Hello, we apologize but forum registrations are non-functional at this time. This issue should be fixed around mid-December. Until then, please stop by our Discord channel if you'd like to get in touch with the team. Thanks!

Forum spammers are back

Here you may share your feedback on any of the online services we provide, or report technical issues that you may have encountered.

Moderator: Staff

User avatar
Drakkoon
Developer
Posts: 173
Joined: Wed Jan 10, 2007 5:54 pm
Location: Montréal, Qc

Re: Forum spammers are back

Post by Drakkoon » Wed Feb 25, 2009 2:57 pm

You could always apply this small patch which should reduce the number of bot registration too. (Assuming the bots capture the confirm input field using its DOM name or id)
This will randomize the name and id of the input field for each person that tries to register, so a bot would have to be customized for this particular forum if it does infact grab the input field by it's DOM name or id. It won't stop indian spammers, but it could reduce the number of reviewing to do.


Here's the patch for phpBB 3.0.4 in diff format:

Code: Select all

diff phpBB-3.0.4/phpBB3/includes/ucp/ucp_register.php
102c102
< 					'confirm_code'		=> request_var('confirm_code', ''),
---
> 					'confirm_code'		=> request_var('CC_' + md5($user->session_id), ''),
170c170
< 			'confirm_code'		=> request_var('confirm_code', ''),
---
> 			'confirm_code'		=> request_var('CC_' + md5($user->session_id), ''),
527a528
> 			'HARD_CONFIRM_CODE' => 'CC_' + md5($user->session_id),


diff phpBB-3.0.4/phpBB3/styles/prosilver/template/ucp_register.html
87c87
< 		<dt><label for="confirm_code">{L_CONFIRM_CODE}:</label></dt>
---
> 		<dt><label for="{HARD_CONFIRM_CODE}">{L_CONFIRM_CODE}:</label></dt>
89c89
< 		<dd><input type="text" name="confirm_code" id="confirm_code" size="8" maxlength="8" class="inputbox narrow" title="{L_CONFIRM_CODE}" /></dd>
---
> 		<dd><input type="text" name="{HARD_CONFIRM_CODE}" id="{HARD_CONFIRM_CODE}" size="8" maxlength="8" class="inputbox narrow" title="{L_CONFIRM_CODE}" /></dd>
It's pretty simple to apply there's only 1 added line, the rest is all line changes. (Just in case it's not clear: 527a528 means at line 527 add line 528 containing .... )
User avatar
Roots
Dictator
Posts: 8669
Joined: Wed Jun 16, 2004 12:07 pm
Location: Austin TX
Contact:

Re: Forum spammers are back

Post by Roots » Fri Feb 27, 2009 1:22 pm

Drakkoon have you considered submitting that patch to phpBB? It seems like a pretty good way to prevent automatic spam bot registration and I'm sure others can benefit from it as well.
Image
User avatar
Drakkoon
Developer
Posts: 173
Joined: Wed Jan 10, 2007 5:54 pm
Location: Montréal, Qc

Re: Forum spammers are back

Post by Drakkoon » Fri Feb 27, 2009 10:42 pm

I've thought about it. I even considered adding options in the administration panel in order to customize it for every site or even change it every couple of weeks. But then, spammers would just use another way to detect the textbox.

I think it's better to keep them in the dark. I'm not even sure this trick works for real, but I'm pretty sure it did work on the old phpBB2 forums.

If I submit something like that, it would also need to randomize the position of the textbox and tab order in order to fool macro types bot. And even then, some very clever ones could simply find a couple of white pixels near the captcha and click to focus. But I don't think most spam bots work like that. I'm pretty sure they simply do an HTTP GET, download only the captcha image, process it, then HTTP GET/POST with the required fields and never render the page or actually focus on anything. And that is why this trick can work.

When I have some time I think I'll research more how those bots work and submit some kind of mod to phpBB.
Winter Knight
Contributor
Posts: 304
Joined: Fri Sep 21, 2007 6:35 am
Contact:

Re: Forum spammers are back

Post by Winter Knight » Sat Feb 28, 2009 12:52 am

Roots wrote:Drakkoon have you considered submitting that patch to phpBB? It seems like a pretty good way to prevent automatic spam bot registration and I'm sure others can benefit from it as well.
It's not security, just obscurity. It will stop working if it is put into widespread use.
User avatar
Roots
Dictator
Posts: 8669
Joined: Wed Jun 16, 2004 12:07 pm
Location: Austin TX
Contact:

Re: Forum spammers are back

Post by Roots » Mon Mar 02, 2009 10:20 am

I've deleted two guest spam posts today. Does that patch effect registration only? If we could also apply it for guest posting, that would be nice.
Image
User avatar
Drakkoon
Developer
Posts: 173
Joined: Wed Jan 10, 2007 5:54 pm
Location: Montréal, Qc

Re: Forum spammers are back

Post by Drakkoon » Wed Mar 04, 2009 4:05 pm

It could, but I tought that guest posting would be disabled and that a first post would be needed to be reviewed in order to post.
phu
Newbie
Posts: 2
Joined: Sun Jun 28, 2009 8:00 pm

Re: Forum spammers are back

Post by phu » Sun Jun 28, 2009 8:08 pm

I used phpBB for a very long time... got proficient with writing mods for it and had a pretty major one on a board I ran.

