1 (edited by abclf 2006-07-25 13:25)

Topic: Can't block spam : really very annoying

Hi all,

Here is my problem :
first : my forum is open to guests, and I want to work this way.
two : I get a lot of spam in existing posts (from 2 to 30 messages each time, in a minute) or in new posts created by robots. More than 100 messages...

Ok, I delete everything, more than 100 messages per day, not cool. And stupid : one time it's ok, but 5 times a day, it is not.

So, I really need something to block that spam.
I think protection against spam should be much more effective. In fact, there is nothing against spam in out-of-the-box version : no flood protection, no spam filter (bayesian filter?), nothing. For example, a post containing more the two url should be suspected and verified.
To my mind, spam should be considered as a security problem. Anti hacker protection not enough.
I complain there is no option to mass delete all what is posted between date-timeX and date-timeY, so I have to surf and click and click...

Of course, I tried all I can, wasting my time :
-Captcha Box (http://www.punres.org/desc.php?pid=250) : absolutely no effect ;
-Spam protection box (http://www.punres.org/viewtopic.php?id=709) : absolutely no effect ;
-More, I banned the name of a robot spam («mp3 ringtones») : absolutely no effect ; in fact, I should say : absolutely ridiculous effect : the guest is banned, yes it works, («exclu» in french), but no matter for him, he can post what he wants. (see pictures : ban in admin section is older than spam, and note the «exclu» title).

http://www.languefrancaise.net/public/zzz/spam_banned.gif

http://www.languefrancaise.net/public/zzz/spam_2messages.gif

So, what to do ?

2

Re: Can't block spam : really very annoying

Hi,

I've had the same issues, looks like PunBB isn't under the radar anymore sad

I turned off guest posting for now in 2 of my forums, I just don't have the time to deal with spam at the moment.

As for a spam solution, we can either send guest posts to a moderation queue where they have to be approved or find some solution that will not hinder legit visitors with disabilities.

3

Re: Can't block spam : really very annoying

The other alternative is to find a way to apply the moderator controls to search results. It does nothing to prevent spam but would make it hell of a lot easier to clean up.

4

Re: Can't block spam : really very annoying

Ok and thank you for replying.

I agree. To my mind, PunBB should develop some tricks to close the doors to suspect posts ; at least make spam more difficult.
Turning off the guest posting is a solution, but it is also the proof there is something wrong. Go fishing is another solution smile

In my idea, the task of the parser shouldn't be limited to formating the post : why not use the parser to evaluate the message ?
For example, count the numer of «http» in a post ; if there are more than, let's say, 2, so make something (pre-moderation or, easier, ask for a confirmation/verification) ;
More difficult, I suppose, a bayesian filter maybe a good solution.

What is the purpose of spam : links !
So, make something that block posts with more than X links and ask for something for confirmation.
Or, for example, say the users the links must have a special form (special bbtag for example), so that spam messages with regular links will be automatically blocked. (and don't make the parser recognize the non-bbocded links).

Last, this would be very convenient and usefull against spam, but not only : develop a script for administration to delete all what we want with numerous filters : message(s), user, topics, date. By word (from title, from name, from message), by id (delete all messages, or all members, or all topics from id X to id Y). Don't forget a «select all» box.

Ah, what surprised me, is the spam mentioned above, is the fact a banned name is able to post. How possible ?

abclf.

5

Re: Can't block spam : really very annoying

As far as the posting of links is concerned. Wouldn't a simpler idea be to have an admin option to allow/disallow posting of live links according to group membership. That way you could disallow posting of links by guests and by any other group you choose. Thats not a whole solution but I suspect it would take care of quite a large percentage of guest spam.

Re: Can't block spam : really very annoying

Hrmm, this is just a wild idea I'm posting, and it would require quite the server, but here goes:
A "Report Spam" function that sends the message, username and email of the poster to a central server when called. This server would be secured with user accounts and data transmitted through a "safe" connection (to prevent spambots populating the server). When a new post is made, the entered data would be checked against the data in the remote server. If the post/username/email finds a match, a confirmation box is shown.
This ofcourse would only be available through a mod, as it would slow down PunBB too much. And the central server would need to be way too powerful if i's a popular system.

Re: Can't block spam : really very annoying

elbekko wrote:

Hrmm, this is just a wild idea I'm posting, and it would require quite the server, but here goes:
A "Report Spam" function that sends the message, username and email of the poster to a central server when called. This server would be secured with user accounts and data transmitted through a "safe" connection (to prevent spambots populating the server). When a new post is made, the entered data would be checked against the data in the remote server. If the post/username/email finds a match, a confirmation box is shown.
This ofcourse would only be available through a mod, as it would slow down PunBB too much. And the central server would need to be way too powerful if i's a popular system.

