Spam protection

[macnack]

Hello again

I saw on a german seo-site a nice way to protect phpbb-forum before spam-bots.
I test it and think it works fine.
There was no spam register since I include the following code.

Edit Fieldname

Replace SOMETHING by any word.

Open
/includes/usercp_register.php
and search:

Code: Select all

$username = ( !empty($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';


replace with

Code: Select all

$username = ( !empty($HTTP_POST_VARS['SOMETHING']) ) ? phpbb_clean_username($HTTP_POST_VARS['SOMETHING']) : '';


open
/templates/.../profile_add_body.tpl
search:

Code: Select all

name="username"

replace with

Code: Select all

name="SOMETHING"

That´s all!

Spambot´s annoy
After you edit your phpbb with the code above a real person can´t submit the fielname "username",
but the spambots use the fieldname "username" to register.
Now we know that somebody who want to reg. and use the fieldname "username" is a bot.
If you include the code below, the bot must wait 20 seconds for answer
Open
/includes/usercp_register.php
search:

Code: Select all

$trim_var_list = array('cur_password' => 'cur_password', 'new_password' => 'new_password', 'password_confirm' =>


add before

Code: Select all

if ($HTTP_POST_VARS['username']) { sleep (20); }

That´s all!

[Nicolas]

It's sound very interesting, thank for these tricks.
I will apply them on my board tonight...

[dcz]

Thanks for sharing macnack

Yep this is similar to espicon technique, but he's playing with the agreed $_POST var instead.

This on is simpler indeed and as efficient I guess.
One problem we have here is automated registering bots should not be able to register if we set user confirmation and captcha to true. Even though I think some automated process is here still possible (as there are some local program able to crack the captcha, we could think of an automated combination of a spam bot and this software running elsewhere), I am pretty sure we'll have to face more and more Human spam as people get paid nowadays just to do so.

Another thing elaborated in the espicon thread is that it worked out great at first, but once it became more widely used, spamers started adding a check on the customised var (as it's coded in the html it's not so hard to check it's name) and went through the trick.

I guess our only real weapon here, if not active moderation, is to track spamer IP and to ban all those that seems to come back (avoid dynamic IP banning at first).

It's a never ending fight I guess

++

[lucy]

thanks for that tip on reducing spam registrations...
i've tried it on 1 board (i admin 3) so I'm curious to see if the 2 keep getting spam and the 1 doesn't! normally they each get 5 or so a day to register... sometimes more sometimes less.

at first i'd made a mistake, cause there are 2 places it says
name="username"
at least i think thats what my mistake was, leaving one out.

another thing i did was... i put the email address blank below the password ones...
and removed the place to put a website.

hopefully it'll make a difference!

[dcz]

And welcome

The better captcha mod can give pretty good results as well, to fight against automated registrations.

++

[lucy]

i noticed when i joined here there was a different one than what i have, so i might try it also if what i've done doesn't help.

[dcz]

Both is a good thing as well, the captcha is really simple to install, just one line to edit.

++

[jean]

I can not see this piece of code you want us to modify.

($username = ( !empty($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';)

I searched in includes/usercp_register.php I can see that line of code : Please help. I'm getting lots sapmers ...and I can't figure out how to stop them. Bellow is the /includes/usercp_register.php code:

[Peter77]

Jean, it is not necessary to post the entire content of your file

If you want to provide a text version and post the link up, that would be nice . I took a quick look and I have to ask, what vresion of phpbb are you using?

[jean]

phpBB-2.0.22

[dcz]

Besides :

And welcome

The better captcha mod can give pretty good results as well, to fight against automated registrations.

++

[NazTheEternal]

When ever i try putting in the following code

Code: Select all

if ($HTTP_POST_VARS['username']) { sleep (20); }

It gives me some sort of SQL error, something about not being able to select the default time format.....

Code: Select all

Could not select default dateformat

DEBUG MODE

SQL Error : 2013 Lost connection to MySQL server during query

SELECT config_value FROM phpbb_config WHERE config_name = 'default_dateformat'

Line : 411
File : usercp_register.php


Any ideas what i could do to fix that?!

[NazTheEternal]

Oh nvm all that i misunderstood what the addon does..........

I thought it would make everyone wait 20 seconds on the register page for the application to go through, but tis not so =S

[littlephoenix]

i have tried this bot stopper if you will and it seems as though bots are still posting, are you guys sure this works 100% is there any other module that i need? Thanks