Topic: PunBB Human Test - Anti SPAM Mod
I have written a new mod for PunBB to help forum administrators the fight against SPAM.
The new mod will ask a simple question which must be answered before registration is possible. The new mod differers to other "ask a simple question mod" in the following ways:
- Prevent bots from auto registering if they try to submit POST variables directly to register.php instead of loading the form to enter username and password first. This should stop most bots ..... PunBB developers may want to implement this for the login procedure and for posting new messages.
- register.php will ask a simple question which must be answered correctly. Unlike other solutions, my modifications will ask different questions which are randomly selected from a file which contains the questions and answers.
Example:
Question: How many letters e are in the word: free?
Answer: 2 or two
This should stop the more sophisticated bots....
- Fixed problem when a user running the Firefox web browser enters an incorrect value and needs to go back, the submit button will stay disabled until the page is reloaded. Java script removed to fix issue on register.php
You can download the modifications and find the instructions here:
http://www.network-technologies.org/Pro … mod_punbb/
Please report any problems or submit suggestions via the Contact form on my website as I will not monitor this thread forever.
http://www.network-technologies.org/contact.php
It is my personal rule to keep all my posted information from issuing 404's even when moving to a new server but should it ever happen, you can find the mod at the following URL as well:
http://www.punres.org/desc.php?pid=503
I hope you find this mod as helpful as I do, since I installed the mod my forum has received 0 SPAM posts.
EDIT, added question information:
Important Notes Regarding Question Selection:
Because the validation scheme supports many questions it is possible to make the mod almost useless if you have a lot of questions with the same answer or very short answers.
Assume that you have added 10 questions, most of the questions are simple math problems such as 1+1 or 2-1 which only have a one digit answer, then a spammer can adjust his SPAM bot to attempt a brute force attack. When brute forcing, the bot will attempt to try any possible combination so any simple question can be broken very quickly.
It is a good idea to apply standard password policies to the answers, no answer should be shorter then 6 characters.
It is also a good idea not to include the word which is supposed to be typed into the answer field within the question.
Here are a few not so good examples:
- What is 1+1?
- Write the word red into the field below.
Here are a few good questions you may want to modify to build your question/answer file:
- Remove all occurrences of the number 2 from the word "2jel2ly2" and type it into the box below (without quotes)
- Fill in the missing character and enter the word into the box below: cof_ee
- Fill in the missing character and enter the word into the box below: mat_ematics
- What does one hundred PLUS thirty PLUS twenty five PLUS two hundred equal to?
- What year did Apollo 11 land on the moon?
- Write the number one thousand three hundred thirty three in numbers.