Results 1 to 8 of 8

Thread: How do I stop forum spammers?

  1. #1
    Internet Ministry mrmagill's Avatar
    Join Date
    Nov 2002
    Location
    Oregon, USA
    Posts
    311
    Rep Power
    15
    Quote Originally Posted by Croc Hunter View Post
    A discussion board also called forum is like this vBulletin one of Powwebs. phpBB and Simple Machines are also popular forums. None of these have a chat feature included either.
    First, I have run (and am currrently running) both phpBB, SMF, and have tried several others on my various domains over the past 8 years. My limits are the cost - so that's why I've been using free ones. Besides, I absolutely admire all the hard work people put into free/opensource software.

    The problem: Hacking/Spamming of forums. I have had each program set to their "air tight" mode due to this, where no message is supposed to be able to be posted without moderation due to incessant drug-ad spamming. And even still they were getting in and posting in some manner. I didn't even want to have to set moderation in the first place, as mine is a ministry site. But the spamming just got out of hand.

    So, Sir Croc, with your vast knowledge of systems (I mean that sincerely) - where can I get a -very- secure forum for my sites? Money is a -really- big object.

    Thanks in advance -
    Mark R. Magill
    Word for Life World Ministries
    Free Christian MP3 music, sermons, DVDs & more.

  2. #2
    Mod.. with bite.. Croc Hunter's Avatar
    Join Date
    Sep 2002
    Location
    Australia
    Posts
    7,333
    Rep Power
    27
    Hi Mark, keeping your forum/blog up-to-date with the latest version is frontline defense. Looks like you're running phpBB3, it has CAPTCHA antispam features where you can set the severity of scramble on the image (can't tell if you already use this as new user registration is closed). Paid forums get less spam partly because they just aren't targeted as much. When you can't afford one use the above and mods etc to block spammers.

    StopForumSpam for phpBB3 checks username/email/ip against the StopForumSpam.com 561682 list of spammers using its API. Much like Akismet does which is anoter good antispam mod. The advantage of setting up an API is you're checking against their growing maintained database rather then bloating your own with the 561682 entries. I also like to use wildcards * where I can like banning *@*.ru to stop any users registering/posting if their email ends in .ru phpBB3, Simple Machines and Wordpress all support API and wildcards.

    If you rather, I compiled a list of common spammer emails you can copy paste ban or use the StopForumSpam csv list. You can also slap a few thousand IP's or ban entire IP blocks with a .htaccess file. Most spammers spoof their IP and often forge email headers so these are good but the first methods up-to-date, CAPTCHA and mods are better.
    Croc Hunter MSC :

  3. #3
    Internet Ministry mrmagill's Avatar
    Join Date
    Nov 2002
    Location
    Oregon, USA
    Posts
    311
    Rep Power
    15
    Quote Originally Posted by Croc Hunter View Post
    Hi Mark, keeping your forum/blog up-to-date with the latest version is frontline defense. Looks like you're running phpBB3, it has CAPTCHA antispam features where you can set the severity of scramble on the image (can't tell if you already use this as new user registration is closed)
    Yes, I even had to go to far at to close user registration... exactly what I did NOT want to do. Now figure this one out: Even then I got new registrations and garbage in my forum!! I basically gave up. But... I read earlier today about Akismet (hadn't heard of it before) and now your mention of using API's in general have renewed my resolve to have things back the way I want them. So I'm going to make sure my phpBB is the latest one (because I like phpBB) and set up the API-thing I know nothing at all about... I've already been over to StopForumSpam for a look.

    Paid forums get less spam partly because they just aren't targeted as much. When you can't afford one use the above and mods etc to block spammers.
    Perhaps because the commercial products more agressively block their efforts?

    The advantage of setting up an API is you're checking against their growing maintained database rather then bloating your own with the 561682 entries. I also like to use wildcards * where I can like banning *@*.ru to stop any users registering/posting if their email ends in .ru phpBB3, Simple Machines and Wordpress all support API and wildcards.
    I really hate the idea of having to block by country, being as this is a ministry site, but perhaps if I implement the API's and other tools, it won't be necessary.

    Most spammers spoof their IP and often forge email headers so these are good but the first methods up-to-date, CAPTCHA and mods are better.
    CAPTCHA ... a necessary evil. I have had so -many- issues myself trying to sign up with many forums, etc that no matter what I do I just can't seem to enter the CAPTCHA codes right. Usually, after a few tries, I give up and move on. But... I'll turn them up and see what happens. Expect my site to welcome new forum members in the next few days or as long as it takes to implement your suggestions. I'll come get your list of dishonored sites.

