hey guys, my phpbb board has been attacked severly by spam bots in past 1 week.Earlier i had disabled activation of accounts thru emails.But since the spammign started i have enabled email activation still no joy.The verification code on registrations is already enabled.Spam Bots are replying and creating new topics in all sections.There are many mods available.But i want sum experienced phpbb admins to reffer me a mod THAT REALLY WORKS!. This is very very urgent my board users are goin crazy there's spam alll over HELPPP PLZZ!!!
The software that is spamming you is called xrumer. It's created by some guys in russia and it drives me crazy as well. I build black hat software, but would never consider spamming public forums and other places that are in such plain view. As far as what you can do about it, very little at this point. I've seen ban lists full of e-mail addresses. This helps cut back on them registering since most use free e-mail services. You've already seen how ineffective captcha's are. If you require activation to post the software will actually go in and activate the account. I was lucky since they were only spamming a single news forum on my site. I just enabled moderation on that forum so no posts are posted unless approved by me first. It's not a solution, but it keeps it out of my forum members view.
oh man..i can't put the posts on moderation for 2 reasons..Firstly i don't have time to moderate posts eveyrday...Secondly the members wont like it....This bot spams ADULT links all over the board.I'm tired of banning them manually cuz they wont stop! my banlist is filled as u mentioned.i am goiz crazy deleting the spam posts and replies.If you wana have a look at the spam posts here's my url http://www.chillnrock.com/ just go to ANY section u will see alot of Adult spamming posts....
Thats happening to me to , the best solution would be you manually activate new members ! In that way im not sure whether they will join or not ! Olgi
i can't do that man....members will run aways and again time is the biggest constraint for me. i hav just installed this mod called "The Humanizer". It adds a questions on the registrationf orm asking R U HUMAN? ...will this work???
That is exactly what I have done but it is a pain, but at the same time keeps your board clear of spam.
I have had similar experiences with my phpBB forums, and I run 3 of them. On one of them I made account activation up to admin, the other two are still activated by email so spam bots ave a field day. My question is how are they getting past the captcha??? Are they actually figuring out the combination or are they bypassing it? Surely it must be a bypass or any captcha out there is vulnerable to an attack.
CAPTCHA's aren't that difficult to read with a decent php script. People think they are the answer to security, but there are several scripts out there to read and break them. I found a solution for my vbulletin forums yesterday that seems to work. Someone made a mod that looks for certain key phrases in posts and puts them in moderation if it finds them. You can add new phrases as spammers hit your site. So far today it has caught all new spam messages on my largest forums. I would look for something similar for phpbb or suggest it if no one has created such a script. Here is a link to the vbulletin version. http://www.vbulletin.org/forum/showthread.php?t=131568&page=9 Hope that helps guys
I think rather than freak out about you, you should use it. On my last forum before I sold it, I used phpbb and I had a huge issue with spam. Instead of freaking out, I made it a challenge for moderators to find and modify the spammer posts. This made spam entertaining for the different members. In fact, spam became part of the board culture because of it and really increased forum posting and visitation, because users were waiting to see the next spam modification. I even started doing spam contests. For actual control of the spam... i'm not really sure what you can do as none of the modifications seemed to really help. What I would do that seemed to make a difference was to change up the forums. I don't know why this worked, but I guess if you move your forums up or down or whatever or slightly changed the title, the forum software must have to readjust or something... but doing this every few days was easier than removing the spam and stopped it almost altogether. Not sure why it worked, but it did.
I switched to Yabb which seems to cut down on spam. I used phpbb but I was so overrun with spam that I just cshut down the forum. Yabb mails a randon password through email and they have to use that to log in and then can can change if they want. The negative thing is they still show up as members even if they don't log in, but I still haven't got any spam.
the Humanizer mod worked for me! Since i hav installed it i hav'nt seen any spam bots around.I have also installed this mod which i got from phpbb.com.It adds extra field to the registration form and ask the HUMANS to leave that particular field BLANK.Spam bots ALWAYS fill the field and registration fails.And it also sends me an email telling me of a spam bot registration attempt.The combo of both these mods have worked for me. I have also used wildcard in the ban control to ban the email host they were using.All of those bots were using host is banned now.
This topic gets discussed frequently. I discussed a hack to prevent newly registered members to include URLs in their posts. It is in the thread: http://forums.digitalpoint.com/showthread.php?t=229761 The hack is helpful. The problem points out that coders need to develop better strategies for dealing with robots. None will be fool proof, but a multi layered approach will make it harder.
There are, of course, many other ways too. The humanizer mod is one, along with a user cp mod that makes certain fields required. The bots love to add ICQ addresses for some reason - so I make other fields a required too. I don't care if a member puts their real AIM or MSN - but the bot can't, for now. There's a few others that I installed but have forgotten about - thus far the bots I get on the forums I am actively working on are minimal.
I looked at your forums and they don't even seem to be populated. What forum is having this problem? Generally bots hit the forums that have more traffic and are higher ranked in search engines.
Another medhod you can use is to ban different time zones. Since your focus is likely in the US, why not ban time zones for places like Nigeria and Russia, where the bulk of these SPAMMERS are coming from? Here is a mod that should help: phpBB Forum Spammer Registration Mod - Kill the SpamBots! It has worked for quite a few people that I know of. Give it a shot!