View unanswered posts | View active topics It is currently 29 Mar 2024, 11:26



Reply to topic  [ 25 posts ] 
 Request to join the "Forum Poster" group due to Spam!!! 
Author Message
Crazed Emissary of the Photoshop
Crazed Emissary of the Photoshop
User avatar

Joined: 13 Mar 2009, 20:17
Posts: 2091
Location: Krapina, Croatia
I just finished deleting more than 100 spam posts. In the last few days we had increasing bot attacks, is there a way of upgrading security systems?

_________________
Image


25 Nov 2012, 14:21
Profile YIM WWW
Ship Engineer
Ship Engineer
User avatar

Joined: 10 Jul 2006, 01:00
Posts: 5130
Location: Space is disease and danger, wrapped in darkness and silence!
I will ask Matress.
:borg:

_________________
Image


25 Nov 2012, 15:58
Profile
Ship Engineer
Ship Engineer
User avatar

Joined: 10 Jul 2006, 01:00
Posts: 5130
Location: Space is disease and danger, wrapped in darkness and silence!
It looks like Matress has an out of date email.

Checking in Admin under system I see our phpBB is out of date. Getting the auto update looks easy enough but I am not sure about where our install folder is located on the server and how to get there. Do you understand what to do Vjeko?
:borg:

_________________
Image


25 Nov 2012, 16:34
Profile
Evil Romulan Overlord of Evil - Now 100% Faster!
Evil Romulan Overlord of Evil - Now 100% Faster!
User avatar

Joined: 02 Dec 2004, 01:00
Posts: 7392
Location: Returned to the previous place.
What do you mean ken? I just got your email and I've not changed my addy.

I don't know anything about security. Skeet would be the one to ask. I see him almost daily on Star Trek online. I'll have a word with him. Other than that, i'd suggest updating the word filters. What common words are showing up? That wouldn't block the posts, but it would void them from being of any purpose. Eg you could make "drugs" show up as "this is spam".

...Incidentally, i've already got a few filters like this running. Try typing v.i.a.g.r.a (Without the dots) and see what happens... :wink:

_________________
"Anyone without a sense of humour is truly at the mercy of the rest of us."

Image
Image


25 Nov 2012, 17:36
Profile WWW
Ship Engineer
Ship Engineer
User avatar

Joined: 10 Jul 2006, 01:00
Posts: 5130
Location: Space is disease and danger, wrapped in darkness and silence!
Thanks, I got a message back saying the email could not be delivered. It should be OK now.
:borg:

_________________
Image


25 Nov 2012, 19:09
Profile
Lieutenant Junior Grade
Lieutenant Junior Grade
User avatar

Joined: 31 May 2012, 11:21
Posts: 195
damn, all this spam sucks :(

simplest would be to block all newcomers or cage in a subforum you easily can clean as it's not used for any other but asking for permission.
With a small community like this that should work well against spam bots - at least well enough till you get the upgrade work.


25 Nov 2012, 20:55
Profile
Lieutenant Junior Grade
Lieutenant Junior Grade
User avatar

Joined: 05 Jul 2008, 07:55
Posts: 212
Location: Germany
at German Board SirP gave some people access to Admin area (not only moderation area) and access to "users and groups". Last topic is "automatical delete of inactive users" (don't have the exact English words)

Thereby it's able to delete a spam user e.g. "kukisis" and all (!) of his posts with one click (by selecting this point)

_________________
BotE-Wiki: http://birth-of-the-empires.de/wiki/ind ... one_minute - A-Z (automatically) - A-Z manually, but English
BotE-Homepage: http://www.hp.birth-of-the-empires.de - German Forum: German Forum


26 Nov 2012, 06:56
Profile
Communications Officer
Communications Officer
User avatar

Joined: 21 Aug 2008, 16:59
Posts: 717
Location: On this multiverse: EU
reg wrote:
Thereby it's able to delete a spam user e.g. "kukisis" and all (!) of his posts with one click (by selecting this point)
So, can anyone do this? Skeeter is the moderator in the general chat subforum, but anyone else with admin rights should be able to do it.

