AnobizII Posted April 14, 2009 Share Posted April 14, 2009 Hi Guys, I run a very active forum and currently get about 10-15 emails a day stating a new user has applied to join, I have image verification and admin acceptance switched on but none of these seem to be stopping them applying and now I can't determine which are real and which are spammers... I need help on how to stop them, I was thinking about setting up a cost per user such as £1 per user this would stop them and I could give legitimate people a code to give them free entry but I wouldn't know where to start with this or how to set it up. So any help/advice would be greatly appreciated... Thanks Ano Quote Link to comment Share on other sites More sharing options...
JonnoTheDev Posted April 14, 2009 Share Posted April 14, 2009 What is your URL? Quote Link to comment Share on other sites More sharing options...
AnobizII Posted April 14, 2009 Author Share Posted April 14, 2009 www.atos-corp.com/Forum Quote Link to comment Share on other sites More sharing options...
Maq Posted April 14, 2009 Share Posted April 14, 2009 I need help on how to stop them, I was thinking about setting up a cost per user such as £1 per user this would stop them and I could give legitimate people a code to give them free entry but I wouldn't know where to start with this or how to set it up. You could create a hash from their username and make them enter it somewhere to verify they're human. Send it via mass email. Do you have an email activation set up? Quote Link to comment Share on other sites More sharing options...
JonnoTheDev Posted April 14, 2009 Share Posted April 14, 2009 I'm guessing that your CAPTCHA has been cracked from other sites using the same. This is probably what bots are grabbing to determine the code: <input type="hidden" name="confirm_id" value="84e282bd402018086a2c26c0575e3621" /> Switch to another captcha and I bet it stops. I wouldn't use any CAPTCHA that comes with PHPBB as the code is open source. http://recaptcha.net/ Quote Link to comment Share on other sites More sharing options...
AnobizII Posted April 14, 2009 Author Share Posted April 14, 2009 Ok i have signed up for re-captcha and now i need to know how to code it into my php... Can any of you guys help out with this? Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted April 14, 2009 Share Posted April 14, 2009 And if the benefit is great enough, someone will sign up, make a test post to see if he can directly post spam content/links, then use an automated script. It sounds like you want some way of detecting at the time someone creates an account if they are going to post spam. You cannot really until they do so (assuming you have a good registration captcha and email verified op-in registration - a link in an email that must be clicked to activate the account.) The key to stopping spam is to remove the benefit or make it not worth the time to receive that benefit. Don't allow links to be posted until a member has a minimum number of posts. Fully moderate posts (require approval by a moderator before the post is displayed) by new members until they have a minimum number of posts. Use a captcha to make a post until they have a minimum number of posts. Use a content filter to either strike out spam like words and links or to cause a post to be full moderated when it triggers the content filter. Quote Link to comment Share on other sites More sharing options...
Maq Posted April 14, 2009 Share Posted April 14, 2009 As you've probably already noticed a technique here is to use CAPTCHA for the first 10 posts of a user. Pretty annoying huh? Quote Link to comment Share on other sites More sharing options...
JonnoTheDev Posted April 14, 2009 Share Posted April 14, 2009 Do you have any php knowledge? Remember even if you do manage to switch your CAPTCHA you will still have bogus accounts in your database. Your gonna have to get rid of them yourself. I would redirect the register page until you have it sorted. Quote Link to comment Share on other sites More sharing options...
revraz Posted April 14, 2009 Share Posted April 14, 2009 There is another Mod for PHPBB which is just a simple question/answer line. Ask a question like "What color is white" and they answer simply "white". The good thing is, you can change the question and answer at anytime. Quote Link to comment Share on other sites More sharing options...
laffin Posted April 14, 2009 Share Posted April 14, 2009 Yeah, but if yer ok with php, ya can make it generate different question/answer combination. I did like the math solving ones myself 2 + 2 = Quote Link to comment Share on other sites More sharing options...
Nazirul Posted April 14, 2009 Share Posted April 14, 2009 use Email Activation... it should be works... Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted April 14, 2009 Share Posted April 14, 2009 Computers were designed to parse and solve math problems. If you are going to use a text based question/answer captcha, you need to have questions that don't involve find/copy/paste or math, because that is what computers do well. A single php eval() statement can solve any simple math equation that you are likely to use on a captcha. If something only takes one or two lines of php code to break, you can bet that it has already been broken and it is only a matter of time before someone uses it to bypass your form checking. Quote Link to comment Share on other sites More sharing options...
Daniel0 Posted April 14, 2009 Share Posted April 14, 2009 Yeah, but if yer ok with php, ya can make it generate different question/answer combination. I did like the math solving ones myself 2 + 2 = Bah... give them some real math challenges. It'll keep out idiots and spammers (though of course spammers is in a sense a subset of idiots). Something like: Given a cylindrical container, what should the height and radius be in order to the minimum possible surface area if the volume must be exactly 1 liter (assume no overlap of material on container assembly)? Height: [__________] Radius: [__________] Given that AI is more difficult to implement than OCR, this is better for bot based attacks. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.