YaBB Community and Support Forum
YaBB Home About YaBB Download YaBB YaBB Support Customize Your Forum Development Contribute to the Project
  Welcome, Guest. Please Login or Register


 
Pages: 1 2 3 
Topic Tools
 
Forum Spam - Our Solution (Read 9,418 times)
 Nov 4th, 2011 at 10:33am
There are no actions to perform.  

AndyInSpain 
Full Member
***
Offline
Posts: 283


None
Forum Spam - Our Solution
Hello all,

With forum spam reaching higher and higher levels, many YaBB forum administrators are having to spend more time dealing with the problem. I would estimate that attempted spam on our forums has increased at least tenfold in the last year.

I am also absolutely certain that robots have been developed which crack the standard YaBB Captcha, because the vast majority of attempted registrations are undoubtedly from robots, yet the Captcha does not dseem to stop them, no matter how it is configured.

Pre-registration with admin approval does not seem to be doing a lot to stop the attempted registrations either; we have been getting perhaps 25 - 30 spammer registrations every day, which needs a lot of effort to keep on top of and reject/delete.

So I had an idea which seems to have worked perfectly, and I would like to share it with other YaBB administrators. It has decreased our attempted spam registrations to...zero. And it was very easy to implement, using YaBB 2.5 AE.

What I did was to create an extra Profile field. The label for this is "Security check: what is 25 + 13"?". I set the field to numeric, with a maximum 2 character size, and made it compulsory to enter data in. I set the field to be visible in registration but nowhere else.

Now, obviously the logic does not exis t to check that the correct solution has been entered, as one sees on many websites which use this type of numerical security check. But this does not matter. The point is that a spam robot will not know that it has to enter a number, which can be no more than 2 digits long. And this in itself seems to be stopping the robots from registering. Since implementing this field in registration three days ago, we have not had *one* successful attempt to gain entry. Obviously I checked that a human can still register!  Smiley

I'm not saying this will work for you, but it may be worth a try. I just wanted to share this with other forums in the interest of combatting a common enemy.

And I really believe that a new version of the standard YaBB Captcha is overdue, because the current one has been cracked. My recent experience seems to have proved that the vast majority of registration attempts are robots, and, logically,  in order to register they have got through the Captcha.

I also wish that there could be a concerted international effort to track down and punish the spammers hard, because these parasites are ruining the internet for others and destroying countless hours of hard work. I don't think the problem is taken as seriously as it should be. To my mind, writing and propogating spam robots should carry a mandatory jail sentence. It might deter a few code kiddies from going into this type of activity.

Kind regards

Andy Briggs
Publisher, Science File
http://www.sciencefile.org










 
 
IP Logged  
 Reply #1 - Nov 4th, 2011 at 11:16am
There are no actions to perform.  

JonB 
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 3,643
Land of the Blazing Sun!


None
Re: Forum Spam - Our Solution
"Brill"

Good Thinking Andy!

Wink

And I just realized something very bad
« Last Edit: Nov 4th, 2011 at 11:19am by JonB »  
I find your lack of faith disturbing.
jonbservergeek  
IP Logged  
 Reply #2 - Nov 4th, 2011 at 2:58pm
There are no actions to perform.  

Derek Barnstorm 
Support Team
YaBB Next Team
Development Team
Beta Testers
****
Offline
Posts: 1,269
United Kingdom


YaBB 2.5
Re: Forum Spam - Our Solution
JonB wrote on Nov 4th, 2011 at 11:16am:
And I just realized something very bad

What's that? The fact that he gave away that the question doesn't need an answer, or am I missing something?

Oh, there is a Mod purposely for questions like that:

http://www.boardmod.org/yabb2/YaBB.pl?num=1316894374

And SpamFruits does the same sort of thing:

http://www.boardmod.org/yabb2/YaBB.pl?num=1319393134
« Last Edit: Nov 4th, 2011 at 3:00pm by Derek Barnstorm »  
 
IP Logged  
 Reply #3 - Nov 4th, 2011 at 4:30pm
There are no actions to perform.  