Security in phpBB has always been a very, very bad joke... not just because it's popular, but because it's always been very poorly written.

I highly suggest switching to SMF; it provides basically the same functionality, a pretty good library of mods, easier template creation, a FAR better upgrade and mod installation system, and security that hasn't once let me down (I ran a major forum on phpBB that was hacked about twice every three years for 6 or 7 years... hacked to the point of losing data... after running SMF -- often outdated, oops -- for about 4 years I have yet to have anything even close happen).

If you're at all interested I'd be happy to point you in the right direction on whatever mods, etc. you'd need; there's a good conversion script that SMF maintains for moving from phpBB (versions 2 and 3). It might be a little work to get the theme changed over, but it'd be well worth the effort in terms of the time you'll save in upkeep.
User avatar
Roots
Dictator
Posts: 8669
Joined: Wed Jun 16, 2004 12:07 pm
Location: Austin TX
Contact:

Re: Forum spammers are back

Post by Roots » Wed Jul 01, 2009 4:17 pm

Thanks for sharing that info phu. I can't say I am enthusiastic about the idea of moving to another forum. Its a lot of work, and on one here really wants to do that. We (especially myself) have spent so much time in the past dealing with our online services instead of working on the game. I'm at the point where I really don't care to do this work anymore, especially when my time is better invested on the true goal of this project: making a game. If someone comes along and actually wants to work on improving and maintaining our website, forums, bug tracker, etc. I am all for it (we actually did try to hire people like that in the past, but it never worked out too well). But I'm not going to continue wasting time doing something I'm not interested in doing and I'm not going to tell anyone else on this team to do it either. Right now I do the least amount of maintenance work as I possibly can.


The spam hasn't been too huge of a problem lately. The only annoying thing is having 600+ forum members when probably half of those are spam accounts. I'll get around to deleting all the spam ones some day.
Image
User avatar
Jetryl
Artist
Posts: 1485
Joined: Fri Aug 26, 2005 1:35 am
Location: Southern Minnesota, USA

Re: Forum spammers are back

Post by Jetryl » Thu Jul 23, 2009 11:16 am

Roots wrote:Thanks for sharing that info phu. I can't say I am enthusiastic about the idea of moving to another forum. Its a lot of work, and on one here really wants to do that. We (especially myself) have spent so much time in the past dealing with our online services instead of working on the game. I'm at the point where I really don't care to do this work anymore, especially when my time is better invested on the true goal of this project: making a game. If someone comes along and actually wants to work on improving and maintaining our website, forums, bug tracker, etc. I am all for it (we actually did try to hire people like that in the past, but it never worked out too well). But I'm not going to continue wasting time doing something I'm not interested in doing and I'm not going to tell anyone else on this team to do it either. Right now I do the least amount of maintenance work as I possibly can.
Which is smart.

Phu, if you were willing to do all the heavy-lifting, we'd probably be interested (you'd want to meet with folks on IRC), but the core team needs to focus on getting the actual game itself done. Meta is murder; meta-work is evil, and should only be tolerated when it makes real work go faster. That's the only reason to have e.g. a forum, IRC, a wiki, a bug tracker - if it's wasting more time than it's saving, then it's evil.

In my limited experience, you seem to be right about SMF being a lot more solid. I've had one fellow from another project who swears by it.
Image
rujasu
Developer
Posts: 758
Joined: Sat Feb 24, 2007 10:40 pm
Location: Maryland, USA

Re: Forum spammers are back

Post by rujasu » Sun Aug 30, 2009 4:19 pm

Is it possible for us to block users from registering via certain email addresses? We wouldn't be able to stop the 50% or so of spammers who are using Gmail accounts, but today we got hit by a mass of bots using emails from "2009ok5.biz" which AFAIK is not a provider of legitimate email services. If we could block that domain, and a few others, it would probably stop some of the spam.

