Forum spammers are back

Here you may share your feedback on any of the online services we provide, or report technical issues that you may have encountered.

Moderator: Staff

User avatar
Drakkoon
Developer
Posts: 173
Joined: Thu Jan 11, 2007 12:54 am
Location: Montréal, Qc

Re: Forum spammers are back

Postby Drakkoon » Wed Feb 25, 2009 9:57 pm

You could always apply this small patch which should reduce the number of bot registration too. (Assuming the bots capture the confirm input field using its DOM name or id)
This will randomize the name and id of the input field for each person that tries to register, so a bot would have to be customized for this particular forum if it does infact grab the input field by it's DOM name or id. It won't stop indian spammers, but it could reduce the number of reviewing to do.


Here's the patch for phpBB 3.0.4 in diff format:

Code: Select all

diff phpBB-3.0.4/phpBB3/includes/ucp/ucp_register.php
102c102
<                'confirm_code'      => request_var('confirm_code', ''),
---
>                'confirm_code'      => request_var('CC_' + md5($user->session_id), ''),
170c170
<          'confirm_code'      => request_var('confirm_code', ''),
---
>          'confirm_code'      => request_var('CC_' + md5($user->session_id), ''),
527a528
>          'HARD_CONFIRM_CODE' => 'CC_' + md5($user->session_id),


diff phpBB-3.0.4/phpBB3/styles/prosilver/template/ucp_register.html
87c87
<       <dt><label for="confirm_code">{L_CONFIRM_CODE}:</label></dt>
---
>       <dt><label for="{HARD_CONFIRM_CODE}">{L_CONFIRM_CODE}:</label></dt>
89c89
<       <dd><input type="text" name="confirm_code" id="confirm_code" size="8" maxlength="8" class="inputbox narrow" title="{L_CONFIRM_CODE}" /></dd>
---
>       <dd><input type="text" name="{HARD_CONFIRM_CODE}" id="{HARD_CONFIRM_CODE}" size="8" maxlength="8" class="inputbox narrow" title="{L_CONFIRM_CODE}" /></dd>


It's pretty simple to apply there's only 1 added line, the rest is all line changes. (Just in case it's not clear: 527a528 means at line 527 add line 528 containing .... )
User avatar
Roots
Dictator
Posts: 8665
Joined: Wed Jun 16, 2004 6:07 pm
Location: Austin TX
Contact:

Re: Forum spammers are back

Postby Roots » Fri Feb 27, 2009 8:22 pm

Drakkoon have you considered submitting that patch to phpBB? It seems like a pretty good way to prevent automatic spam bot registration and I'm sure others can benefit from it as well.
Image
User avatar
Drakkoon
Developer
Posts: 173
Joined: Thu Jan 11, 2007 12:54 am
Location: Montréal, Qc

Re: Forum spammers are back

Postby Drakkoon » Sat Feb 28, 2009 5:42 am

I've thought about it. I even considered adding options in the administration panel in order to customize it for every site or even change it every couple of weeks. But then, spammers would just use another way to detect the textbox.

I think it's better to keep them in the dark. I'm not even sure this trick works for real, but I'm pretty sure it did work on the old phpBB2 forums.

If I submit something like that, it would also need to randomize the position of the textbox and tab order in order to fool macro types bot. And even then, some very clever ones could simply find a couple of white pixels near the captcha and click to focus. But I don't think most spam bots work like that. I'm pretty sure they simply do an HTTP GET, download only the captcha image, process it, then HTTP GET/POST with the required fields and never render the page or actually focus on anything. And that is why this trick can work.

When I have some time I think I'll research more how those bots work and submit some kind of mod to phpBB.
Winter Knight
Contributor
Posts: 304
Joined: Fri Sep 21, 2007 12:35 pm
Contact:

Re: Forum spammers are back

Postby Winter Knight » Sat Feb 28, 2009 7:52 am

Roots wrote:Drakkoon have you considered submitting that patch to phpBB? It seems like a pretty good way to prevent automatic spam bot registration and I'm sure others can benefit from it as well.

It's not security, just obscurity. It will stop working if it is put into widespread use.
User avatar
Roots
Dictator
Posts: 8665
Joined: Wed Jun 16, 2004 6:07 pm
Location: Austin TX
Contact:

Re: Forum spammers are back

Postby Roots » Mon Mar 02, 2009 5:20 pm

I've deleted two guest spam posts today. Does that patch effect registration only? If we could also apply it for guest posting, that would be nice.
Image
User avatar
Drakkoon
Developer
Posts: 173
Joined: Thu Jan 11, 2007 12:54 am
Location: Montréal, Qc

Re: Forum spammers are back

Postby Drakkoon » Wed Mar 04, 2009 11:05 pm

It could, but I tought that guest posting would be disabled and that a first post would be needed to be reviewed in order to post.
phu
Newbie
Posts: 2
Joined: Mon Jun 29, 2009 2:00 am

Re: Forum spammers are back

Postby phu » Mon Jun 29, 2009 2:08 am

I used phpBB for a very long time... got proficient with writing mods for it and had a pretty major one on a board I ran.

