Lo, we are besieged by spambots

User avatar
Bongo Bill
Imperisaurus Rex
Posts: 207
Joined: Mon Jan 20, 2014 6:23 pm

Lo, we are besieged by spambots

Postby Bongo Bill » Fri Jan 24, 2014 8:13 pm

phpbb3 is very commonly targeted by spambots, and the situation isn't going to improve if we ignore it. There is a straightforward and effective method to cut down a lot of them, however, and that's to manually edit the registration page so that it contains custom field, in which the user has to enter a particular passphrase which is not printed anywhere on the page (but has a very obvious hint).

I don't know exactly what change needs to be made, but I do know someone who did make such a change, and as soon as he gets back to me I will tell you what needs to be done.
...but is it art?

User avatar
Bongo Bill
Imperisaurus Rex
Posts: 207
Joined: Mon Jan 20, 2014 6:23 pm

Re: Lo, we are besieged by spambots

Postby Bongo Bill » Fri Jan 24, 2014 8:21 pm

Also, I think permissions are slightly fucked, as I put this one spambot in the spambots group but it can still post in places other than Spambot Thunderdome.
...but is it art?

User avatar
Smiler
Imperisaurus Rex
Posts: 972
Joined: Mon Jan 20, 2014 6:27 pm

Re: Lo, we are besieged by spambots

Postby Smiler » Fri Jan 24, 2014 8:22 pm

Yeah there isn't a single option for custom fields right now. I added a metric fuckton to the old boards and it seemed to help a little bit.

User avatar
Smiler
Imperisaurus Rex
Posts: 972
Joined: Mon Jan 20, 2014 6:27 pm

Re: Lo, we are besieged by spambots

Postby Smiler » Fri Jan 24, 2014 8:24 pm

For now the best option is probably to set registration to admin approval, which will spam our inboxes at this rate.

User avatar
Joxam
Imperisaurus Rex
Posts: 1003
Joined: Mon Jan 20, 2014 11:23 pm

Re: Lo, we are besieged by spambots

Postby Joxam » Fri Jan 24, 2014 9:47 pm

Bongobill, when you put a spambot into the 'spambot' user group you have to remove its normal user group as well. I figured this out through trial and error.
Image

User avatar
Z%rø
Posts: 287
Joined: Mon Jan 20, 2014 10:10 pm
Location: Throne

Re: Lo, we are besieged by spambots

Postby Z%rø » Fri Jan 24, 2014 10:12 pm

Is there a way to make the default permissions "Spambot" so that once registered, they can only see the spambot thunderdome until they are specifically switched over by an admin, or is there maybe an automated system that would involve a human user having to PM an automated/bot user to be automatically switched? [Humans would notice a sticky the top of the spambot thunderdome saying to PM user ___ to get access to the real boards.]

Then again I see a million problems with this, but this is a solution that maintains the purpose of the thunderdome.
Image

User avatar
Mongrel
Posts: 21290
Joined: Mon Jan 20, 2014 6:28 pm
Location: There's winners and there's losers // And I'm south of that line

Re: Lo, we are besieged by spambots

Postby Mongrel » Fri Jan 24, 2014 10:42 pm

Pretty sure there is a way of setting that up by default. I'm almost certain I've seen a setup like that on other phpbb boards.

EDIT: I will ask around to see what's in place at another forum I know is on a recent iteration of phpBB and which has a BOT trap. The admins there are pretty good, so they have a script or some solid suggestions.
Image

MichaelNar
Posts: 7
Joined: Tue Dec 09, 2014 6:04 pm
Location: Senegal
Contact:

Lo we are besieged by spambots

Postby MichaelNar » Thu Dec 11, 2014 7:47 am

High cost neon repair? You are saying that leds are the more durable product that is worth its weight in gold? I think not -- or else I misinterpreted your post.gn

User avatar
Esperath
Posts: 1313
Joined: Mon Jan 20, 2014 6:42 pm

Re: Lo, we are besieged by spambots

Postby Esperath » Thu Dec 11, 2014 8:03 am

....ahahahaha
pisa katto

ImageImageImage

pisa katto

User avatar
Mothra
Woah Dangsaurus
Posts: 3963
Joined: Mon Jan 20, 2014 7:12 pm
Location: Boston, MA
Contact:

Re: Lo, we are besieged by spambots

Postby Mothra » Thu Dec 11, 2014 8:42 am

You ballsy son of a bitch...

