Search options (Page 1 of 2)

Yes obviously. Considering that this is not a bug, one could also consider that MySQL injections are not bugs because one could argue that "no one is supposed to type some SQL commands in the search field". Same rationale.

I think it's going to take at least a few years before spambots are able to read the operation that is written inside an image, and then process it and give the result. People who have problems reading can click the "speaker" icon to hear it loud.

This is what I understood as well

Actually I have an antispambot filter on the pcbsd.org forum, and for 5 months we have had only 1 or 2 spams. Combinations of spam filters are best. And there needs to be antispambots also for registered users, otherwise spammers register accounts manually and then send loads of spam using spambots. When the whole process needs to be manual and time-consuming, spammers give up.

This is not a solution. To fight spam, you have to think out of the box.

- If you can't post images or links for guests, as a spammer you put your URL in your profile.
- If you are a registered spammer and can't post images and links before 10 messages, then you send then canned messages such as those that we get everyday that say something very generic ("Hi, nice web site, just wanted to say hello"). And when your bot has sent 10 automatic messages, start sending your spam.

Thanks. As I said, I can install mods myself or even tweak my own spam filter. I'm talking about fixing this bug for the default installation so that people who install punBB don't have to worry, the default installation will be safe.

Of course I can install mods or create mine. The problem is that it has an exploit, it allows any non-human user to send an unlimited number of messages with no restriction. It's like not requiring registration, or disabling captchas. The point is that with a default installation of punBB, I can't run my forum.

I want that too!

Well, expect that this tool is in its infancy. Shortly these guys will offer a lot more than forum spamming, they will also spam in blog comments, wiki entries, phpMyFAQ comments, and hundreds of other web applications that are probably not prepared. And they will also protect against flooding or bot detection, using a random delay between posts. They will also randomize text of each post and subject to by-pass filters just like in e-mail spam techniques.

Exactly, I have also noticed it. I'm not sure about the proportion of true and fake registration, but I would say that more than 50% for sure are false registration in a sense that these registrations will never send any post on the forum. Also, when I do some research on the web looking up these usernames, they are already present in a number of forums with...Zero post! I have only one explanation for this practice: These people are creating thousands of accounts on thousands of forums with not a single post....For now. One day they could all of the sudden use these usernames to start filling the whole Internet with one single message. What sort of message? I don't know... Maybe a single product, maybe political, maybe an adult web site... I have no idea, but the thing is that on the PC-BSD forum for instance, there are thousands of fake usernames, I guess, under the control of a remote central bot. At any time this bomb can explode and the spam bot can trigger all of its usernames around the world to send one single message to promote their product.

PS: Yes, the PC-BSD forum is phpBB, sorry. Actually I moderate a simple punBB forum on www.interactionchat.com