ImageSPAM

_________________
"Never give up. Never surrender." -- Kenneth_of_Borg

"Seize the time, Meribor. Live now; make now always the most precious time. Now will never come again" -- Picard (The Inner Light)

Image


26 Nov 2012, 10:53
Profile
Ship Engineer
Ship Engineer
User avatar

Joined: 10 Jul 2006, 01:00
Posts: 5130
Location: Space is disease and danger, wrapped in darkness and silence!
I will take another look
:borg:

_________________
Image


26 Nov 2012, 14:37
Profile
Lieutenant Junior Grade
Lieutenant Junior Grade
User avatar

Joined: 31 May 2012, 11:21
Posts: 195
Well I looked at it again, Newly registred users are now in moderation queue for first two posts according to 2nd answer at http://serverfault.com/questions/193778 ... istrations
Further it seems Q&A capture is already activated but gets passed. Maybe questions are too easy as some can be easily looked up in the web.
According to https://www.phpbb.com/kb/article/how-to ... a-captcha/ questions asking things like what's been the third word reverse work better against bots.
I'm not sure anymore whether I had to pass that capture on registration but maybe someone likes to try and specify some new questions.

Deleting inactive 0 post users like reg suggested if I got that right, might be nice too, but I know at least one that never posted and is no bot, and that isn't what currently troubles so much. :)

If that still doesn't help, still requiring new users to ask for group permission via pm as I already porposed is an option. Can be done by restricting default users from posting anything but sending a pm plus opening a new group for the elected users. But all would have to be added manually if not already in moderation groups or such.


27 Nov 2012, 17:44
Profile
Lieutenant Junior Grade
Lieutenant Junior Grade
User avatar

Joined: 31 May 2012, 11:21
Posts: 195
there are still some spam bots around using accounts registered prior to above changes
now I see what all these zero post accounts are for, wait and lurk, maybe just do what reg proposed and delete all the inactive accounts. :rolleyes:


27 Nov 2012, 23:09
Profile
Ship Engineer
Ship Engineer
User avatar

Joined: 10 Jul 2006, 01:00
Posts: 5130
Location: Space is disease and danger, wrapped in darkness and silence!
It would be OK to try your suggestions. For my part I tried to register a new account. It does say you will get an email to complete the registration but the email never comes.

_________________
Image


28 Nov 2012, 02:40
Profile
Lieutenant Junior Grade
Lieutenant Junior Grade
User avatar

Joined: 31 May 2012, 11:21
Posts: 195
yeah, moderation queue doesn't seem to work so well, posts get shown anyway, just marked to wait on acceptance.
Will look at the radical solution later, have to go to university now.

Dunno why you didn't get a mail. Nothing changed on this and I know I got one when I registred. Maybe just wait some longer or try again.
Changing the Q&A catcha questions still would be something to try. But not sure what questions to use. :lol:


28 Nov 2012, 09:07
Profile
Lieutenant Junior Grade
Lieutenant Junior Grade
User avatar

Joined: 31 May 2012, 11:21
Posts: 195
As Q&A probably won't hold for long anyway, for all the normal registred users, all forum permissions are now down to read only.
To gain write permission, request to join the group "The Chosen Ones" in your profile or ask an admin via pm. That group is a copy of previous default group permissions.

This is a radical solution to the spam problem and surely not best user friendly, but it should end all the spam trouble.
There are some bots in "Newly registered users" group still, though that group is deactivated again. Best delete all of them I think, else they still spam the moderation queue.

I hope all find how to ask for permission that need it, all users within other groups already should be fine.
Maybe one knows how to clarify it better so newbs don't get lost not figuring out how to post or join a group.


28 Nov 2012, 16:37
Profile
Ship Engineer
Ship Engineer
User avatar

Joined: 10 Jul 2006, 01:00
Posts: 5130
Location: Space is disease and danger, wrapped in darkness and silence!
I was able to register a new user login but finding out how to post will be a problem. For starters we might find that old jigalypuff email it sends and change the text to include an explanation of how to request posting. Also there is a message about now being registered once you click the link in the email. We might find that message and add a notice there as well. I will take a look when I get home from work.

Thanks VinculumOne

_________________
Image


28 Nov 2012, 20:50
Profile
Ship Engineer
Ship Engineer
User avatar

Joined: 10 Jul 2006, 01:00
Posts: 5130
Location: Space is disease and danger, wrapped in darkness and silence!
I changed the admin email to my gmail but still could not find where the text of the welcome activation email is stored. Still no idea how to get to the server to upload the updates.
:borg:

_________________
Image


29 Nov 2012, 02:57
Profile
Lieutenant Junior Grade
Lieutenant Junior Grade
User avatar

Joined: 31 May 2012, 11:21
Posts: 195
group name changed to "Forum Poster" by request of Iceman
agree that "The Chosen Ones" probably was not the best choise, however I found it funny when I set it
do you know the chosen one / animator vs. animation video? http://www.youtube.com/watch?v=RTPpbHueNJ4 :twistedlaugh:
if you want to change again just set a new name in group settings