Security in phpBB has always been a very, very bad joke... not just because it's popular, but because it's always been very poorly written.

I highly suggest switching to SMF; it provides basically the same functionality, a pretty good library of mods, easier template creation, a FAR better upgrade and mod installation system, and security that hasn't once let me down (I ran a major forum on phpBB that was hacked about twice every three years for 6 or 7 years... hacked to the point of losing data... after running SMF -- often outdated, oops -- for about 4 years I have yet to have anything even close happen).

If you're at all interested I'd be happy to point you in the right direction on whatever mods, etc. you'd need; there's a good conversion script that SMF maintains for moving from phpBB (versions 2 and 3). It might be a little work to get the theme changed over, but it'd be well worth the effort in terms of the time you'll save in upkeep.
User avatar
Roots
Dictator
Posts: 8665
Joined: Wed Jun 16, 2004 6:07 pm
Location: Austin TX
Contact:

Re: Forum spammers are back

Postby Roots » Wed Jul 01, 2009 10:17 pm

Thanks for sharing that info phu. I can't say I am enthusiastic about the idea of moving to another forum. Its a lot of work, and on one here really wants to do that. We (especially myself) have spent so much time in the past dealing with our online services instead of working on the game. I'm at the point where I really don't care to do this work anymore, especially when my time is better invested on the true goal of this project: making a game. If someone comes along and actually wants to work on improving and maintaining our website, forums, bug tracker, etc. I am all for it (we actually did try to hire people like that in the past, but it never worked out too well). But I'm not going to continue wasting time doing something I'm not interested in doing and I'm not going to tell anyone else on this team to do it either. Right now I do the least amount of maintenance work as I possibly can.


The spam hasn't been too huge of a problem lately. The only annoying thing is having 600+ forum members when probably half of those are spam accounts. I'll get around to deleting all the spam ones some day.
Image
User avatar
Jetryl
Artist
Posts: 1485
Joined: Fri Aug 26, 2005 7:35 am
Location: Southern Minnesota, USA

Re: Forum spammers are back

Postby Jetryl » Thu Jul 23, 2009 5:16 pm

Roots wrote:Thanks for sharing that info phu. I can't say I am enthusiastic about the idea of moving to another forum. Its a lot of work, and on one here really wants to do that. We (especially myself) have spent so much time in the past dealing with our online services instead of working on the game. I'm at the point where I really don't care to do this work anymore, especially when my time is better invested on the true goal of this project: making a game. If someone comes along and actually wants to work on improving and maintaining our website, forums, bug tracker, etc. I am all for it (we actually did try to hire people like that in the past, but it never worked out too well). But I'm not going to continue wasting time doing something I'm not interested in doing and I'm not going to tell anyone else on this team to do it either. Right now I do the least amount of maintenance work as I possibly can.


Which is smart.

Phu, if you were willing to do all the heavy-lifting, we'd probably be interested (you'd want to meet with folks on IRC), but the core team needs to focus on getting the actual game itself done. Meta is murder; meta-work is evil, and should only be tolerated when it makes real work go faster. That's the only reason to have e.g. a forum, IRC, a wiki, a bug tracker - if it's wasting more time than it's saving, then it's evil.

In my limited experience, you seem to be right about SMF being a lot more solid. I've had one fellow from another project who swears by it.
Image
rujasu
Developer
Posts: 758
Joined: Sun Feb 25, 2007 5:40 am
Location: Maryland, USA

Re: Forum spammers are back

Postby rujasu » Sun Aug 30, 2009 10:19 pm

Is it possible for us to block users from registering via certain email addresses? We wouldn't be able to stop the 50% or so of spammers who are using Gmail accounts, but today we got hit by a mass of bots using emails from "2009ok5.biz" which AFAIK is not a provider of legitimate email services. If we could block that domain, and a few others, it would probably stop some of the spam.

Also, I'd suggest blocking guest posting altogether. We get a fair amount of spam that way, and honestly it hasn't offered us much benefit at all.
User avatar
gorzuate
Developer
Posts: 2575
Joined: Thu Jun 17, 2004 3:03 am
Location: Hermosa Beach, CA
Contact:

Re: Forum spammers are back

Postby gorzuate » Sun Aug 30, 2009 10:37 pm

rujasu wrote:Is it possible for us to block users from registering via certain email addresses? We wouldn't be able to stop the 50% or so of spammers who are using Gmail accounts, but today we got hit by a mass of bots using emails from "2009ok5.biz" which AFAIK is not a provider of legitimate email services. If we could block that domain, and a few others, it would probably stop some of the spam.


