Re: Vulnerable to spambots
If you modded your installation to use that method, it probably would kill your spam off either completely or to a negligible level. However, was not the point of this thread with regards to including standard spam prevention techniques within PunBB? If, for example, that mod was incorporated within 1.3 when it finally leaves R.C status, the thing would be cracked within a week. It is then not a deviant technology, but a core mainstream one. The fiscal benefit for the bot scripters would mean that it was viable to concentrate on it once that occured.
I wouldn't say cracked, since unless there's a flaw bots shouldn't be able to automatically crack something like the VIP code mod or a question mod. They would need a human to find the code/answer in the first place and THEN they can spam all they want (until it's changed, rinse and repeat).
there's no better way than whats been implemented.
nothing else anyone can do outside of whats been done.
if you want your official punbb forum, you just have to deal with the spam.
glad I finally figured that out. I'm a bit slow so you'll have to forgive me (us) for thinking all this massive spam is a problem.
please continue (not) developing the next version.
Well thanks for your sarcasm MadHatter, it makes me happy that I took the time to respond to your post
Nobody has said spam is not an issue. Nobody has said we can't do more. However, we can't add an anti-spam feature to PunBB without considering how it will be affected by going from "small userbase" to "all of PunBB's users."
Smartys wrote:sirena wrote:
There is apparently a very effective yet simple mod that is available for phpBB discussed here:
It works by allowing the admin to specify a 'VIP code' or pass-phrase, essentially, that users need to enter when they register. The variability of this across phpBB boards makes it effective against scripted bots.
Judging from the feedback in the thread above, it seems to work well. Some forum admins even report being able to turn off their CAPTCHAs.
It's similar to some of the approaches already discussed here.
It's like the question method people have been discussing.
However, once enough people start using a tool to fight spammers, the spammers try to adapt. If there's a way to detect what the word is, for example, they'll do it.
Of course, but How? If it is not hard-coded, if it is different in each forum, and if it can be changed by the admin when he want to do? Only human action can help spambot, scripting isn't sufficient it seems. If a large forum is a specific target for some spammer, of course a human help will be used. But all the small or medium forums (99%) will be protected!
I totally agree with Sirena and it "cost-effective" contribution...
With the VIP Code, I hadn't looked at any demos of its implementation. My thought was that if people are simply posting a number/word on register.php, the bots can parse the HTML and get it from there. However, obviously that's not the case there.
So, lets assume automated grabbing of the code is not the issue. Spammers will still use humans to register for them. And the small and medium forums will not be protected: in large forums you're more likely to have an active moderator team that will delete your spam in minutes. The small/medium forums, where the spam lingers for days, are where spammers want to target.
That doesn't mean that the idea is worthless: far from it, I think it would make a wonderful extension. However, I personally think it puts too much of a burden on the admin. Plus, as I've said before, with fighting spam what works for one forum might not necessarily be right for another. A more modular approach helps make that a non-issue.