Page Index Toggle Pages: [1] 2 3 
Topic Tools
Very Hot Topic (More than 25 Replies) Forum Spam - Our Solution (Read 12,268 times)
AndyInSpain
Full Member
***
Offline



Posts: 283
Forum Spam - Our Solution
Nov 4th, 2011 at 10:33am
Post Tools
Hello all,

With forum spam reaching higher and higher levels, many YaBB forum administrators are having to spend more time dealing with the problem. I would estimate that attempted spam on our forums has increased at least tenfold in the last year.

I am also absolutely certain that robots have been developed which crack the standard YaBB Captcha, because the vast majority of attempted registrations are undoubtedly from robots, yet the Captcha does not dseem to stop them, no matter how it is configured.

Pre-registration with admin approval does not seem to be doing a lot to stop the attempted registrations either; we have been getting perhaps 25 - 30 spammer registrations every day, which needs a lot of effort to keep on top of and reject/delete.

So I had an idea which seems to have worked perfectly, and I would like to share it with other YaBB administrators. It has decreased our attempted spam registrations to...zero. And it was very easy to implement, using YaBB 2.5 AE.

What I did was to create an extra Profile field. The label for this is "Security check: what is 25 + 13"?". I set the field to numeric, with a maximum 2 character size, and made it compulsory to enter data in. I set the field to be visible in registration but nowhere else.

Now, obviously the logic does not exis t to check that the correct solution has been entered, as one sees on many websites which use this type of numerical security check. But this does not matter. The point is that a spam robot will not know that it has to enter a number, which can be no more than 2 digits long. And this in itself seems to be stopping the robots from registering. Since implementing this field in registration three days ago, we have not had *one* successful attempt to gain entry. Obviously I checked that a human can still register!  Smiley

I'm not saying this will work for you, but it may be worth a try. I just wanted to share this with other forums in the interest of combatting a common enemy.

And I really believe that a new version of the standard YaBB Captcha is overdue, because the current one has been cracked. My recent experience seems to have proved that the vast majority of registration attempts are robots, and, logically,  in order to register they have got through the Captcha.

I also wish that there could be a concerted international effort to track down and punish the spammers hard, because these parasites are ruining the internet for others and destroying countless hours of hard work. I don't think the problem is taken as seriously as it should be. To my mind, writing and propogating spam robots should carry a mandatory jail sentence. It might deter a few code kiddies from going into this type of activity.

Kind regards

Andy Briggs
Publisher, Science File
http://www.sciencefile.org










  
Back to top
 
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 4,031
Location: Land of the Blazing Sun!

YaBB 2.6.1
Re: Forum Spam - Our Solution
Reply #1 - Nov 4th, 2011 at 11:16am
Post Tools
"Brill"

Good Thinking Andy!

Wink

And I just realized something very bad
« Last Edit: Nov 4th, 2011 at 11:19am by JonB »  

I find your lack of faith disturbing.
Back to top
IP Logged
 
Derek Barnstorm
Support Team
YaBB Next Team
Development Team
Beta Testers
****
Offline



Posts: 1,269
Location: United Kingdom

None
Re: Forum Spam - Our Solution
Reply #2 - Nov 4th, 2011 at 2:58pm
Post Tools
JonB wrote on Nov 4th, 2011 at 11:16am:
And I just realized something very bad

What's that? The fact that he gave away that the question doesn't need an answer, or am I missing something?

Oh, there is a Mod purposely for questions like that:

http://www.boardmod.org/yabb2/YaBB.pl?num=1316894374

And SpamFruits does the same sort of thing:

http://www.boardmod.org/yabb2/YaBB.pl?num=1319393134
« Last Edit: Nov 4th, 2011 at 3:00pm by Derek Barnstorm »  
Back to top
 
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 4,031
Location: Land of the Blazing Sun!

YaBB 2.6.1
Re: Forum Spam - Our Solution
Reply #3 - Nov 4th, 2011 at 4:30pm
Post Tools
Yes and no, actually - that posting the fix 'would mean it could be 'programmed against', because there is no real 'answer'.  So yes, I guess... LOL

The brilliant part is that it requires no 'mod' to make it work. Its 'reverse-social-engineering' - it only works AGAINST bots.

And Andy agreed with me.

Quote:
Believe it or not, I was in two minds about posting my suggestion for stopping spammers, for precisely the reasons you state - being concerned about publicising it. On the other hand, I felt I owed it to the community to help them out.

As I said, my solution is very simple but seems to be, so far, totally effective, although obviously I am not going to claim it's a universal panacea.

I have absoluely no problem with you moving the post to the private board - in fact it's a very good idea.

Just out of interest, our members have not been using YaBB for over a year. We moved to forum software called Kunena, which runs under the Joomla CMS  and that what the main Science File site is written in. Before, we had the YaBB forums and the main site, with no interactin between the two, and it was always my intent to integrate the forums with the main site.

However, we've had a year of problems with Kunena - odd and seemingly unsolvable errors, frequent downtime to fix problems and so on, so I gave our members the choice of going back to YaBB - and theoy voted to unanimously. They are happy being back in a reliable,  stable environment which always works, and where any downtime is always my fault. Smiley So,  although for me it's not ideal having effectively two sites, the members are happy, which is the main thing.

All the best Jon

Andy.


My thought is that we PM the fix to anyone who requests it.  Hopefully, NOT to any spammers.

I'd be interested to hear what you think.

