project-navigation
Personal tools

Author Topic: You have been spammed / Secure your forum  (Read 4957 times)

steven2395

  • Guest
You have been spammed / Secure your forum
« on: July 07, 2007, 12:31:53 pm »
Hi!

Your forum is wide open to automatic registrations and postings. Spammers can use it to spread their junk automatically, just like we did to send you this message.

Please read this article to learn how we did this and how to secure your forum against this pest:
http://www.beehave.de/forum/viewtopic.php?t=1400

This is a one-time posting by 'Projekt SpamBot 2.0' to help forum-admins to secure their software. This account will not be used again, you can delete it (and this post) if you wish.
(We know we said it would have been a one time-posting the last time, but now being able to crack phpBB's CAPTCHA and the 'Humanizer' so easily lead us to version 2.0 to tell the community *again* how unsafe phpBB is.)

phpBB's standard-CAPTCHA is NOT safe. If you activated it for your forum, this post is the proof that it can be broken. This post shows how it was done:
http://www.beehave.de/forum/viewtopic.php?p=10122#10122
Also the standard-'Humanizer' offers no security. You'll agree if you have it installed and have this text posted to your forum.

If you still believe, this is 'regular' spam and clicking on our links will do harm to you, kill your pet or empty your bankaccount: don't click, but help yourself to some MODs to stop spammers.
We recommend at least 'Advanced Visual Confirmation' and 'Unique Registration Hash' which can be found at phpbbhacks.com or the MOD-database on phpbb.com.

Greetings,
pseudocode


PS: if you want to contact us, please follow the link and contribute to our discussion. E-Mails and PMs to this account as well as replies to this post will not be read.

Offline BTAxis

  • Administrator
  • PHALANX Commander
  • *******
  • Posts: 2607
    • View Profile
You have been spammed / Secure your forum
« Reply #1 on: July 07, 2007, 04:45:04 pm »
Should we do anything about this? I'm deleting a spam post about once every other day. I don't know how many other mods delete in that period, but I wouldn't say we're being overrun by spambots.

Offline Destructavator

  • Combination Multiple Specialty Developer
  • Administrator
  • PHALANX Commander
  • *****
  • Posts: 1908
  • Creater of Scorchcrafter, knows the zarakites...
    • View Profile
You have been spammed / Secure your forum
« Reply #2 on: July 07, 2007, 07:22:18 pm »
I know for a fact there are some alternatives to phpBB that are also open-source - One that I use on my own website forum is called Vanilla.  With Vanilla I get no spam whatsoever, and I've used it for about a month after switching from phpBB.

I can't remember off-hand which alternative BB programs have utilities to convert all old or existing phpBB posts and accounts over, and I know it's up to you admins which software to use, but I think that if you stick with phpBB you'll probably have to constantly police the forum for spam and keep using patches to stop automated bots from registering.  (Kind of like MS Windows and security.)

As a final note, I've seen a few other places running Vanilla, and they get no spam either.

Just a suggestion...

Kamu

  • Guest
You have been spammed / Secure your forum
« Reply #3 on: July 14, 2007, 07:18:14 pm »
Should be able to tack on another CAPTCHA or something.

Otherwise a nice forum to use is simple machine forums.

Charlie

  • Guest
You have been spammed / Secure your forum
« Reply #4 on: July 17, 2007, 08:28:22 am »
Quote from: "BTAxis"
Should we do anything about this? I'm deleting a spam post about once every other day. I don't know how many other mods delete in that period, but I wouldn't say we're being overrun by spambots.


Indeed you should.


npsbre

  • Guest
You have been spammed / Secure your forum
« Reply #5 on: July 18, 2007, 03:50:06 pm »
Quote from: "BTAxis"
but I wouldn't say we're being overrun by spambots.


Actually, looking at your members page, the majority of your registered "members" are spam script entries.

But if it's a choice between working/playing with the game and dealing with spam, I'd say keep up the great work (UFO:AI is definitely one of the best open source games I've been watching) and forget about the spam :).

Offline BTAxis

  • Administrator
  • PHALANX Commander
  • *******
  • Posts: 2607
    • View Profile
You have been spammed / Secure your forum
« Reply #6 on: July 18, 2007, 04:03:53 pm »
Yeah, we have a ton of spam accounts. But as long as they don't actually post, I don't think that's a problem.