Jump to content


Photo

member web pages


  • Please log in to reply
4 replies to this topic

#1 Nonstop

Nonstop
  • Members
  • 36 posts
  • Gender:Male
  • Location:Arizona, USA

Posted 06 March 2006 - 09:10 PM

I have always enjoyed looking at the member webpages to see how the NextGrid was being used but lately it apears most of your new users since #161 have been spammers and not real users.

I don't know what you can do about it but just wanted to let you know.

Steve...

#2 lmcbmai

lmcbmai
  • Members
  • 21 posts
  • Gender:Male
  • Location:Montreal, QC, Canada
  • Interests:Software design, F1 auto racing

Posted 16 March 2006 - 11:37 PM

Hi,

I am using the same phpBB software to run my own forum for TeraTerm support. I had lots of different types of issues with spamming including the one you are reporting here. I solved them all but taking the following measures:
1) Registration on the forum should be done in 2 steps, using e-mail activation. The option in General forum configuration has to be set to
QUOTE
Enable account activation: User

If the user does not activate his/her account during 2 weeks I am manually deleting it.

2) I enabled Visual Confirmation during registration. It requires users to enter a code defined by an image when registering.

3) I disallowed non registered users to post.

On top of that phpBB software should be periodically upgraded. The latest version is 2.0.19

#3 Boki (Berg)

Boki (Berg)

    Boki (Berg)

  • Forum Admin
  • PipPipPipPipPip
  • 7,774 posts
  • Gender:Male

Posted 17 March 2006 - 03:24 AM

Hello,

Yes, I have see this sad.gif I have delete some "non-existing" members, but this not help. I will enable this options first, then we will switch to Invision Power Board forum.

regards
boki@bergsoft.net | LinkedIn Profile
--
BergSoft Home Page: www.bergsoft.net
Members Section: bms.bergsoft.net
Articles and Tutorials: dn.bergsoft.net (Developers Network)
--
BergSoft Facebook page
--
Send us applications made with our components and we will submit them on: www.bergsoft.net/apps.htm. Link to this page will be also set on home page too.

#4 lmcbmai

lmcbmai
  • Members
  • 21 posts
  • Gender:Male
  • Location:Montreal, QC, Canada
  • Interests:Software design, F1 auto racing

Posted 01 April 2006 - 05:15 PM

Hi,

Since I got recently few new "fake" users in my forum, I implemented further restrictions by changing PHP code of phpBB.

First of all I removed all secondary fields from new user registration form i.e. no any of the following fields
- ICQ Number
- AIM Address
- MSN Messenger
- Yahoo Messenger
- Website
- Location
- Occupation
- Interests
- Signature
If even the registration data will be generated by other fake form, above mentioned fields still will not be stored in the database. Once user will get activation e-mail and activate his account, then he can update his profile and fill the fields listed above.

The second measure I took is adding blacklist of e-mails and web site addresses. If any of these 2 fields is blacklisted, new user will not be able to register.

And finally I added cleanup procedure that automatically deletes inactive users that stayed inactive for 2 weeks or more.

So far everything looks good smile.gif

#5 lmcbmai

lmcbmai
  • Members
  • 21 posts
  • Gender:Male
  • Location:Montreal, QC, Canada
  • Interests:Software design, F1 auto racing

Posted 02 October 2006 - 01:18 AM

Hi all,

I want to share the approach that I used recently on my own forum to get rid of spam-users which so-far gave me 100% success result biggrin.gif . I am running phpBB however it can be applied to any open source forum software. But (as always there is one "but" smile.gif) you need to know php or the other language your forum is written on.

Since the spam-users are not created by the real people but the scripts that are emulating POST from new member registration form (which is easy to do as the source of the forum is open) all you need to protect your forum is to add one new mandatory field to your registartion form. On form submittion check if this field contain the value you expect or just is not empty string and in case it is missing - do not provision new user. The new field can be whatever you like starting "enter your year of birth" ending "I agree to follow main business ethics rules while adding new posts". Give the html form field containing this value any name of your choice and validate that in POST data it exists and contains whatever you expect.

I have already switched off random image based validation field in new member registration form. As the next step I might deactivate all the changes I described in the earlier posts in this thread.

If you need more details, contact me by e-mail at boris(at)neocom.ca




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users