JonB 
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 3,643
Land of the Blazing Sun!


None
Re: Forum Spam - Our Solution
Yes and no, actually - that posting the fix 'would mean it could be 'programmed against', because there is no real 'answer'.  So yes, I guess... LOL

The brilliant part is that it requires no 'mod' to make it work. Its 'reverse-social-engineering' - it only works AGAINST bots.

And Andy agreed with me.

Quote:
Believe it or not, I was in two minds about posting my suggestion for stopping spammers, for precisely the reasons you state - being concerned about publicising it. On the other hand, I felt I owed it to the community to help them out.

As I said, my solution is very simple but seems to be, so far, totally effective, although obviously I am not going to claim it's a universal panacea.

I have absoluely no problem with you moving the post to the private board - in fact it's a very good idea.

Just out of interest, our members have not been using YaBB for over a year. We moved to forum software called Kunena, which runs under the Joomla CMS  and that what the main Science File site is written in. Before, we had the YaBB forums and the main site, with no interactin between the two, and it was always my intent to integrate the forums with the main site.

However, we've had a year of problems with Kunena - odd and seemingly unsolvable errors, frequent downtime to fix problems and so on, so I gave our members the choice of going back to YaBB - and theoy voted to unanimously. They are happy being back in a reliable,  stable environment which always works, and where any downtime is always my fault. Smiley So,  although for me it's not ideal having effectively two sites, the members are happy, which is the main thing.

All the best Jon

Andy.


My thought is that we PM the fix to anyone who requests it.  Hopefully, NOT to any spammers.

I'd be interested to hear what you think.

Cool
« Last Edit: Nov 4th, 2011 at 4:31pm by JonB »  
I find your lack of faith disturbing.
jonbservergeek  
IP Logged  
 Reply #4 - Nov 4th, 2011 at 4:39pm
There are no actions to perform.  

Derek Barnstorm 
Support Team
YaBB Next Team
Development Team
Beta Testers
****
Offline
Posts: 1,269
United Kingdom


YaBB 2.5
Re: Forum Spam - Our Solution
I think we'll just have to see how it goes in the longer term - my guess is that it won't be too long before there are random stabs at the input field - which ultimately doesn't work. I had someone get past my Anti-Spam Question for the first time this morning, but I'm guessing that was human.

I think only time will tell...
 
 
IP Logged  
 Reply #5 - Nov 20th, 2011 at 2:56pm
There are no actions to perform.  

JonB 
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 3,643
Land of the Blazing Sun!


None
Re: Forum Spam - Our Solution
Moved to English Support > General
 
I find your lack of faith disturbing.
jonbservergeek  
IP Logged  
 Reply #6 - Nov 21st, 2011 at 12:35pm
There are no actions to perform.  

BloodyRue 
Junior Member
**
Offline
Posts: 83


YaBB 2.5
Re: Forum Spam - Our Solution
Running their software for knowledge?

Someone ought to get their spamkits and run them against yabb boards to see what they do and learn how to program against them.

I am currently seeing that since I installed Yamms there are fewer making it to the stopforumspam error.
 
...    ...
WWW MVMB1  
IP Logged  
 Reply #7 - Nov 21st, 2011 at 1:20pm
There are no actions to perform.  

JonB 
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 3,643
Land of the Blazing Sun!


None
Re: Forum Spam - Our Solution
Bloody Rue -

I would say: "that is on the agenda". - with some precautions taken.

Wink
 
I find your lack of faith disturbing.
jonbservergeek  
IP Logged  
 Reply #8 - Nov 23rd, 2011 at 6:52pm
There are no actions to perform.  

jon666 
Junior Member
**
Offline
Posts: 83


None
Re: Forum Spam - Our Solution
Too bad this can't be done in Yabb 2.4 as it's a great idea. Any chance of a modification for the 2.4 registration page to include the numeric question field?
 
 
IP Logged  
 Reply #9 - Nov 23rd, 2011 at 7:09pm
There are no actions to perform.  

Derek Barnstorm 
Support Team
YaBB Next Team
Development Team
Beta Testers
****
Offline
Posts: 1,269
United Kingdom


YaBB 2.5
Re: Forum Spam - Our Solution
If you mean what Andy suggests in the first post, then it's just done with extended profiles fields, so it can be done in exactly the same way in 2.4 as it is in 2.5.

If you want to use the Anti-Spam Question and the 2.5 version doesn't work, try the mod file for 2.3 attached here:

http://www.boardmod.org/yabb2/YaBB.pl?num=1316894374/4#4

I haven't tested that Mod at all on 2.4 though.
« Last Edit: Nov 23rd, 2011 at 7:12pm by Derek Barnstorm »  
 
IP Logged  
 Reply #10 - Nov 23rd, 2011 at 10:52pm
There are no actions to perform.  

forumguy99 
Junior Member
**
Offline
Posts: 96


None
Re: Forum Spam - Our Solution
How do you install the Anti-Spam Question ? There simple instructions?
 
 
IP Logged  
 Reply #11 - Nov 23rd, 2011 at 11:13pm
There are no actions to perform.  

Derek Barnstorm 
Support Team
YaBB Next Team
Development Team
Beta Testers
****
Offline
Posts: 1,269
United Kingdom


YaBB 2.5
Re: Forum Spam - Our Solution
You can either user the BoardMod program - have read though this in the YaBB Codex:

http://www.yabbforum.com/codex/YaBB.pl?num=1190677475

Or install the Mod manually:

http://www.yabbforum.com/codex/YaBB.pl?num=1190677214

You might find it a little confusing for a start, but if you stick with it you'll soon realize how simple it is.
 
 
IP Logged  
 Reply #12 - Nov 24th, 2011 at 7:56pm
There are no actions to perform.  

jon666 
Junior Member
**
Offline
Posts: 83


None
Re: Forum Spam - Our Solution
Derek Barnstorm wrote on Nov 23rd, 2011 at 7:09pm:
If you mean what Andy suggests in the first post, then it's just done with extended profiles fields, so it can be done in exactly the same way in 2.4 as it is in 2.5.

I just can't figure how setting an extra profile field that,  (in my experience at least),  shows up only on a member's profile page would appear on the registration page. In the past  I've added several fields in Extended Profiles, but have never seen an option to display them anywhere but in a profile page. (Yabb 2.4)
 
 
IP Logged  
 Reply #13 - Nov 24th, 2011 at 8:16pm
There are no actions to perform.  

Derek Barnstorm 
Support Team
YaBB Next Team
Development Team
Beta Testers
****
Offline
Posts: 1,269
United Kingdom


YaBB 2.5
Re: Forum Spam - Our Solution
Hi,

See the attached image. Smiley
 
EPRegSet.png (78 KB | 159 )
EPRegSet.png
 
IP Logged  
 Reply #14 - Nov 26th, 2011 at 1:38am
There are no actions to perform.  

jon666 
Junior Member
**
Offline
Posts: 83


None
Re: Forum Spam - Our Solution
Thanks Derek but the screen you attached does not exist in Yabb 2.4 at Admin Center > Forum Configuration > Profile Fields

All I see is Extended Profiles, Edit Existing Profile Fields, Create New Profile Field, Reorder Profile Fields, and Convert Old Extended Profile Fields.
 
 
IP Logged  
Pages: 1 2 3 
Topic Tools
 

Get Yet another Bulletin Board at SourceForge.net. Fast, secure and Free Open Source software downloads Support This Project BoardMod - YaBB features and templates YaBB Codex - support on installation and usage YaBB Toolbar for your browser

YaBB Facebook Group Page

Vulnerability Scanner

Valid RSS Valid XHTML Valid CSS Powered by Perl
YaBB Chat and Support Community » Powered by YaBB 3.0 Beta!
YaBB Forum Software © 2000-2011. All Rights Reserved.