no, we're not being hacked. i screwed up the header somehow - am trying to fix it...
-bill
header 'warning'
re spam- we're moving to an 'email confirmation' system - so all posters will have to have a valid email address - this tends to slow (but not stop) spam posts. on another funny note i'm starting to get requests from advertisers to 'sell space' on the forum - we're a victim of our own popularity!
bp
bp
Hello Bill,
I've been lurking for a while and finally joined. I'm greatly enjoying my C2 and keeping motivated as a member of the AZ Outlaws. Schenley (MomofJBN in the post above) is my better 7/8.
This thread caught my eye -- I run a PHPbb forum myself, and the email confirmation plus capcha should help with the spam...it did for us. But even with that, I did have enough problems that I finally had to hack it to (1) remove the member list and (2) change the "agree to terms" registration variable to something the bots couldn't recognize. #1 eliminates the incentive for bots to harvest email addresses, or to get trackbacks for their own email and web sites when legitimate crawlers come through, and #2 really constipates them...I haven't had a single automated registration since.
I'm not suggesting you axe the user list; I have no idea how many members of this forum use it, and as the proud owner of one post I hardly imagine I know what's best for these boards. But if you get bizarre registrations with .pt and .ru addresses, that might be what's going on. I looked at the various content options you have now, and it does look like you have things reasonably locked down. So hopefully this will work better than IPB (which I have never had trouble with, but I guess nothing's perfect).
And you know, you could replace that stock phpBB banner with a nice C2/erging logo!
Thanks for your efforts in providing this forum for everyone.
I've been lurking for a while and finally joined. I'm greatly enjoying my C2 and keeping motivated as a member of the AZ Outlaws. Schenley (MomofJBN in the post above) is my better 7/8.
This thread caught my eye -- I run a PHPbb forum myself, and the email confirmation plus capcha should help with the spam...it did for us. But even with that, I did have enough problems that I finally had to hack it to (1) remove the member list and (2) change the "agree to terms" registration variable to something the bots couldn't recognize. #1 eliminates the incentive for bots to harvest email addresses, or to get trackbacks for their own email and web sites when legitimate crawlers come through, and #2 really constipates them...I haven't had a single automated registration since.
I'm not suggesting you axe the user list; I have no idea how many members of this forum use it, and as the proud owner of one post I hardly imagine I know what's best for these boards. But if you get bizarre registrations with .pt and .ru addresses, that might be what's going on. I looked at the various content options you have now, and it does look like you have things reasonably locked down. So hopefully this will work better than IPB (which I have never had trouble with, but I guess nothing's perfect).
And you know, you could replace that stock phpBB banner with a nice C2/erging logo!
Thanks for your efforts in providing this forum for everyone.
Jeff
Favorite ergers: Schenley (MomOfJBN), Jonathan (10), Benjamin (8), Nicholas (6)
AZ Outlaws / 901,503 m since 12/16/2005
www.flagmusic.com
Favorite ergers: Schenley (MomOfJBN), Jonathan (10), Benjamin (8), Nicholas (6)
AZ Outlaws / 901,503 m since 12/16/2005
www.flagmusic.com
Option #2 is one of the better bot-killers I have seen. The bots come in and supply “true” wherever the variable “agreed” appears in the reg forms – the TOS, the COPPA rules, and so on. There are three files in your phpBB directory structure where this variable appears: admin/admin_users.php, includes/usercp_avatar.php, and includes/usercp_register.php.
Go into these files and do a global search and replace of “agreed” with something else, like “yep_thats_fine”, or something mixed case like “OkeYDoKey.” The PHP won’t care what you use (as along as you've made sure to change all instances of the variable!), and the bots won’t have any idea what you’ve changed it to. I recommend taking the characters “a-g-r-e-e” out of the name entirely (i.e., don’t use “yep_i_agree”) since a few bots now seem to be on to this and appear to be smart enough to search substrings, or even to try to deduce the variable name via offsets from other known strings. (Some programmers have way too much free time!
)
Since I hacked our boards in this way, I have occasionally had manual registrations from casino hucksters and the like, but the obvious auto signups (particularly porn-related) have been greatly reduced.
I see that besides a couple of legit signups, there are two obvious spam members here just since I joined last night! I feel your pain...
Go into these files and do a global search and replace of “agreed” with something else, like “yep_thats_fine”, or something mixed case like “OkeYDoKey.” The PHP won’t care what you use (as along as you've made sure to change all instances of the variable!), and the bots won’t have any idea what you’ve changed it to. I recommend taking the characters “a-g-r-e-e” out of the name entirely (i.e., don’t use “yep_i_agree”) since a few bots now seem to be on to this and appear to be smart enough to search substrings, or even to try to deduce the variable name via offsets from other known strings. (Some programmers have way too much free time!
)Since I hacked our boards in this way, I have occasionally had manual registrations from casino hucksters and the like, but the obvious auto signups (particularly porn-related) have been greatly reduced.
I see that besides a couple of legit signups, there are two obvious spam members here just since I joined last night! I feel your pain...
Jeff
Favorite ergers: Schenley (MomOfJBN), Jonathan (10), Benjamin (8), Nicholas (6)
AZ Outlaws / 901,503 m since 12/16/2005
www.flagmusic.com
Favorite ergers: Schenley (MomOfJBN), Jonathan (10), Benjamin (8), Nicholas (6)
AZ Outlaws / 901,503 m since 12/16/2005
www.flagmusic.com
-
johnlvs2run
- Half Marathon Poster
- Posts: 4012
- Joined: March 16th, 2006, 1:13 pm
- Location: California Central Coast
- Contact:
You could put "I don't agree" for one of the choices, then they would click that one.
Many sign up pages have letters to retype in prior to signup approval.
I don't know how effective this is, but it seems would cause more of a problem to the robots.
Many sign up pages have letters to retype in prior to signup approval.
I don't know how effective this is, but it seems would cause more of a problem to the robots.
bikeerg 75 5'8" 155# - 18.5 - 51.9 - 568 - 1:52.7 - 8:03.8 - 20:13.1 - 14620 - 40:58.7 - 28855 - 1:23:48.0
rowerg 56-58 5'8.5" 143# - 1:39.6 - 3:35.6 - 7:24.0 - 18:57.4 - 22:49.9 - 7793 - 38:44.7 - 1:22:48.9 - 2:58:46.2
rowerg 56-58 5'8.5" 143# - 1:39.6 - 3:35.6 - 7:24.0 - 18:57.4 - 22:49.9 - 7793 - 38:44.7 - 1:22:48.9 - 2:58:46.2
A slightly more involved hack, but it would be doable, and you're right, it might indeed fool some of the scripts...and might be necessary if enough of them seem to have "adapted" to the trick above.John Rupp wrote:You could put "I don't agree" for one of the choices, then they would click that one.
Yep, that's a "captcha," which C2 is using (I had to type one in last night). Many flavors of these exist, and though they do indeed help, they're far from bulletproof. The one used by these boards is probably not hard for character recognition software to defeat. The best solution for this whole problem of auto-registrations is several layers of security -- captcha, code hacks, user list and email list control, etc. Quite the annoyance, these folks, but that's life on the Net.Many sign up pages have letters to retype in prior to signup approval.
Jeff
Favorite ergers: Schenley (MomOfJBN), Jonathan (10), Benjamin (8), Nicholas (6)
AZ Outlaws / 901,503 m since 12/16/2005
www.flagmusic.com
Favorite ergers: Schenley (MomOfJBN), Jonathan (10), Benjamin (8), Nicholas (6)
AZ Outlaws / 901,503 m since 12/16/2005
www.flagmusic.com