I dunno, sounds like a lot of work. I wonder if something like Akismet could be used with PunBB, though.

abclf wrote:

no flood protection

Does anyone happen to know why post flood control isn't available for guests? I've heard it asked about here before (seems like there were one or two similar threads as well), and it seems like it would be useful although certainly not foolproof (then again, what is?).

Looking for a certain modification for your forum? Please take a look here before posting.

Re: Can't block spam : really very annoying

Well, it seems logical to me that if some person posts as a guest some other person should be able to post as a guest right after. I know I'd get annoyed if I saw that message when I didn't post anything at all.

And it indeed would be alot of work... I might be able to do it on a per server basis (like a regular mod).

9 (edited by Frank H 2006-07-25 19:49)

Re: Can't block spam : really very annoying

pogenwurst wrote:

Does anyone happen to know why post flood control isn't available for guests? I've heard it asked about here before (seems like there were one or two similar threads as well), and it seems like it would be useful although certainly not foolproof (then again, what is?).

doing an IP-block for posts will make some parts of the world really have problems to post anything at all, someone else is always there before yourself... IIRC China have a very limited number of available IP numbers, thus making an extreme amount of users using the same 'public ip'.
Using sessions/cookies isn't really an alternative either, I doubt spambots care about those wink

hmm... what else can one do on server side?

captcha will limit the number of people that can access the page fully, but a combined image and voice captcha I suppose is one of the better things, but still, it will block out people from using the site, and in some countries you can get sued for that ... tongue
(and it will increase the workload on the server, for sure!)

Re: Can't block spam : really very annoying

Frank H wrote:
pogenwurst wrote:

Does anyone happen to know why post flood control isn't available for guests? I've heard it asked about here before (seems like there were one or two similar threads as well), and it seems like it would be useful although certainly not foolproof (then again, what is?).

doing an IP-block for posts will make some parts of the world really have problems to post anything at all, someone else is always there before yourself... IIRC China have a very limited number of available IP numbers, thus making an extreme amount of users using the same 'public ip'.
Using sessions/cookies isn't really an alternative either, I doubt spambots care about those wink

Thanks for explaining. That's all I needed to know.

I was thinking that cookies would be effective, but as you pointed out, spam bots wouldn't necessarily accept them or handle them properly anyway.

Looking for a certain modification for your forum? Please take a look here before posting.

Re: Can't block spam : really very annoying

Well, I'm trying to take my shot at the spam reporting thing. I'll probably release a beta soon smile

Re: Can't block spam : really very annoying

Renaming the scripts post.php, register.php and login.php did not help me to deal with spam. Bots appear to look for words like Post new topic and Register. However, when I preceded a duplicate link in the HTML comments, a-la

<!-- <li id="navregister"><a href="register2.php">Register</a></li> --><li id="navregister"><a href="register.php">Register</a></li>

bots started to follow register2.php because that link appeared first. It appears that they try to match the first link that has the word "Register".

To make the second link disappear from bots' view, I encoded the script names in genuine links as well as the link names like "Register" and "Post new topic" using SGML entities (a-la e-mail address encoding).

<!-- <li id="navregister"><a href="register.php">Register</a></li> -->
<li id="navregister"><a href="re.php">Register</a></li>

The spambots got lost. They now follow a non-existent link to register.php and get a 404. Real browsers will go to re.php. I did the same to post.php.

I am also thinking to add an automated ban on those who claim to be MSIE yet do not load any CSS files from the forum (am I right that a normal MSIE loads CSS files under all circumstances?). Spambots that are visiting my forum claim to be MSIE 6 on Windows 2000.

13

Re: Can't block spam : really very annoying

Hi,

Question one : how do the bots to post and create topics in case there is captcha mod installed ? How can they do as if there were no captcha ? I think they work with get and post, but why the hell the captcha don't block them ?

Question two : how does the native ban system work for guest : I banned the name «mp3 ringtones» in the admin ban panel ; I connect myself to the forum as guest and then create a topic, where my name is «mp3 ringtones», ie the banned name : I'm surprised the message is published where I think it should have been stopped, because the name of the guest was banned.

Question three : can people code some quick lines (for parser php maybe, but I'm not sure) to 1/count number of «http» in guest message and 2/if there is more than 2 «http» 3/launch a basic javascript box to ask the poster to confirm his message.

Thanks,
abclf.