    Thanks -
    Mark
    Mark R. Magill
    Word for Life World Ministries
    Free Christian MP3 music, sermons, DVDs & more.

  4. #4
    Internet Ministry mrmagill's Avatar
    Join Date
    Nov 2002
    Location
    Oregon, USA
    Posts
    311
    Rep Power
    15
    Quote Originally Posted by Croc Hunter View Post
    Hi Mark, keeping your forum/blog up-to-date with the latest version is frontline defense....
    I originally wrote in this message, concerning updating to the latest version, "Ok, that seemed like an easy first step, but the updater fails just after the database is successfully updated......no errors in the error log... "

    Scratch that! Since my phpBB is not modded at all, I tried the auto-update file a few times, then just uploaded the changed-files instead, overwriting existing files. Then ran the updater again, and it worked just great and incremented my version to current. Might help someone else if they run into problems on a un-modified install.

    [Next, I decided] I'd go with the banlist you had. I donwloaded it, but it is comma-seperated. phpBB wants seperate entries on each line. I read your site carefully and followed the directions. Still failed. When I entered an address or two manually, they work. Is there an easy way to convert that file or do some kind of serarch/replace that will turn the commas into line feeds?

    Off to learn more about that api-thing... thanks for any help.
    Last edited by snowmaker; 1-4-10 at 03:27 AM. Reason: Success was obtained! Mod Edit: fixed tags
    Mark R. Magill
    Word for Life World Ministries
    Free Christian MP3 music, sermons, DVDs & more.

  5. #5
    Mod.. with bite.. Croc Hunter's Avatar
    Join Date
    Sep 2002
    Location
    Australia
    Posts
    7,333
    Rep Power
    27
    Mark, I put a line break version for phpBB3 up.
    Croc Hunter MSC :

  6. #6
    Internet Ministry mrmagill's Avatar
    Join Date
    Nov 2002
    Location
    Oregon, USA
    Posts
    311
    Rep Power
    15
    Quote Originally Posted by Croc Hunter View Post
    Mark, I put a line break version for phpBB3 up.
    Thanks. Just tried to load it, could not get system to respond, it would hang. So I started over and entered it a few hundred lines at a time. When I got to 4000, phpBB was apparently out of memory and could not handle any more, genating the following script error in the Error Logs:

    PHP Fatal error: Allowed memory size of 12582912 bytes exhausted (tried to allocate 46 bytes) in /(my path)/chat/includes/functions_user.php on line 1063 Allowed memory size of 12582912 bytes exhausted (tried to allocate 24 bytes)


    This error repeats over and over in my error logs, and I cannot get back into the Ban Emails function to UN-ban some. Comes up with a script error. Not sure where to go from here, but it looks like the list is just too big. EDIT LATER: phpBB seems to have "healed" itself, dumping all the stuff I entered and re-enabling the ban function. Weird, eh? But cool..

    Should we move this conversation to some other forum for help? If so, please toss it over. Sound like I'd better get right on that API integration mod.
    Mark

  7. #7
    Mod.. with bite.. Croc Hunter's Avatar
    Join Date
    Sep 2002
    Location
    Australia
    Posts
    7,333
    Rep Power
    27
    I created the lists before phpBB3 came out. I've seen that error before, there's an easy way around it but with CAPTCHA set right and the Akismet or StopForumSpam API running you shouldn't need to punch 12,000 IP's or anything else into your database to stop spam. Hooking up to an API is quite easy even for a novice.
    Croc Hunter MSC :

  8. #8

    Join Date
    Nov 2001
    Location
    Louisiana
    Posts
    611
    Rep Power
    16
    If it still matters the best way I have found to get rid of spam is to install a mod for phpbb that allows you to enter a question they must answer correctly. For example: Spell red backwards. If they type anything besides "der" then they get the boot. Have not had a single spammer since the installation.

    Another great way is to have the link to the registration page changed to something else than what it is now. Then you have two registration pages. Change the original so that it doesn't work or give the bot the run around. Have the link that takes you to the registration page show the original link but have javascript redirect it to the real registration page.

    Bot don't follow links by clicking on them so they don't get to the working registration page.

    I also don't allow people to post links until they have already made two post. There is a mod for this.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •