Anyone using another alternative to stop bots from registering?

I do have some suggestions for alternative anti-bot measures.

1: put in place a simple text based question on the registration page like so:
http://www.punres.org/viewtopic.php?id=3439

or

2: (better) use Jacky's excellent text based antibot mod at:

http://www.punres.org/desc.php?pid=503

People have had success with both. They are also both pretty easy to implement.

What are you using to do your current registration and logins? Wordpress, Joomla, Drupal etc for example?

That might help people propose solutions.

28

(26 replies, posted in PunBB 1.3 extensions)

Grant wrote:

Weird, I downloaded it again and I got the same error.

Please download again:

http://fixpc.co.za/download/ip_to_country.zip

Should be a much smaller file.

ZIP file is broken again.

WinZip, 7Zip etc barf when attempting to open it.

SuperMAG wrote:

these are real members. though most of them do not post.

lol:lol::lol::lol:

SuperMAG, you are being too fussy, IMHO, and sweating on stuff you don't need to worry about.

Remember CSS and HTML/PHP aren't there to produce desktop publishing style layout and positioning results for the web.

I mean, heavens, the results your users will be getting will probably (and properly) vary wildly according to which browser and platform the page is being viewed from.

So IMHO: don't sweat the small stuff and don't try and achieve precise positioning effects. WAY more trouble than it's worth. Stick to default behaviours.

PS - seems like an awful lot of bot registrations on your board - about 1000+. Not good.

31

(1 replies, posted in PunBB 1.2 show off)

Style is nice and all.

But that is a PunBB 1.2 site and style - you've posted this in the PunBB 1.3 show off section. smile 1.3 and 1.2 styles are different.

Also it looks to me like your PunBB v1.2 may not be the latest version, which is v1.2.21. Maybe time to update either your 1.2 or go to 1.3.

32

(2 replies, posted in PunBB 1.2 troubleshooting)

Perhaps the in-built censoring feature would the job well enough for you to dispense with the mod?

Combined perhaps with a anti-spam question on the registration form and/or guest posting?

Also:  what information do you have about the high CPU usage. It may not be from what you expect.

Also 2: get a new shared host, or switch to something like a cheap VPS.

As Quaker suggests, first check that you have provided PunBB with the correct details of the mail server you are using on your site (under 'SMTP server address' in the Administration section). And check that you have turned on the option to 'verify registrations' via email.

Also check that nothing has recently changed on your system to make those details invalid.

It is also possible that the default SMTP server on your website is not working - if that is the case, a support request to your host may be in order.

you've installed the pun 1.3 anti-spam extension?

http://punbb.informer.com/extensions/

35

(4 replies, posted in Discussions)

A solution for you may be similar to the code modification posted here:

http://punbb.informer.com/forums/topic/ … em-for-me/

36

(27 replies, posted in PunBB 1.3 extensions)

KeyDog wrote:

@sirena: don't know where you are getting dominican russian stuff !?
i have   New Jersey     - Egg Harbor Township   
and is active since 2005
a very well known site. see alexa etc

I'd like to say 'learn some Internet', but I'm too nice to say something like that. smile

Break down the segments of its DNS records, whois all the results, look at who owns the netblocks (some are in RIPE, some are under ARIN), then do a Google search or two. Etc.

And while I have no opinion either way on it, I can think of lots of reasons why a service like this (just like most image hosts) could be potentially useful to bad guys. 

It's all ultimately a matter of trust and experience, I guess.

37

(27 replies, posted in PunBB 1.3 extensions)

While this mod works great, perhaps a word of caution ... the hosting arrangements for postimage involve a host  supposedly based in the Dominican Republic with Russian connections, & its whois details seem bogus.

Sites like McAffee's SiteAdvisor however reports no issues however: http://www.siteadvisor.com/sites/postimage.org

Maybe I'm being too suspicious.

Looks very useful - I'll certainly check it out.

What do users see though - do you insert any ads in or around the hosted image?

Aha. Thanks for that info.

All the best with your forum!

Interesting. For a very big forum it performs really well.

-Last posts with names on main page (found a method ,wiki.punbb method is broken alot)

Which more efficient method did you use? Can you post the code pls smile

-Removed extern.php Don't laugh you will have to do it also if your site gets bigger in posts.

What was the issue - was it load related?

The Google issue may be hard to diagnose but have you logged into the Google Webmaster Toolkit to see how Google is viewing your site?

https://www.google.com/webmasters/tools … about.html

Also you seem to be on a very fast host - who are they? Are they expensive and are they any good?

If you are using cPanel, you can usually look under one of the Stats icons to see (or download) your raw access logs. From there you will get information on who has been visiting your site and the pages they requested.

Once you know the IP address of someone you want to block, you can then put that address into your .htaccess file so that Apache will then deny them access to your site.

The .htaccess file lives in your site root (and also there maybe a copy in your forum root). To make the block site wide, edit the .htaccess in your site root either via FTP or your File Manager under cPanel.

cPanel also has (usually) something like an 'IP Deny' icon to do this as well, but since all it does it just edit .htaccess anyhow it is easier to do it yourself directly.

You may also like to look into the recent discussion on this forum about using a cache on your forum, like jpcache to help deal with high levels of guest traffic.

http://punbb.informer.com/forums/topic/ … for-punbb/

It won't block the attacker but may help your site perform better under stress.

gorsan wrote:

...
i could give the code here if interested.

Please do.

Gee, I haven't run jpcache for years - I once ran it successfully on a Mambo site long ago that was on shared hosting and where no other caching would work. I remember it as reliable and effective.

esupergood wrote:

I'd be more worried about the link in your sig with provocative images of apparently underage girls.

Huh? There doesn't appear to be anything suss or CP about his site at all.  It is very tame.

A simple first step is to look at you logs, & find where the problem requests are coming from.

Then add the IP address or IP range to your .htaccess in your site root or forum root so that Apache can just deny these guys:

<Files *>
Order Allow,Deny
Allow from all

Deny from 59.124.144.0/22
Deny from 91.201.244.0/22
Deny from 193.108.250.0/23
</Files>

etc

Obviously customize the addresses to suit your experience.

If you are able to do so, try blocking your attacker's IP address at your firewall too.

45

(1 replies, posted in PunBB 1.2 bug reports)

?

You can always use

http://punbb.informer.com/bugreport.php

to report a security bug to the PunBB devs if the email address security AT punbb.org doesn't work anymore.

46

(1 replies, posted in PunBB 1.2 show off)

Integration works well, visually. Well done.

The pages sometimes seem to load a bit slowly and 'jerkily' due to the CSS container you have around the forum style, perhaps. Placing the google-analytics javascript at the bottom of the page code (as recommended) rather than at the top may also improve apparent rendering speed.

Lots of very cute forum members too. Yum!

However I notice several users are 'borrowing' other people's identities with their user profile pics - ie there are some images against people's profiles that I recognise from chans, jj.am etc. Funny.

http://feed.informer.com is a handy service for pulling RSS feeds into websites.

It would be great if PunBB could easily be integrated with it - to for example automatically allow RSS feeds to be sucked into specific PunBB forums as individual topics.

Since they are both informer.com products, some integration would be logical.

I say this even though the feed.informer.com service seems to be flaky, and their 'Sign Up' page doesn't currently work, returning the following error smile :

NoMethodError in Main#signup 

Showing app/views/main/signup.html.erb where line #40 raised: 
undefined method `country_select' for #<ActionView::Base:0x2a98066f68>


Extracted source (around line #40): 
37:       </div>
38: 
39:       <div class="regform">
40:           <div class="fieldname"><label for="user_country">Country:</label></div> <%= country_select "user", "country", ['United States', 'United Kingdom', 'Australia', 'Canada', 'China', 'Denmark', 'France', 'Germany', 'Italy', 'Russia', 'Spain', 'Sweden'] %>
41:       </div>
42:       
43:       <div class="regform">


RAILS_ROOT: /home/feeddigest/panel2
Application Trace | Framework Trace | Full Trace 
app/views/main/signup.html.erb:40
/usr/local/bin/thin:19:in `load'
/usr/local/bin/thin:19
Request

Parameters: 
None


Show session dump
Response

Headers: 
{"cookie"=>[],
 "Content-Type"=>"text/html",
 "Cache-Control"=>"no-cache"}

 

But it would still be a useful feature to have.

tbone wrote:

working for 1.3.2?
reference website for implementation?

I doubt it - this mod is very much 1.2.* specific.

Looks useful. Thanks for contributing that and starting the BotScout service.

But I'd like to suggest that you perhaps have a talk to the people over at http://www.stopforumspam.com to see if you guys may be able to work together somehow. smile

They have been offering a near identical service for some time now. They also have a public API etc.

I suppose forum admins could use both for maximum forum antibot/antispam impact, but that gets pretty tedious.

That mypunbb.com forum is FluxBB anyhow - why are you posting here? big_smile

That forum, infested as it is by spam, is quite an impressive demonstration of the bad spambot problem that is out there. 1200 'members' and 11500 replies in one thread alone by spambots, dozens of daily posts - cool sad.

And check out the impact on server resources: 'Generated in 17.349 seconds, 6 queries executed' for just loading the first page of the 'Announcement's thread. Ouch.

A list of the IP's that all those members registered from would be very useful to see, and to send over to http://www.stopforumspam.com.

I think connerhd must be keeping that site up as a honeypot. Otherwise he needs to do some serious housecleaning over there.