We have quite a few domains already blocked. I just added that one to the ban. Have any others?

rujasu wrote:Also, I'd suggest blocking guest posting altogether. We get a fair amount of spam that way, and honestly it hasn't offered us much benefit at all.


I agree :approve:
Image
rujasu
Developer
Posts: 758
Joined: Sun Feb 25, 2007 5:40 am
Location: Maryland, USA

Re: Forum spammers are back

Postby rujasu » Sun Aug 30, 2009 11:10 pm

There was another one for a while, but in any case, if I see any new ones, I'll point 'em out or learn how to ban 'em myself. Thanks! :approve:
Winter Knight
Contributor
Posts: 304
Joined: Fri Sep 21, 2007 12:35 pm
Contact:

Re: Forum spammers are back

Postby Winter Knight » Mon Aug 31, 2009 12:27 am

Most forums have anonymous posting disabled. I just checked, and you can't post anonymously in this forum "Online Services Feedback", or "User Feedback". However, the forum that has been getting a lot of spam recently, "Ideas and Game Features", only requires that users fill in a CAPTCHA.

PHPBB probably has a global setting, where we can disable anonymous posting on all forums. It would make more sense, too, so if we ever change our minds (perhaps in five years spam will be dead) we can do that more easily. Consistency is important.

On another note, I am surprised that requiring registration actually works.
rujasu
Developer
Posts: 758
Joined: Sun Feb 25, 2007 5:40 am
Location: Maryland, USA

Re: Forum spammers are back

Postby rujasu » Mon Aug 31, 2009 2:09 am

Winter Knight wrote:Most forums have anonymous posting disabled. I just checked, and you can't post anonymously in this forum "Online Services Feedback", or "User Feedback". However, the forum that has been getting a lot of spam recently, "Ideas and Game Features", only requires that users fill in a CAPTCHA.

PHPBB probably has a global setting, where we can disable anonymous posting on all forums. It would make more sense, too, so if we ever change our minds (perhaps in five years spam will be dead) we can do that more easily. Consistency is important.

On another note, I am surprised that requiring registration actually works.


We're getting swamped by spammers who are registering, actually -- it's just that we have something set up where your first post has to be "approved" by a moderator. I have to delete a bunch of spam accounts every day, but their posts don't show up on the forums to non-moderators.
rujasu
Developer
Posts: 758
Joined: Sun Feb 25, 2007 5:40 am
Location: Maryland, USA

Re: Forum spammers are back

Postby rujasu » Tue Sep 01, 2009 6:14 am

gorzuate wrote:We have quite a few domains already blocked. I just added that one to the ban. Have any others?


If you didn't get these already:

2009ok1.biz
2010go3.biz
User avatar
gorzuate
Developer
Posts: 2575
Joined: Thu Jun 17, 2004 3:03 am
Location: Hermosa Beach, CA
Contact:

Re: Forum spammers are back

Postby gorzuate » Tue Sep 01, 2009 6:00 pm

Got 'em :)
Image
rujasu
Developer
Posts: 758
Joined: Sun Feb 25, 2007 5:40 am
Location: Maryland, USA

Re: Forum spammers are back

Postby rujasu » Wed Sep 02, 2009 5:43 pm

We got a rush today from 2008trueweb.net, one from 2008esites.net, and one from swiji.com.

ETA: add jacksoft.biz to that list.
User avatar
gorzuate
Developer
Posts: 2575
Joined: Thu Jun 17, 2004 3:03 am
Location: Hermosa Beach, CA
Contact:

Re: Forum spammers are back

Postby gorzuate » Thu Sep 03, 2009 7:03 am

Done.
Image
rujasu
Developer
Posts: 758
Joined: Sun Feb 25, 2007 5:40 am
Location: Maryland, USA

Re: Forum spammers are back

Postby rujasu » Sat Sep 05, 2009 11:05 pm

Some more that seem to be recurring:

mail.youwontsleep.com
tennese.bee.pl
2008votedsites.net
User avatar
gorzuate
Developer
Posts: 2575
Joined: Thu Jun 17, 2004 3:03 am
Location: Hermosa Beach, CA
Contact:

Re: Forum spammers are back

Postby gorzuate » Wed Sep 09, 2009 5:51 am

Done.
Image

Return to “Online Services”

Who is online

Users browsing this forum: No registered users and 1 guest