Spammers and 'Spam Accounts'

[CrazyEddie]

We have recently had spam posted here on the forum; on all occasions it has been deleted immediately with the offending accounts deleted, and emails and IPs banned - in most cases, the spam has been deleted within minutes.

In addition to this, it came to my attention that there have been 'fake' accounts registered with spam URLs in the profile and signatures. This is done so that when a search engine traverses the site these URLs are logged and used to improve those sites' positions in search engine listings.

Let it be known that this will not be tollerated at cegui.org.uk.

The forum software has now been modified so that a users profile is only accessible (in the members list, and also the 'most recent user' stat) once the account has been activated and at least one post made. While this makes our user list a bit less impressive, at least it is a true indication of our active user-base on the site

I apologise for any inconvenience this may cause, though I am sure you will all appreciate that certain steps are required in the continuing fight against these idiots.

Thanks for reading!

CE.

[DulcetTone]

I can help! I've wrestled with the same issue on my own phpBB.
My most recent tweak was simple, and resoundingly successful.

In brief, I took 10 minutes to manually go through the php scripts and altered each place where the variable "mode" was set to or compared to "register" so that the word "register" was some other string (say, "rgister").

e.g.:

cegui.org.uk/bbs/profile.php?mode=register
became
cegui.org.uk/bbs/profile.php?mode=rgister

and

$mode == "register"
became
$mode == "rgister"

The last tweak was to change lang["Register"]'s value from "Register" to "Reg1ster". PRESTO -- spammers died right off.

The reason this appears to work, I think, is that they are human lackeys typing out the CAPTCHAs and they use a lot of scripting to optimize how they arrive at a textfield/CAPTCHA. Altering the URLs causes their initial scripts to fail, and (so far) they haven't resorted to clicking through all the various links to register.


tone

[CrazyEddie]

Hi,

Thanks for the info, I will have a stab at it over the coming weekend

CE.

[lindquist]

Lately I've also come across a few forums with the first being a spam forum. Apparently most spam bots pick the first forum on the list.

Not sure that is something we want though

[tx]

if you haven't read it already, read this:
http://www.phpbb.com/phpBB/viewtopic.php?t=427852

I believe this could work,
this mod adds a question which the user must answer, like what is trees made of. Answer wood. You can add as many as you want, and the bot won't be able to get passed it.
http://www.phpbb.com/phpBB/viewtopic.php?t=383305

Or this aswell:
This will require that you enter a code, that can be found on a link perhaps.
http://www.phpbb.com/phpBB/viewtopic.php?t=435702

As this is quite a small forum, I believe it's all automated bots, meaning no human involvement what so ever, so I think these things would work. It seems like the image is not enough anymore.i