| It is currently Sun Sep 05, 2010 6:26 am |
|
All times are UTC - 8 hours |
 
|
Page 1 of 1 |
[ 2 posts ] |
| Print view | Previous topic | Next topic |
| Author | Message |
|---|---|
|
Grand Wizard
  Joined: Aug 25, 2003 Posts: 7293 
|
 Fixing the Spam Attacks
First, we should probably purge this board of all posts since they aren't really relavent, but that's neither here nor there.
_________________Second this is a cut and paste from my guild message board on how the admin fixed the spam problems we were having seems relatively simple and should make it so you don't need to babysit the signups anymore. Quote: Post mortem analysis of spam attacks on our boards: Captcha was enabled. That was not the issue. The captcha solution used by phpBB was hacked around the 10th of February 2009 and spam posting bots started to use the new attack to break into any phpBB forum that could be breached. The common solution to this was to tighten the board security with two changes. Don't allow anonymous posts and add a custom user field to each account that is required at registration. Doing these two things forces everyone to register and changes the default fields needed to create an account, thereby, defeating the common spam bot attacks. More attacks will happen in the future once the bot scripters figure out that they can create reactive solutions to the custom user fields. There is a centralized captcha service called reCaptcha that records the IP of all requests for the captcha image, so it is able to start denying access by creating a blacklist of IPs from suspected bots. This will most likely be the next step once the spammers break the custom user field solution. This too can be broken but I don't want to give hints on how. I'm going to consider the spam post issue closed at this time unless someone can point out new spam posts. There may be a few holes if some of the spam bots are smart enough to use existing users in the system that are already registered on a previous spam. Dog carcass in alley this morning, tire tread on burst stomach. This city is afraid of me. I have seen it's true face. The streets are extended gutters and the gutters are full of blood and when the drains finally scab over, all the vermin will drown. The accumulated filth of all their sex and murder will foam up about their waists and all the whores and politicians will look up and shout "Save us!"... ...and I'll look down, and whisper "no." |
| Fri May 15, 2009 6:28 am |
|
|
|
|
Your Admin
 
|
Re: Fixing the Spam Attacks
I actually don't mind watching the signup notifications that get sent to my email and scanning them for names I recognize.
_________________Like the post you quoted states, there is no surefire way to combat spammers. No matter what I do today, they will get through it tomorrow. So I waste time adding new hoops for them to jump through and they'll figure out how to jump through them. I can keep adding fields and complicating the registration process or I can just check my email once a day and delete all the spam accounts which takes two seconds of my time and makes me feel useful. .:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:. "People will always want mounts and non-combat pets. I could offer a repeatable quest to slap a handful of kittens and people would do it if I gave them a little pet for it. And they'd drop the kittens off a cliff for a mount." -Tirion Fordring Feather of Elune .:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:. |
| Fri May 15, 2009 6:50 am |
  
|
|
|
|
|
Page 1 of 1 |
[ 2 posts ] |
|
All times are UTC - 8 hours |
Who is online |
Users browsing this forum: Yahoo [Bot] and 1 guest |
| You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum |