Joined: 27 Feb 2007 Posts: 222 Location: Western Maryland
Posted: Fri Apr 24, 2009 6:18 am Post subject: Spam - for Mike
Mike,
I got a few message board questions for you. I run a message board I started for archery and Indian crafts. How do you best keep Human Spammers out? I am using BB3 and figure you are doing the same.
Are you just banning their account, their e-mail address once you find them? I have kids that use the site fore making bows and arrows and the porn coming in from Russia is a pain. I have a spam folder that users and Bots can't see and move them there and ban them. I just thought you might now a better solution as your site here is pretty clean and you're not going with Admin approval for user accounts.
Oh, I forgot to add, are you having any trouble with IX hosting? I am experiencing bandwidth bottle necks some times.
Joined: 26 Feb 2007 Posts: 5116 Location: Avon, Ohio
Posted: Fri Apr 24, 2009 8:03 am Post subject: Re: Spam - for Mike
Archeryrob wrote:
Mike,
I got a few message board questions for you. I run a message board I started for archery and Indian crafts. How do you best keep Human Spammers out? I am using BB3 and figure you are doing the same.
Are you just banning their account, their e-mail address once you find them? I have kids that use the site fore making bows and arrows and the porn coming in from Russia is a pain. I have a spam folder that users and Bots can't see and move them there and ban them. I just thought you might now a better solution as your site here is pretty clean and you're not going with Admin approval for user accounts.
Oh, I forgot to add, are you having any trouble with IX hosting? I am experiencing bandwidth bottle necks some times.
Thanks,
Rob
I'm running BB2...but they are similar enought that I can speak for 3. It took forever to get the spamers under control. I had to make several code changes to beat them... but I havn't had a spammer in over a year, maybe 2.
The reason phpBB has problems with spammers is that its open source, the code that runs the forum can be accessed by anyone. The first thing to understand is that the spammers you are having problems with are not human, they are bot programs. Since phpBB is open source, programmers can easily write programs to essentially hack the forum software itself. What this means to you is banning the accounts and email address is 100% useless. You are wasting your time. If anything, just delete them to keep your member list clean.
With that being said, there is no 1 solution to the problem. I have at least 5 different anti spam methods I installed before I killed the problem. Unfortunatly, I honestly can't remember exactly what they all were, I would try one.. if it didn't work I would try another. I do know three that were very effective.
One of them required you to enter a password when registering that can only be found on a specific page. Since I had control over what the word was, and I had control as to where the word could be found... it made it impossible for a computer program to find it.
There was another fix that I made that was effective at first, was to change a few lines of code from lower case to upper case. When spam bots try to register, they are programmed to send the exact message the BB is programmed to send, but changing the wording from lower case to upper case, since the code is case sensitve, it would the spam bot would send a lower case message (as phpBB is written to do) to post, but it only recognized upper case... this caused the posting to fail.
The third change that was the final nail in the coffin was to remove the "www" field and the "signature" field from the registration process. Nearly every spam account will have a www address filled in and/or a www address in the signature. From a spam bots perspective, it is programmed to register the account with the www and the signature automatically. By taking those text boxes off of the registration screen, it made it impossible for a human to register an account with either of those boxes filled in. So, when a registration attempt is made, I have the forum software checking the registration attempt. If the registration attempt is trying to add a www or a signature, I KNOW that it is a spam bot, and I don't allow the registration. Then after a human makes 10 posts, those two fields become available in your profile.
The good news is that you CAN stop spam. The bad news is that you need to make program changes to do it. Simply banning the accounts will not work.
State Forums
FAQ
Search
Memberlist
Member Map
Usergroups
Register
Photo Album
Profile
Log in to check your private messages
Log in
