
|
|
|
|
Unless the permissions on this server allow me to navigate out of my root, I dont believe I will be viewing the source for your modified makemessage.php.
The biggest problem I was having was with the bots generating fake users. This kinda slowed down now that I enabled the captcha 'verification', but some still get by. Ive rarely had to deal with the bots using the guest posting, so deleting them hasnt started to bother me yet, but if it does Ill definately implement the checkbox idea. |
|
Back to top |
|
|
Mine GO BOOM Hunch Hunch What What
Age:40 Gender: Joined: Aug 01 2002 Posts: 3614 Location: Las Vegas Offline
|
Posted: Sun Jun 11, 2006 2:22 am Post maybe stupid Post subject: |
|
|
|
|
Cerium wrote: | Unless the permissions on this server allow me to navigate out of my root, I dont believe I will be viewing the source for your modified makemessage.php. |
View source of the HTML. Until you post a message, there is no real good way to store the original referral, so I just tack it on as a hidden input.
Captcha is easily defeated by porn. How? Those that run bots have ways to defeat captcha. As sessions last a while, they just tack it onto their free porn site, where the user has to enter it in. Given how often people browse porn sites, there is always someone there to enter it in. So, they find the captcha, rehost it on their site, someone enters it in for them, the bot then forwards the text and registers.
That, or just get a good programmer. PWNtcha is very private, but works great. Give it a shot, download a captcha picture from your registration and submit it there. They say it is 97% for phpbb. |
|
Back to top |
|
|
Muskrat Server Help Squatter
Age:37 Joined: Aug 24 2004 Posts: 829 Location: Swamp Offline
|
Posted: Sun Jun 11, 2006 3:15 am Post maybe stupid Post subject: |
|
|
|
|
Wow, porn people are pretty keen. |
|
Back to top |
|
|
SpecShip Complete twat
Gender: Joined: Dec 17 2005 Posts: 514 Location: 8025 - Spec Freq Offline
|
Posted: Sun Jun 11, 2006 3:57 am Post maybe stupid Post subject: |
|
|
|
|
Mine GO BOOM wrote: | Oh no! The secret haxors will catch me because I'm sending referrals!! |
Being a security nutcase, I've crippled my browser to half disable everything and half authorize through me everything.
I can't be blamed if my referrals are blocked...though they probably aren't. _________________ Replacing yazour untill the whore returns.
"I could run a ss server on my car stereo!" -Xalimar
"Liberta tuit ma ex infernis" -Event Horizon
"I know too much about nothing." - Mine GO BOOM
"Hmm anyway, back to my kingdom hearts." - Chambahs |
|
Back to top |
|
|
Cerium Server Help Squatter
Age:41 Gender: Joined: Mar 05 2005 Posts: 807 Location: I will stab you. Offline
|
Posted: Sun Jun 11, 2006 4:54 am Post maybe stupid Post subject: |
|
|
|
|
Muskrat wrote: | Wow, porn people are pretty keen. |
Wow indeed. I just figured someone wrote an algo that was good enough to decypher the image with reasonable accuracy, but this is probably easier and just as effective... |
|
Back to top |
|
|
D1st0rt Miss Directed Wannabe
Age:36 Gender: Joined: Aug 31 2003 Posts: 2247 Location: Blacksburg, VA Offline
|
Posted: Mon Jun 12, 2006 2:44 pm Post maybe stupid Post subject: |
|
|
|
|
You could try something like hashcash that makes them calculate something before they can get to anything. Might slow them down, at any rate _________________
|
|
Back to top |
|
|
Doc Flabby Server Help Squatter
Joined: Feb 26 2006 Posts: 636 Offline
|
|
Back to top |
|
|
Cyan~Fire I'll count you!
Age:36 Gender: Joined: Jul 14 2003 Posts: 4608 Location: A Dream Offline
|
Posted: Mon Jun 12, 2006 4:40 pm Post maybe stupid Post subject: |
|
|
|
|
Uhh even I can't read some of those. Are the flashing letters part of the code or not? _________________ This help is informational only. No representation is made or warranty given as to its content. User assumes all risk of use. Cyan~Fire assumes no responsibility for any loss or delay resulting from such use.
Wise men STILL seek Him. |
|
Back to top |
|
|
Smong Server Help Squatter
Joined: 1043048991 Posts: 0x91E Offline
|
Posted: Mon Jun 12, 2006 4:47 pm Post maybe stupid Post subject: |
|
|
|
|
Depends on how it is configured I think. In some certain characters are only visible at certain times, the interesting ones animate slower. |
|
Back to top |
|
|
Maurauth Newbie
Joined: Jun 22 2006 Posts: 9 Offline
|
Posted: Thu Jun 22, 2006 7:43 am Post maybe stupid Post subject: |
|
|
|
|
You're so boring you might as well be a bot, arolas. |
|
Back to top |
|
|
SpecShip Complete twat
Gender: Joined: Dec 17 2005 Posts: 514 Location: 8025 - Spec Freq Offline
|
Posted: Thu Jun 22, 2006 10:21 am Post maybe stupid Post subject: |
|
|
|
|
His name is...arolas? |
|
Back to top |
|
|
Purge Episode I > Eposide III Jar-Jar is kool
Age:34 Gender: Joined: Sep 08 2004 Posts: 2018 Offline
|
Posted: Thu Jun 22, 2006 11:36 am Post maybe stupid Post subject: |
|
|
|
|
SpecShip wrote: | His name is...arolas? |
That was his first SS alias, I believe. |
|
Back to top |
|
|
Maverick
Age:39 Gender: Joined: Feb 26 2005 Posts: 1521 Location: The Netherlands Offline
|
Posted: Thu Jun 22, 2006 11:42 am Post maybe stupid Post subject: |
|
|
|
|
D1st0rt wrote: | You could try something like hashcash that makes them calculate something before they can get to anything. Might slow them down, at any rate |
How about a picture with a (very) simple (text-only) question on it? Bots can't ever beat it but it can still be solved by porn viewers.
I'd say such a thing is the best solution (since the question can't be answered by bots) but you need a big database of very simple questions. Heh someone should make a site for it with a huge database for everyone to use _________________
|
|
Back to top |
|
|
Solo Ace Yeah, I'm in touch with reality...we correspond from time to time.
Age:36 Gender: Joined: Feb 06 2004 Posts: 2583 Location: The Netherlands Offline
|
Posted: Thu Jun 22, 2006 1:25 pm Post maybe stupid Post subject: |
|
|
|
|
How about a question only Continuum people can answer, that's not hard to do and you don't need lots of questions. I don't think people who spam forums even bother to find out.
In Continuum, what's the ship's name for ESC+{[1-8]}1?
With the default key mappings, what function does 'Delete' have?
I don't know, that last one was stupid, but you get the point.
I think my proxy used to be hiding referrals, but that's a long time ago.
And.. uh gotta go. |
|
Back to top |
|
|
SpecShip Complete twat
Gender: Joined: Dec 17 2005 Posts: 514 Location: 8025 - Spec Freq Offline
|
Posted: Thu Jun 22, 2006 1:51 pm Post maybe stupid Post subject: |
|
|
|
|
In SubSpace, what's the title of someone who calls the game Continuum? |
|
Back to top |
|
|
|