View Full Version : Spam Bots on Forum
07-04-2006, 10:51 PM
Ok, so we started out the season fine in our forum
http://www.teamdriven.us/phpBB2/index.php but about halfway through, we started getting nailed with these bots from open proxy ports... I have done all I can think of to stop them, but all of the "mod's" i've installed haven't worked, or something is faulty. I have been going in there and deleting them about once a week, and every once in a while they post a nasty message, linking to innapropriate sites and stuff like that... i just really wanted to know how people here deal with them, and if i could get any help... thanks a lot :)
07-04-2006, 11:08 PM
Unless you have a really large team, do you even need a forum on your website? I used to have a forum on the site when I did the site for 696 and it never got used, and yes it got hit by spammers. None of them actually posted but they would register and have a link to their site in their profile.
To stop robots from registering, enable image verification. And e-mail verification probably isn't a bad idea either.
btw, I think the logo in the top left is very trick! :)
Jay H 237
07-04-2006, 11:20 PM
We're using phpBB for our team's forums and we've run into the same problem. We're going to upgrade to the latest version of phpBB and also see about implementing an image verification when signing up.
Temporarily we have banned one general location in the world where most of the spam has been originating on our board.
07-04-2006, 11:27 PM
well, our forum is generally used for information to the team about meetings, current progress, needed supplies, etc.
i just refreshed most of the subjects because a lot of our team is leaving, and most are irrelevant now... but yes, it gets used a lot... and how new is that version you are talking about? i got mine at the beginning of the season :)
07-04-2006, 11:34 PM
I'm running phpBB 2.0.18 (which I installed over 7 months ago) and it has image verification and I've yet to get any spammers. I didn't see an option to turn it on or off so it must just be there in 2.0.18 Perhaps in newer versions there is an option? You guys should check and if there is an option, turn it on.
EDIT: There is an option, see below.
07-04-2006, 11:40 PM
well, i have checked it through, and i dont see anything about image verif. and it doesn't have it... but we have version 2.0.19 which is even weirder... why would an older version have it, and the newer not...?
07-04-2006, 11:41 PM
do you have an image verif. mod installed?
07-05-2006, 12:11 AM
No, I do not, but I finally figured it out. A lot of templates for phpBB were made before 2.0.18 (the first version in which image verification was included) and leave that option out of the General Admin>Configuration page options. So here's what you need to do.
- Make sure you have the subSilver theme installed. If you don't have subSilver, make sure it is uploaded in the templates directory, and go to Styles Admin > Add in the Administration panel
-Go to General Admin> Configuration> Defualt Style and set it to subSilver
-Click Submit, then click to return to General Configuration
You should now have an option in there to "Enable Visual Confirmation"
-Turn it on.
-Change the forum defualt theme back to the theme you want
-Uninstall the subSilver theme from the Styles Management section.
As far as I know, that's the only option left out by old or ignorant templates so once you get image verification turned on, you shouldn't need subSilver anymore.
If the above didn't work, try this article http://www.phpbb.com/kb/article.php?article_id=329
07-05-2006, 09:32 AM
You guys had a problem wtih 180 on your forums too???
07-05-2006, 10:13 AM
thanks sanddrag :) it worked! now I'm just bummed that i can't have a sweet lookin theme up :(
07-05-2006, 12:20 PM
thanks sanddrag :) it worked! now I'm just bummed that i can't have a sweet lookin theme up :(Now that you have image verification enabled, you should be able to go back to your own theme and still have the image show up on the registration page. At least on my own forum, all I needed the subSilver for was for the admin page in which you enable the verification. Once I did that and switched back, all was well.
If you switch back to your cool theme and the image on the registration page goes away, I'm sure someone here can help find what code is missing in that theme.
Anyway, try going back to your sweet looking theme now.
07-05-2006, 03:01 PM
alright... but have you heard of spam bots who can get by that? because i have had 2 new spam bots join the forum since i have enabled it... which i find kind of weird?
07-05-2006, 03:51 PM
There are some spam bots that use technology such as this (http://www.cs.sfu.ca/~mori/research/gimpy/) to get around the text-images. You can use a block of interlaced multiple words or logic problems (also see that site for results; more effective).
I don't maintain any public/private fora, so I'm not sure if this is posible, but since I imagine it's mainly for communications within your team, ask for a one-time "code" when signing up such as the name of your robot or a passphrase you distribute at meetings.
I would think you could also restrict the fora by IP address (or by range for folks that use ISP's like comcast).
Hope this helps,
07-05-2006, 04:06 PM
I haven't had any problems with mine, but I have heard of problems with some of the older CAPTCHA methods being cracked. At this point, I'd just say to do a phpBB upgrade. But back up your database and files first To back up the database, I've found that doing an export in phpMyAdmin is most reliable. If you have phpMyAdmin, I'd say export it through there to back it up before upgrading. If not, use phpBBs built in database backup utility. Just be sure to read up on all issues before installing.
EDIT: This may sound dumb but I bet chaning th name of your directory in which the forum exists to something other than phpBB2 would help some.
07-05-2006, 04:08 PM
Depends on what level of access you have to your server. I have shell access, so I use IPTables to block their IP address.
If you don't have shell access, you can start banning their IP's in subnet's. It's a slower painful process, but it insures they won't strike again from the same server.
Create a file called ".htaccess"
Upload that file to your public_html root folder, or any other sub domain root folders. Keep adding IP's as you get them. The IP's I've posted below are "real" spammer IP's I've encountered, so this is a start for you.
where it says 403.shtml you can make it 403.html or 403.htm. Make sure you create a file with a message on it.
In that file put this:
allow from all
deny from 82.206.129.
deny from 68.101.83.
deny from 184.108.40.206
deny from 57.73.12.
deny from 81.31.113.
deny from 220.224.4.
deny from 220.224.0.
deny from 80.178.126.
deny from 62.57.116.
deny from 213.24.168.
deny from 202.147.168.
deny from 61.68.9.
deny from 65.41.113.
deny from 212.42.106.
deny from 83.32.132.
deny from 220.127.116.11
deny from 61.11.58.
deny from 65.93.26.
deny from 213.167.55.
deny from 81.199.6.
deny from 193.250.31.
deny from 69.50.191.
deny from 218.208.231.
deny from 203.212.242.
deny from 219.95.194.
deny from 83.229.100.
deny from 210.214.120.
deny from 192.168.0.
deny from 192.168.1.
deny from 220.226.17.
deny from 61.149.193.
deny from 211.148.6.
deny from 64.92.163.
deny from 18.104.22.168
deny from 22.214.171.124
deny from 70.24.73.
deny from 200.91.76.
deny from 218.65.251.
deny from 83.237.
deny from 80.134.
deny from 202.65.133.
deny from 195.5.23.
deny from 82.179.73.
deny from 86.104.170.
deny from 210.229.11.
deny from 69.245.115.
deny from 210.223.129.
deny from 58.234.241.
deny from 222.106.205.
deny from 222.109.235.
deny from 221.214.6.
deny from 80.4.224.
deny from 200.74.165.
deny from 210.91.235.
deny from 165.246.174.
deny from 200.63.213.
Other than that, we've paid for Invision Board. It seems to keep upto date. I recommend switching to a pay board. Pay boards tend to keep up to date better than free software boards.
07-05-2006, 04:39 PM
You can also block IPs in phpBB and in cPanel, but I don't know if you have cPanel (if not, you're missing out imho)
07-05-2006, 04:50 PM
ok, i'll try all of this... but i just lost access to my server because someone had found a way into it, and the company sent the PW to the team sponsor... and i am out of town... so i will try to upgrade once i get back... thanks a lot guys :)
07-05-2006, 10:13 PM
i kno its already been said, but upgrading works! lol i had the problem with it creating accounts n such...1 left a msg...so i upgraded it...and enabled image verification...n its all good so far
btw..if you have a skin installed...change ur config so that it goes to the subSilver theme first...b/c i had a problem with that...i forgot to change the skin and the board...well..broke.. and i had to change values in phoMyAdmin. you may need a new template if it's one you downloaded...im not sure how it is if you created your own.
hope this helped
07-13-2006, 12:35 PM
"Go to Administration Panel" > "General Admin (On Left)" > "Configuration" > "Enable Visual Confirmation" > Set to Yes > Submit > DONE!
vBulletin® v3.6.4, Copyright ©2000-2013, Jelsoft Enterprises Ltd.