User avatar
Joxam
Imperisaurus Rex
Posts: 1003
Joined: Mon Jan 20, 2014 11:23 pm

Re: Lo, we are besieged by spambots

Postby Joxam » Thu Dec 11, 2014 11:56 am

This one's got spirit. I'ma allow it.
Image

User avatar
IGNORE ME
Woah Dangsaurus
Posts: 3679
Joined: Mon Jan 20, 2014 2:40 pm

Re: Lo, we are besieged by spambots

Postby IGNORE ME » Sun Dec 14, 2014 4:42 am

Updated the answer to the security question. Will probably need a more solid defense soon.

Taking suggestions as to how to stave off forum stagnation/blight, if anyone still cares or wants to do so.

patito
Posts: 281
Joined: Mon Jan 20, 2014 6:56 pm

Re: Lo, we are besieged by spambots

Postby patito » Sun Dec 14, 2014 5:16 am

We should at least set up a minimum post amount before you get post editing privileges, since so far bots post 2 or 3 times and then go back to edit their spam into those posts.

User avatar
Büge
Posts: 5440
Joined: Mon Jan 20, 2014 6:56 pm

Re: Lo, we are besieged by spambots

Postby Büge » Sun Dec 14, 2014 10:51 am

Replying to the posts seems to encourage them.
Image

User avatar
nosimpleway
Posts: 4514
Joined: Mon Jan 20, 2014 7:31 pm

Re: Lo, we are besieged by spambots

Postby nosimpleway » Sun Dec 14, 2014 12:05 pm

That's a shame. Having targets to make stupid jokes about means the forum is more active now than it's been in a while.

User avatar
Healy
Posts: 358
Joined: Fri Jan 24, 2014 10:53 am
Location: Bro-ing it up in the Arctic

Re: Lo, we are besieged by spambots

Postby Healy » Sun Dec 14, 2014 7:55 pm

patito wrote:We should at least set up a minimum post amount before you get post editing privileges, since so far bots post 2 or 3 times and then go back to edit their spam into those posts.

This seems like a pretty solid suggestion. It'd likely be invisible to a new user, too.
Image

User avatar
IGNORE ME
Woah Dangsaurus
Posts: 3679
Joined: Mon Jan 20, 2014 2:40 pm

Re: Lo, we are besieged by spambots

Postby IGNORE ME » Tue Dec 16, 2014 2:17 pm

Did... threatening them with torture actually make the bots stop?

User avatar
Mothra
Woah Dangsaurus
Posts: 3963
Joined: Mon Jan 20, 2014 7:12 pm
Location: Boston, MA
Contact:

Re: Lo, we are besieged by spambots

Postby Mothra » Tue Dec 16, 2014 2:36 pm

Hmm... I've been deleting their new threads as they pop up, whenever I see them. Also started IP banning the Russian ones.

Have we looked into updating the captcha? I could take a swing at that this weekend if nobody else is up for it.

User avatar
Thad
Posts: 13165
Joined: Tue Jan 21, 2014 10:05 am
Location: 1611 Uranus Avenue
Contact:

Re: Lo, we are besieged by spambots

Postby Thad » Tue Dec 16, 2014 9:46 pm

Any useful useragent data from the Russian ones? There might be something there that you could block in .htaccess.

User avatar
sei
Posts: 1074
Joined: Mon Jan 20, 2014 6:29 pm

Re: Lo, we are besieged by spambots

Postby sei » Tue Dec 16, 2014 11:08 pm

Code: Select all

GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: ru-RU
User-Agent: What? No, no. Am not agent! Am civilian, like moose and squirrel
Image

Who is online

Users browsing this forum: No registered users and 18 guests