Spam, spam, spam

Anything related to the www.jpatch.com webpage or this forum.

Spam, spam, spam

Postby pndragon » Tue Feb 03, 2009 3:15 am

Anyone else dealing with an inordinate amount of spammers on this board?
"We're so sorry, Uncle Albert,
But we haven't done a bloody thing all day."
--- Paul McCartney
pndragon
 
Posts: 591
Joined: Sun Dec 05, 2004 1:27 am
Location: North Carolina

Re: Spam, spam, spam

Postby dcuny » Tue Feb 03, 2009 8:37 am

I just banned a 'bot for posting explicit port video links. Great... I don't need this board to become NSFW. :evil:
dcuny
 
Posts: 2902
Joined: Fri May 21, 2004 6:07 am

Re: Spam, spam, spam

Postby sascha » Tue Feb 03, 2009 10:08 am

Thanks!

I've been deleting some new, malicious uses for the past view days, let's see how long this continues. I guess the CAPTCHA has again been broken.
I wonder when the reCaptcha folks will come up with a phpBB 3 plugin (their's still for version 2)...
sascha
Site Admin
 
Posts: 2792
Joined: Thu May 20, 2004 9:16 am
Location: Austria

Re: Spam, spam, spam

Postby sascha » Tue Feb 03, 2009 8:53 pm

I've again deleted 3 new users that looked like bots before they could do any harm. I've also - for the time being - temporarily disabled new user registrations, so we're an illustrious circle now, gentlemen. ;-)

Please remind me to turn it back on in a week or so, perhaps by that time the bots have lost their interest.
sascha
Site Admin
 
Posts: 2792
Joined: Thu May 20, 2004 9:16 am
Location: Austria

Re: Spam, spam, spam

Postby sascha » Thu Mar 19, 2009 6:45 pm

Ok, I've enabled new user registration again.

Please let me know if you find any spam and feel free to remove it and ban the offending users. Thanks a lot!
sascha
Site Admin
 
Posts: 2792
Joined: Thu May 20, 2004 9:16 am
Location: Austria

Re: Spam, spam, spam

Postby pndragon » Fri Mar 20, 2009 9:56 am

sascha wrote:Ok, I've enabled new user registration again.

Please let me know if you find any spam and feel free to remove it and ban the offending users. Thanks a lot!

Banned 2, deleted 2.
--- Jim
"We're so sorry, Uncle Albert,
But we haven't done a bloody thing all day."
--- Paul McCartney
pndragon
 
Posts: 591
Joined: Sun Dec 05, 2004 1:27 am
Location: North Carolina

Re: Spam, spam, spam

Postby pndragon » Fri Mar 20, 2009 6:45 pm

Banned 1, deleted 13.

--- Jim
"We're so sorry, Uncle Albert,
But we haven't done a bloody thing all day."
--- Paul McCartney
pndragon
 
Posts: 591
Joined: Sun Dec 05, 2004 1:27 am
Location: North Carolina

Re: Spam, spam, spam

Postby pndragon » Sat Mar 21, 2009 7:45 am

3 banned, 3 deleted (1 had sex photos!!!)

--- Jim
"We're so sorry, Uncle Albert,
But we haven't done a bloody thing all day."
--- Paul McCartney
pndragon
 
Posts: 591
Joined: Sun Dec 05, 2004 1:27 am
Location: North Carolina

Re: Spam, spam, spam

Postby sascha » Sat Mar 21, 2009 9:51 am

AARGH! :twisted:

Thanks for your help!

I've just deleted one spam and all 26 (!) new users.
I'll turn on e-mail confirmation for new user registration.

I really wonder why PhpBB's original CAPTCHA is that weak and why the reCaptcha plugin is still for PhpBB 2 only.

Edit: OK, I've turned e-mail confirmation on and tested it. I hope this helps, but please stay alert and notify me about any new spam sightings or malicious new user-accounts.
sascha
Site Admin
 
Posts: 2792
Joined: Thu May 20, 2004 9:16 am
Location: Austria

Re: Spam, spam, spam

Postby dcuny » Sat May 30, 2009 10:02 pm

More spam. I deleted the users and the spam. I just figured out that it's easier to delete the user (and their posts) than it is to ban them. :|
dcuny
 
Posts: 2902
Joined: Fri May 21, 2004 6:07 am

Re: Spam, spam, spam

Postby dcuny » Wed Jun 03, 2009 9:03 am

More spam is slipping through, even with new users turned off. I went through and removed 33 pages of unregistered users, and a couple of pages of recently registered user with no posts. I removed some long-standing users that were clearly spam accounts. :x
dcuny
 
Posts: 2902
Joined: Fri May 21, 2004 6:07 am

Re: Spam, spam, spam

Postby pndragon » Wed Jun 03, 2009 11:42 am

33 pages????