Re: Can't block spam : really very annoying

abclf: If my hdiff tool starts working my anti-spam mod will be realeased for 1st beta.

Re: Can't block spam : really very annoying

Ok, I released it. Without hdiff, as I didn't get it to really work properly.
Download here

16

Re: Can't block spam : really very annoying

Hello El Bekko,

I get a sql error when running install :

An error was encountered
File: /home/domaine/l/languefrancaise.net/www/forum/install_mod.php
Line: 32

PunBB reported: Unable to add table spammod

Database reported: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'DEFAULT CHARSET=latin1' at line 8 (Errno: 1064)

And, two insignifiant remarks related to readme :
-post.php, for me, isn't located in include directory but at the root
-the list of the files to upload is not complet in the readme (plugin directory forgotten).

Re: Can't block spam : really very annoying

bekko, don't specify charset, it doesn't work for older versions of MySQL

http://fluxbb.org

Free PunBB Hosting - lots of mods, easy to customize

18

Re: Can't block spam : really very annoying

So, I'm not sure that mod will be efficient againt random message/name used by robots.
Here is a screenshot from last spam (http://www.languefrancaise.net/public/z … ssages.gif) : have a look and see by yourself :
-ip always different
-name different
-message different
To my mind, partial solution should be, first, to block messages containing more than one (not two) url, with some code, and then to impose the guest an action to effectively post (maybe a javascript box) ?

No ?

19 (edited by elbekko 2006-07-27 10:16)

Re: Can't block spam : really very annoying

As I said, it's only a Beta 1. Things can still be changed/added smile
And for the charset, blame it on phpMyAdmin.

What might be a solution for your problem is to set username matching to 50% or lower. I'll add the option to easily modify that.
Oh, and if anyone knows how to do percentage matching like similar_text() but that supports more than 255 characters... Please let me now smile
I'll also add an option to check how many links are in the message. Also can be set from the plugin ofcourse.

/me wanders off to Dreamweaver

Re: Can't block spam : really very annoying

It doesn't look like similar_text has a character limit

http://fluxbb.org

Free PunBB Hosting - lots of mods, easy to customize

21 (edited by elbekko 2006-07-27 12:04)

Re: Can't block spam : really very annoying

Hrmm, then I must've confused it with levenshtein() or something tongue Goody, then I can add message checking too.

Beta 2 is released: Download here

22

Re: Can't block spam : really very annoying

Okay. I wrote this for mine, it works great. Try it for yours.

Open up include/common.php

Find line 1, enter this:

session_start();

Open up post.php, find this line:

// Did someone just hit "Submit" or "Preview"?
if (isset($_POST['form_sent']))
{

Right after this line, enter the following:

    $stamp = date("U");
        if(($_SESSION["LastPost"] + 35) > $stamp) {
            
            $errors[] = "You must wait 35 seconds between posts.";
            
        }

Find this line of code:
redirect('viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $lang_post['Post redirect']);

Right BEFORE it, enter this code:

$_SESSION["LastPost"] = date("U");

You can change the time limit to anything you like. It's set at 35 seconds, but just change it in the code to whatever you want.

Good luck.

23 (edited by sirena 2006-07-27 22:50)

Re: Can't block spam : really very annoying

Another useful anti-spam feature would be punBB support for the 'no-follow' attribute on links in Guest postings:

see

http://googleblog.blogspot.com/2005/01/ … -spam.html

and

http://www.mattcutts.com/blog/quick-com … -nofollow/

It would remove some of the incentive for forum spammers to do so, since the purpose of such forum spam is often not 'direct marketing' to forum members, but link farming in order to boost their search engine positioning for specific, valuable search key words.

If they know that the links they insert into forums and blogs no longer are followed by search engines like Google, and thus count for little in SEO terms, there will be less incentive for them to spam.

It isn't the 100% solution within punBB to forumspam, but it should be a part of the pun solution.

Re: Can't block spam : really very annoying

Hrmm, quite a good idea smile And it's even XHTML Strict valid smile

25

Re: Can't block spam : really very annoying

I think I already suggested that for 1.3 but I can't quite remember what the response was. Some boards go further and use no-follow for members with less than a certain number of posts or whose join date is less than x days ago. Personally I'm all in favour of it.

On a similar line of thought, what about blocking all posted links where the users last visit time/date is the same as there join time/date. Are bots clever enough to join, log out, log in again and then post?

I don't think there is any magic bullet for spam, its just a question of chipping away at it with a number of small steps. Though I still think we need to make it easier to remove spam that has got through.