Anti-Spam Measures

This is an archive of a topic from NESdev BBS, taken in mid-October 2019 before a server upgrade.
View original topic
Anti-Spam Measures
by on (#17056)
http://www.phpbb.com/phpBB/viewtopic.php?t=427852

There's a whole bunch of mods in that list - I would recommend the following to clear things up here:

http://www.phpbb.com/phpBB/viewtopic.php?t=266787 - show CAPTCHA for guest posting
http://www.phpbb.com/phpBB/viewtopic.php?t=373695 - don't show website/signature inputs during registration; bots will fill them in anyways (with spam URLs) and will get automatically banned
http://www.phpbb.com/phpBB/viewtopic.php?t=262393 - don't show 0-post users in the member list (to hide existing spammers which register solely to list their websites)

by on (#17058)
If you install a CAPTCHA, you will need to make sure that the e-mail address is valid so that an administrator can help real humans whom the CAPTCHA disadvantages. The other two mods should help.

by on (#17060)
tepples wrote:
If you install a CAPTCHA, you will need to make sure that the e-mail address is valid so that an administrator can help real humans whom the CAPTCHA disadvantages.


The Registration screen already has a CAPTCHA in it - this would simply add one more thing for the bots to deal with.
Spammers already find ways around the registration ones (namely, by offering free pr0n to users who type in the letters/numbers), so the best this would do would be to at least slow them down.

The "hide website during registration" mod could optionally be replaced with http://www.phpbb.com/phpBB/viewtopic.php?t=399374 in order to allow hiding more fields, though that particular mod hasn't been validated and released yet.

by on (#17108)
Unfortunately, it would appear that some bots are learning to adapt - after applying the mod http://www.phpbb.com/phpBB/viewtopic.php?t=373695 to my own site forums and waiting overnight, two bans were placed. However, 3 more bots managed to successfully create accounts, albeit without websites or signatures (and they were likely unable to fill them in afterwards, as they can't actually activate their accounts).

Some modifications to that mod might be necessary to make it still show the website field but render it read-only or disabled, so bots still see it and try to fill it in.

by on (#17113)
Quietust wrote:
However, 3 more bots managed to successfully create accounts, albeit without websites or signatures (and they were likely unable to fill them in afterwards, as they can't actually activate their accounts).

Delete unactivated accounts after 14 days; problem solved.

by on (#35918)
I'm disappointed that none of those links redirected to tubgirl.

by on (#35929)
I'm amused that this was posted in an anti-spam topic. :P

by on (#35932)
Is it a waste of time to report this to the upstream provider for the spammed sites? (BTW, the links to the sites should be changed if the post is going to be kept)

by on (#35989)
I deleted a post by loitthuuo, immediately before Dwedit's, because the user's 'www' button linked to non-Nintendo MMORPG services.

by on (#37873)
For the people who can install "mods", this one seems like it could stop a few?

http://www.phpbb.com/community/viewtopi ... 7#p3082301