03 Dec 2012, 19:38
Profile
Communications Officer
Communications Officer
User avatar

Joined: 21 Aug 2008, 16:59
Posts: 717
Location: On this multiverse: EU
I watched all of the "animator vs. animation" video... just amazing!!! Image

_________________
"Never give up. Never surrender." -- Kenneth_of_Borg

"Seize the time, Meribor. Live now; make now always the most precious time. Now will never come again" -- Picard (The Inner Light)

Image


03 Dec 2012, 19:52
Profile
Admiral
Admiral
User avatar

Joined: 14 Jan 2009, 10:17
Posts: 2042
Is this actually having any positive effect, or is it just preventing people from posting? Not that there's oddles of people posting usually, but if they have to go through hoops to do it, it might be counter-productive.
Is it preventing spam? It seems there were some IPs banned recently.


05 Dec 2012, 11:53
Profile
Communications Officer
Communications Officer
User avatar

Joined: 29 Nov 2012, 18:19
Posts: 95
Location: Alpha quadrant; deep space assignment
Well, preventing new arrivals from posting is the first effect newly registered members experience upon first entering the forum. Luckily, they receive an e-mail of confirmation after registering, so they can ask via reply e-mail to be permitted to post. But since you say that some have been banned, it seems to be an efficient system, if not overly efficient.


05 Dec 2012, 14:21
Profile
Ship Engineer
Ship Engineer
User avatar

Joined: 10 Jul 2006, 01:00
Posts: 5130
Location: Space is disease and danger, wrapped in darkness and silence!
I will ask V1 about turning off the ban to see if we get a spampocalypse or not.

_________________
Image


05 Dec 2012, 14:52
Profile
Lieutenant Junior Grade
Lieutenant Junior Grade
User avatar

Joined: 31 May 2012, 11:21
Posts: 195
no need for pm, I already found this post earlier today but had to leave :)
The spam that still was posted is by bots in the "Newly Registered Users" group that I set up before.
That group already was deactivated again but accounts in that group were kept.
I already told just delete them, but it were 71 accounts and a bit much work to do all by single.
Now I simply removed them all from that group, so this stops. It was easier this way as there's a "mark all" function in group management.

But it shows, these bots are still active and will continue to spam a 100 posts eventually each day, so better don't allow the common registered user to post again with not having added new spam prevention mechanisms to the forum.
This has to be done by someone with ftp access. And I don't know either what's really effective and will hold for a while.
As I read best make the forum code uncommon or add external captchas that are a bit more complex and not used so often.

The only eventually effective defense you have right now is the Question and Answer captcha on registration.
Problem with it, when only one working answer is found, the door is open. And the questions you have right now are partially in a good form to google. This is no real good prevention, but you might just try define some new questions and remove all old ones. Still all bots already registered would have to be deleted. This could be done by deleting all inactive accounts like reg proposed.

So long, exclusively allowing approved members to post is the only really effective way against bots I know of.
You can simply change access in permissions->forum permissions->all forums->registred users anyway if you want Kenneth.
I say as long you have no new prevention just keep it and try make it more obvious to new users if possible - eventually by altering the forum skin or a big news on front page.

Btw, banning an IP doesn't help here at all. These bots change IP all the time and if it's dynamic, sometime you might even block real users by chance.


05 Dec 2012, 15:23
Profile
Admiral
Admiral
User avatar

Joined: 14 Jan 2009, 10:17
Posts: 2042
Maybe we should try to include as many members we know for sure are not bots in the group as possible, so that they don't have to ask for permission. I know I wouldn't have gone to the trouble if I didn't really _need_ to post (actually I could post in some threads, and not in others).


05 Dec 2012, 15:45
Profile
Lieutenant Junior Grade
Lieutenant Junior Grade
User avatar

Joined: 31 May 2012, 11:21
Posts: 195
yeah, was surprised your special group rights didn't include the normal access rights


05 Dec 2012, 15:50
Profile
Ship Engineer
Ship Engineer
User avatar

Joined: 10 Jul 2006, 01:00
Posts: 5130
Location: Space is disease and danger, wrapped in darkness and silence!
I will ask Jig if there is a way to change the email that goes out to new members. That would be a way to let them know to reply email me about posting here.

_________________
Image


05 Dec 2012, 16:11
Profile
Display posts from previous:  Sort by  
Reply to topic   [ 25 posts ] 

Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group
Designed by STSoftware.