Page Index Toggle Pages: 1 2 [3] 
Topic Tools
Very Hot Topic (More than 25 Replies) Forum Spam - Our Solution (Read 10,735 times)
BloodyRue
Junior Member
**
Offline



Posts: 83

None
Re: Forum Spam - Our Solution
Reply #6 - Nov 21st, 2011 at 12:35pm
Post Tools
Running their software for knowledge?

Someone ought to get their spamkits and run them against yabb boards to see what they do and learn how to program against them.

I am currently seeing that since I installed Yamms there are fewer making it to the stopforumspam error.
  

   
Back to top
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 3,785
Location: Land of the Blazing Sun!

YaBB 2.6.0
Re: Forum Spam - Our Solution
Reply #5 - Nov 20th, 2011 at 2:56pm
Post Tools
Moved to English Support > General
  

I find your lack of faith disturbing.
Back to top
IP Logged
 
Derek Barnstorm
Support Team
YaBB Next Team
Development Team
Beta Testers
****
Offline



Posts: 1,269
Location: United Kingdom

None
Re: Forum Spam - Our Solution
Reply #4 - Nov 4th, 2011 at 4:39pm
Post Tools
I think we'll just have to see how it goes in the longer term - my guess is that it won't be too long before there are random stabs at the input field - which ultimately doesn't work. I had someone get past my Anti-Spam Question for the first time this morning, but I'm guessing that was human.

I think only time will tell...
  
Back to top
 
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 3,785
Location: Land of the Blazing Sun!

YaBB 2.6.0
Re: Forum Spam - Our Solution
Reply #3 - Nov 4th, 2011 at 4:30pm
Post Tools
Yes and no, actually - that posting the fix 'would mean it could be 'programmed against', because there is no real 'answer'.  So yes, I guess... LOL

The brilliant part is that it requires no 'mod' to make it work. Its 'reverse-social-engineering' - it only works AGAINST bots.

And Andy agreed with me.

Quote:
Believe it or not, I was in two minds about posting my suggestion for stopping spammers, for precisely the reasons you state - being concerned about publicising it. On the other hand, I felt I owed it to the community to help them out.

As I said, my solution is very simple but seems to be, so far, totally effective, although obviously I am not going to claim it's a universal panacea.

I have absoluely no problem with you moving the post to the private board - in fact it's a very good idea.

Just out of interest, our members have not been using YaBB for over a year. We moved to forum software called Kunena, which runs under the Joomla CMS  and that what the main Science File site is written in. Before, we had the YaBB forums and the main site, with no interactin between the two, and it was always my intent to integrate the forums with the main site.

However, we've had a year of problems with Kunena - odd and seemingly unsolvable errors, frequent downtime to fix problems and so on, so I gave our members the choice of going back to YaBB - and theoy voted to unanimously. They are happy being back in a reliable,  stable environment which always works, and where any downtime is always my fault. Smiley So,  although for me it's not ideal having effectively two sites, the members are happy, which is the main thing.

All the best Jon

Andy.


My thought is that we PM the fix to anyone who requests it.  Hopefully, NOT to any spammers.

I'd be interested to hear what you think.

Cool
« Last Edit: Nov 4th, 2011 at 4:31pm by JonB »  

I find your lack of faith disturbing.
Back to top
IP Logged
 
Derek Barnstorm
Support Team
YaBB Next Team
Development Team
Beta Testers
****
Offline



Posts: 1,269
Location: United Kingdom

None
Re: Forum Spam - Our Solution
Reply #2 - Nov 4th, 2011 at 2:58pm
Post Tools
JonB wrote on Nov 4th, 2011 at 11:16am:
And I just realized something very bad

What's that? The fact that he gave away that the question doesn't need an answer, or am I missing something?

Oh, there is a Mod purposely for questions like that:

http://www.boardmod.org/yabb2/YaBB.pl?num=1316894374

And SpamFruits does the same sort of thing:

http://www.boardmod.org/yabb2/YaBB.pl?num=1319393134
« Last Edit: Nov 4th, 2011 at 3:00pm by Derek Barnstorm »  
Back to top
 
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 3,785
Location: Land of the Blazing Sun!

YaBB 2.6.0
Re: Forum Spam - Our Solution
Reply #1 - Nov 4th, 2011 at 11:16am
Post Tools
"Brill"

Good Thinking Andy!

Wink

And I just realized something very bad
« Last Edit: Nov 4th, 2011 at 11:19am by JonB »  

I find your lack of faith disturbing.
Back to top
IP Logged
 
AndyInSpain
Full Member
***
Offline



Posts: 283
Forum Spam - Our Solution
Nov 4th, 2011 at 10:33am
Post Tools
Hello all,

With forum spam reaching higher and higher levels, many YaBB forum administrators are having to spend more time dealing with the problem. I would estimate that attempted spam on our forums has increased at least tenfold in the last year.

I am also absolutely certain that robots have been developed which crack the standard YaBB Captcha, because the vast majority of attempted registrations are undoubtedly from robots, yet the Captcha does not dseem to stop them, no matter how it is configured.

Pre-registration with admin approval does not seem to be doing a lot to stop the attempted registrations either; we have been getting perhaps 25 - 30 spammer registrations every day, which needs a lot of effort to keep on top of and reject/delete.

So I had an idea which seems to have worked perfectly, and I would like to share it with other YaBB administrators. It has decreased our attempted spam registrations to...zero. And it was very easy to implement, using YaBB 2.5 AE.

What I did was to create an extra Profile field. The label for this is "Security check: what is 25 + 13"?". I set the field to numeric, with a maximum 2 character size, and made it compulsory to enter data in. I set the field to be visible in registration but nowhere else.

Now, obviously the logic does not exis t to check that the correct solution has been entered, as one sees on many websites which use this type of numerical security check. But this does not matter. The point is that a spam robot will not know that it has to enter a number, which can be no more than 2 digits long. And this in itself seems to be stopping the robots from registering. Since implementing this field in registration three days ago, we have not had *one* successful attempt to gain entry. Obviously I checked that a human can still register!  Smiley

I'm not saying this will work for you, but it may be worth a try. I just wanted to share this with other forums in the interest of combatting a common enemy.

And I really believe that a new version of the standard YaBB Captcha is overdue, because the current one has been cracked. My recent experience seems to have proved that the vast majority of registration attempts are robots, and, logically,  in order to register they have got through the Captcha.

I also wish that there could be a concerted international effort to track down and punish the spammers hard, because these parasites are ruining the internet for others and destroying countless hours of hard work. I don't think the problem is taken as seriously as it should be. To my mind, writing and propogating spam robots should carry a mandatory jail sentence. It might deter a few code kiddies from going into this type of activity.

Kind regards

Andy Briggs
Publisher, Science File
http://www.sciencefile.org










  
Back to top
 
IP Logged
 
Page Index Toggle Pages: 1 2 [3] 
Topic Tools
 
  « Board Index ‹ Board  ^Top