Also, I'd suggest blocking guest posting altogether. We get a fair amount of spam that way, and honestly it hasn't offered us much benefit at all.
User avatar
gorzuate
Developer
Posts: 2575
Joined: Wed Jun 16, 2004 9:03 pm
Location: Hermosa Beach, CA
Contact:

Re: Forum spammers are back

Post by gorzuate » Sun Aug 30, 2009 4:37 pm

rujasu wrote:Is it possible for us to block users from registering via certain email addresses? We wouldn't be able to stop the 50% or so of spammers who are using Gmail accounts, but today we got hit by a mass of bots using emails from "2009ok5.biz" which AFAIK is not a provider of legitimate email services. If we could block that domain, and a few others, it would probably stop some of the spam.
We have quite a few domains already blocked. I just added that one to the ban. Have any others?
rujasu wrote: Also, I'd suggest blocking guest posting altogether. We get a fair amount of spam that way, and honestly it hasn't offered us much benefit at all.
I agree :approve:
Image
rujasu
Developer
Posts: 758
Joined: Sat Feb 24, 2007 10:40 pm
Location: Maryland, USA

Re: Forum spammers are back

Post by rujasu » Sun Aug 30, 2009 5:10 pm

There was another one for a while, but in any case, if I see any new ones, I'll point 'em out or learn how to ban 'em myself. Thanks! :approve:
Winter Knight
Contributor
Posts: 304
Joined: Fri Sep 21, 2007 6:35 am
Contact:

Re: Forum spammers are back

Post by Winter Knight » Sun Aug 30, 2009 6:27 pm

Most forums have anonymous posting disabled. I just checked, and you can't post anonymously in this forum "Online Services Feedback", or "User Feedback". However, the forum that has been getting a lot of spam recently, "Ideas and Game Features", only requires that users fill in a CAPTCHA.

PHPBB probably has a global setting, where we can disable anonymous posting on all forums. It would make more sense, too, so if we ever change our minds (perhaps in five years spam will be dead) we can do that more easily. Consistency is important.

On another note, I am surprised that requiring registration actually works.
rujasu
Developer
Posts: 758
Joined: Sat Feb 24, 2007 10:40 pm
Location: Maryland, USA

Re: Forum spammers are back

Post by rujasu » Sun Aug 30, 2009 8:09 pm

Winter Knight wrote:Most forums have anonymous posting disabled. I just checked, and you can't post anonymously in this forum "Online Services Feedback", or "User Feedback". However, the forum that has been getting a lot of spam recently, "Ideas and Game Features", only requires that users fill in a CAPTCHA.

PHPBB probably has a global setting, where we can disable anonymous posting on all forums. It would make more sense, too, so if we ever change our minds (perhaps in five years spam will be dead) we can do that more easily. Consistency is important.

On another note, I am surprised that requiring registration actually works.
We're getting swamped by spammers who are registering, actually -- it's just that we have something set up where your first post has to be "approved" by a moderator. I have to delete a bunch of spam accounts every day, but their posts don't show up on the forums to non-moderators.
rujasu
Developer
Posts: 758
Joined: Sat Feb 24, 2007 10:40 pm
Location: Maryland, USA

Re: Forum spammers are back

Post by rujasu » Tue Sep 01, 2009 12:14 am

gorzuate wrote:We have quite a few domains already blocked. I just added that one to the ban. Have any others?
If you didn't get these already:

2009ok1.biz
2010go3.biz
User avatar
gorzuate
Developer
Posts: 2575
Joined: Wed Jun 16, 2004 9:03 pm
Location: Hermosa Beach, CA
Contact:

Re: Forum spammers are back

Post by gorzuate » Tue Sep 01, 2009 12:00 pm

Got 'em :)
Image
rujasu
Developer
Posts: 758
Joined: Sat Feb 24, 2007 10:40 pm
Location: Maryland, USA

Re: Forum spammers are back

Post by rujasu » Wed Sep 02, 2009 11:43 am

We got a rush today from 2008trueweb.net, one from 2008esites.net, and one from swiji.com.

ETA: add jacksoft.biz to that list.
User avatar
gorzuate
Developer
Posts: 2575
Joined: Wed Jun 16, 2004 9:03 pm
Location: Hermosa Beach, CA
Contact:

Re: Forum spammers are back

Post by gorzuate » Thu Sep 03, 2009 1:03 am

Done.
Image
rujasu
Developer
Posts: 758
Joined: Sat Feb 24, 2007 10:40 pm
Location: Maryland, USA

Re: Forum spammers are back

Post by rujasu » Sat Sep 05, 2009 5:05 pm

Some more that seem to be recurring:

mail.youwontsleep.com
tennese.bee.pl
2008votedsites.net
User avatar
gorzuate
Developer
Posts: 2575
Joined: Wed Jun 16, 2004 9:03 pm
Location: Hermosa Beach, CA
Contact:

Re: Forum spammers are back

Post by gorzuate » Tue Sep 08, 2009 11:51 pm

Done.
Image
Post Reply