How do you get that many pages in just one day?

Has anyone heard from Sascha? Or tried to e-mail him?

--- Jim
"We're so sorry, Uncle Albert,
But we haven't done a bloody thing all day."
--- Paul McCartney
pndragon
 
Posts: 591
Joined: Sun Dec 05, 2004 1:27 am
Location: North Carolina

Re: Spam, spam, spam

Postby dcuny » Wed Jun 03, 2009 5:41 pm

There were a couple of weeks worth of people there.

I also ran a query on people who hadn't ever posted anything, and removed most of the recent people (within the last month). There's a slight possibility that I removed a "real" person, but I doubt it. Most of the information was clearly bogus.

I also removed users who linked off to other boards in their personal data, or were obviously bogus (like "viagra lover").

I sent an email to Sascha last night. It's not unusual for him to go on vacation, but typically he'll notify people on the board. I'm just hoping this is one of those times, and he just taking a break. Time will tell. :|
dcuny
 
Posts: 2902
Joined: Fri May 21, 2004 6:07 am

Re: Spam, spam, spam

Postby sascha » Thu Jun 04, 2009 11:04 pm

Sorry to hear that, and thanks a lot for deleting all those bogus users.
I vaguely remember that somewhere well hidden in the phpBB control panel there is an option to delete all users that registered in a certain timeframe - just in case you didn't know that (I also remember that finding this option can actually take longer than manually deleting the users ;-))

EDIT: There are still a couple of suspicious accounts, I'll delete them tomorrow.

EDIT: I've deleted all user-accounts that have been created after mid April and have been inactive since.
sascha
Site Admin
 
Posts: 2792
Joined: Thu May 20, 2004 9:16 am
Location: Austria

Re: Spam, spam, spam

Postby sascha » Fri Jun 05, 2009 12:57 pm

Have I told you how much I love phpBB? :|

I've tried the option where an administrator has to manually activate each new account. Unfortunately this is absolutely pointless, since all the admin can do is activate the account or not - he's got no clue about whether the new user is a bot or not (like a "hello" message where the user has to explain why he'd like to join the forum, etc.)

Since e-mail confirmation apparently does not stop the bots (but annoys the users) I've deactivated it - so again we only rely on the CAPTCHA to do its job. I'll leave it that way for the time being. If there are new spam floods, please feel free to deactivate new user registrations entirely again (especially when I'm on vacation, which will be from June 10th to 24th.) In this case I'll have to find a way to make the CAPTCHA work after I return, either by fixing that reCaptcha plugin or be writing my own.

I've upgraded to the latest phpBB version, they now can do "wave distortions" in he CAPTCHA - wow! But I still have the impression that the guys who wrote phpBB's GD captcha have no idea about what a CAPTCHA is about. It seems that they try to make the CAPTCHA hard for humans to read (e.g. using very low contrast between the letters and the background), yet fail to see that this doesn't necessarily mean that it's also difficult for a machine to read (which has no problem in distinguishing rgb 0x774433 from 0x774432.) The heck with it, why can't they rely on something that's proven to work, like reCaptcha?

I think I'll spend a day or two to write a phpBB CG captcha cracker - it shouldn't be that hard after all. Releasing that on sourceforge should finally force them to include some serious CAPTCHA functions.

I've tried to install a reCaptcha plugin, but it doesn't seem to work (and if it would, it would only do so until the next upgrade, as we all know that the install instructions for phpBB plugin usually contain hundreds of "open source file xy, find the line 'blablabla', replace it with 'blblbl', etc." lines.)

Ok, enough whining, let's hope that the glorious "wave distortions" will keep the bots away for at least a few weeks.
sascha
Site Admin
 
Posts: 2792
Joined: Thu May 20, 2004 9:16 am
Location: Austria

Next

Return to Webpage

Who is online

Users browsing this forum: No registered users and 1 guest

cron