Results 1 to 8 of 8

Thread: phpBB2 - Spam

  1. #1
    rlhanson's Avatar
    rlhanson is offline Master Glow Jedi
    Join Date
    Aug 2007
    Location
    Chapman, Kansas
    Posts
    531

    Default phpBB2 - Spam

    I have a client site which featured a "submit your testimonial" forum which she wanted to make easily accessible to clients.

    As you all probably already know, we got slammed with porn. Since then, I have made the user registration only upon approval by admin.

    Any suggestions on how to prevent problems like this without having such a strict registration policy?

    Is it just normal procedure to have to manually remove the crap everyday?

    Does anyone know how to remove MULTIPLE users from the phpBB2 admin section? I don't necessrily want my client in the DB removing items!
    Thank you,
    Lynne Hanson
    RL Hanson-Online

  2. #2
    Matt's Avatar
    Matt is online now GlowHost Administrator
    Join Date
    Jan 2005
    Location
    Behind your monitor
    Posts
    5,932

    Default

    1. Require user registration to post in most forums.
    1a. Make sure user registration uses CAPTCH or some other means of human authentication/verification.

    2. Use Captcha verification on forums that you want the general public (unregisterred users) to be able to post on.

    3. Make sure you are running the latest version of the software at all times.

    ==================

    It is not normal to have to remove spamvertisements every day. We have to from time to time, but we ban the username (which will catch of lot of bots that use the same username over and over to register) then used that in tendem with banning the user IP address in .htaccess and you will see a lot of cleanup on the forums even if it is open source.

    ==================

    4.. If it is worth it to you, use a closed-source forum. Only one of them comes to mind. vBulletin

    Closed source by nature is going to have less available exploits floating around on the web.

    Does anyone know how to remove MULTIPLE users from the phpBB2 admin section? I don't necessrily want my client in the DB removing items!
    I will leave this to someone else who might know something about PHPBB!
    Send your friends and site visitors to GlowHost and get $125 plus bonus!
    GlowHost Affiliate Program | Read our Blog | Follow us on X |

  3. #3
    rlhanson's Avatar
    rlhanson is offline Master Glow Jedi
    Join Date
    Aug 2007
    Location
    Chapman, Kansas
    Posts
    531

    Default

    I found this guy's answer to help with the spam on phpBB2 forums - I implemented what he recommended and have had all spam activity cease so far!

    http://boonedocks.net/mike/archives/...-Question.html
    You have to change two files, templates/(your template)/profile_add_body.tpl and includes/usercp_register.php.

    In templates/(your template)/profile_add_body.tpl, add this after the <!-- END switch_confirm --> line (about line number 68):


    <!-- BEGIN switch_add_profile -->
    <tr>
    <td class="row1"><span class="gen">Anti-Spam Question:</span></td>
    <td class="row2">
    <span style="font-size: small;">Enter the name Luke Skywalker's
    father. Check your spelling!
    Requiring this question to be answered will hopefully limit
    spammers who try to sign up.</span><br />
    <input type="text" class="post" style="width: 200px"
    name="bonusq" size="25" maxlength="255" value="" />
    </td>
    </tr>
    <!-- END switch_add_profile -->


    In includes/usercp_register.php, add this after else if ( $mode == 'register' ) { (about line number 275):


    // mod by MB to require human data to prevent spam bots
    if(trim(strtolower($_POST['bonusq']))!='darth vader') {
    $error = TRUE;
    $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) .
    'You did not answer the Anti-Spam question correctly...' .
    'please try again.';
    }
    // end mod


    So there you have it. I'm sure there are some sophisticated PHPBB mods out there that will do the same and more for you, but this simple change has saved me a lot of trouble. I'm keeping my fingers crossed that it will last.

    Update 2007-05-23: I omitted one other mod to make this work. You also need to edit your includes/usercp_register.php file. Find the line if ( $mode == 'editprofile' ) (about line number 941) and modify that block to look like this:


    if ( $mode == 'editprofile' )
    {
    $template->assign_block_vars('switch_edit_profile', array());
    } else {
    // Else block is Mod by MB 2006-08-11
    $template->assign_block_vars('switch_add_profile', array());
    }
    Thank you,
    Lynne Hanson
    RL Hanson-Online

  4. #4
    Matt's Avatar
    Matt is online now GlowHost Administrator
    Join Date
    Jan 2005
    Location
    Behind your monitor
    Posts
    5,932

    Default

    But what if someone has never seen Star Wars? I know quite a few that haven't.

    Might want to consider something more universal like:

    "What does 2+2 equal?"

    It eliminates the potential for blocking someone who has never seen the movie and also eliminates the possible spelling problem when typing "Darth Vader" and besides that, someone might think it is actually "Lord Vader" AND besides that, for uber Star Wars geeks, his Dad's name was actually "Anikin Skywalker" and I am not even sure I spelled Anikin correctly!

    And, is it CaSe SenSiTive? There is no lower-case "2" so that is the way I would run with that snippit. I'd modify it a tad for usability purposes.

    Seems like it leaves a lot of room for human error!

    You know what else I find sort of funny is that on his page where he mentions this code, if you look at the comment section at the bottom of the page, he is using CAPTCHA verification, not his own Star Wars code!!!

    Just a thought.
    Last edited by Matt; 09-30-2007 at 05:51 PM.
    Send your friends and site visitors to GlowHost and get $125 plus bonus!
    GlowHost Affiliate Program | Read our Blog | Follow us on X |

  5. #5
    rlhanson's Avatar
    rlhanson is offline Master Glow Jedi
    Join Date
    Aug 2007
    Location
    Chapman, Kansas
    Posts
    531

    Default

    Matt, I was already using some CAPTCHA code and was still getting at least 10 spam user registrations everyday so I implemented this code, which worked for me.

    However, I did have the same thoughts as you, so I changed the question to "On a beautiful summer day, what color is the sky?" Then gave instructions as to the case it should be written in. I realize this may still eliminate some people, but it was worth it to me for the few users who may not be able to get past the spelling or case or incorrect input.

    Just thought I'd share something that worked and was appreciative that he had it posted in such a way that was extremely easy to implement.

    Thanks for your input!
    Thank you,
    Lynne Hanson
    RL Hanson-Online

  6. #6
    Matt's Avatar
    Matt is online now GlowHost Administrator
    Join Date
    Jan 2005
    Location
    Behind your monitor
    Posts
    5,932

    Default

    But what if your user is colorblind?

    Haha, I am just kidding around. Glad you got a working solution
    Send your friends and site visitors to GlowHost and get $125 plus bonus!
    GlowHost Affiliate Program | Read our Blog | Follow us on X |

  7. #7
    rlhanson's Avatar
    rlhanson is offline Master Glow Jedi
    Join Date
    Aug 2007
    Location
    Chapman, Kansas
    Posts
    531

    Default

    what if your's is mathematically chellenged?
    <lm-o>
    Thank you,
    Lynne Hanson
    RL Hanson-Online

  8. #8
    Matt's Avatar
    Matt is online now GlowHost Administrator
    Join Date
    Jan 2005
    Location
    Behind your monitor
    Posts
    5,932

    Default

    ahhhhh.... Touché
    Send your friends and site visitors to GlowHost and get $125 plus bonus!
    GlowHost Affiliate Program | Read our Blog | Follow us on X |

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14