Cool
« Last Edit: Nov 4th, 2011 at 4:31pm by JonB »  

I find your lack of faith disturbing.
Back to top
IP Logged
 
Derek Barnstorm
Support Team
YaBB Next Team
Development Team
Beta Testers
****
Offline



Posts: 1,269
Location: United Kingdom

None
Re: Forum Spam - Our Solution
Reply #4 - Nov 4th, 2011 at 4:39pm
Post Tools
I think we'll just have to see how it goes in the longer term - my guess is that it won't be too long before there are random stabs at the input field - which ultimately doesn't work. I had someone get past my Anti-Spam Question for the first time this morning, but I'm guessing that was human.

I think only time will tell...
  
Back to top
 
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 4,031
Location: Land of the Blazing Sun!

YaBB 2.6.1
Re: Forum Spam - Our Solution
Reply #5 - Nov 20th, 2011 at 2:56pm
Post Tools
Moved to English Support > General
  

I find your lack of faith disturbing.
Back to top
IP Logged
 
BloodyRue
Junior Member
**
Offline



Posts: 83

None
Re: Forum Spam - Our Solution
Reply #6 - Nov 21st, 2011 at 12:35pm
Post Tools
Running their software for knowledge?

Someone ought to get their spamkits and run them against yabb boards to see what they do and learn how to program against them.

I am currently seeing that since I installed Yamms there are fewer making it to the stopforumspam error.
  

   
Back to top
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 4,031
Location: Land of the Blazing Sun!

YaBB 2.6.1
Re: Forum Spam - Our Solution
Reply #7 - Nov 21st, 2011 at 1:20pm
Post Tools
Bloody Rue -

I would say: "that is on the agenda". - with some precautions taken.

Wink
  

I find your lack of faith disturbing.
Back to top
IP Logged
 
jon666
Junior Member
**
Offline



Posts: 83
Re: Forum Spam - Our Solution
Reply #8 - Nov 23rd, 2011 at 6:52pm
Post Tools
Too bad this can't be done in Yabb 2.4 as it's a great idea. Any chance of a modification for the 2.4 registration page to include the numeric question field?
  
Back to top
 
IP Logged
 
Derek Barnstorm
Support Team
YaBB Next Team
Development Team
Beta Testers
****
Offline



Posts: 1,269
Location: United Kingdom

None
Re: Forum Spam - Our Solution
Reply #9 - Nov 23rd, 2011 at 7:09pm
Post Tools
If you mean what Andy suggests in the first post, then it's just done with extended profiles fields, so it can be done in exactly the same way in 2.4 as it is in 2.5.

If you want to use the Anti-Spam Question and the 2.5 version doesn't work, try the mod file for 2.3 attached here:

http://www.boardmod.org/yabb2/YaBB.pl?num=1316894374/4#4

I haven't tested that Mod at all on 2.4 though.
« Last Edit: Nov 23rd, 2011 at 7:12pm by Derek Barnstorm »  
Back to top
 
IP Logged
 
forumguy99
Junior Member
**
Offline



Posts: 96
Re: Forum Spam - Our Solution
Reply #10 - Nov 23rd, 2011 at 10:52pm
Post Tools
How do you install the Anti-Spam Question ? There simple instructions?
  
Back to top
 
IP Logged
 
Derek Barnstorm
Support Team
YaBB Next Team
Development Team
Beta Testers
****
Offline



Posts: 1,269
Location: United Kingdom

None
Re: Forum Spam - Our Solution
Reply #11 - Nov 23rd, 2011 at 11:13pm
Post Tools
You can either user the BoardMod program - have read though this in the YaBB Codex:

http://www.yabbforum.com/codex/YaBB.pl?num=1190677475

Or install the Mod manually:

http://www.yabbforum.com/codex/YaBB.pl?num=1190677214

You might find it a little confusing for a start, but if you stick with it you'll soon realize how simple it is.
  
Back to top
 
IP Logged
 
jon666
Junior Member
**
Offline



Posts: 83
Re: Forum Spam - Our Solution
Reply #12 - Nov 24th, 2011 at 7:56pm
Post Tools
Derek Barnstorm wrote on Nov 23rd, 2011 at 7:09pm:
If you mean what Andy suggests in the first post, then it's just done with extended profiles fields, so it can be done in exactly the same way in 2.4 as it is in 2.5.

I just can't figure how setting an extra profile field that,  (in my experience at least),  shows up only on a member's profile page would appear on the registration page. In the past  I've added several fields in Extended Profiles, but have never seen an option to display them anywhere but in a profile page. (Yabb 2.4)
  
Back to top
 
IP Logged
 
Derek Barnstorm
Support Team
YaBB Next Team
Development Team
Beta Testers
****
Offline



Posts: 1,269
Location: United Kingdom

None
Re: Forum Spam - Our Solution
Reply #13 - Nov 24th, 2011 at 8:16pm
Post Tools
Hi,

See the attached image. Smiley
  

EPRegSet.png ( 78 KB | 158 Downloads )
EPRegSet.png
Back to top
 
IP Logged
 
jon666
Junior Member
**
Offline



Posts: 83
Re: Forum Spam - Our Solution
Reply #14 - Nov 26th, 2011 at 1:38am
Post Tools
Thanks Derek but the screen you attached does not exist in Yabb 2.4 at Admin Center > Forum Configuration > Profile Fields

All I see is Extended Profiles, Edit Existing Profile Fields, Create New Profile Field, Reorder Profile Fields, and Convert Old Extended Profile Fields.
  
Back to top
 
IP Logged
 
Page Index Toggle Pages: [1] 2 3 
Topic Tools