Skip to main content

More fun with forum spam

Well, on the most popular forum I run I've finally bitten the bullet and done to manual moderation of all new members. The damn spammers go through the captcha like it's nothing these days, and despite an ever-increasing banlist of IP ranges and email addresses, they keep coming.

I'm using phpBB (not the new one) so my moderation tools are pretty limited. I'm sure that's there's modules and whatnot out there, but I figure since I'm likely going to be upgrading to the new version at some point, there's not much point in messing with that. Plus I have a fair amount of customization on the forum, and I'd rather not mess that up until needed.

I think there's a few different things leading to this new storm of spammers. First, I think it's obvious that they've figured some way around captcha style "prove your human" tests. Or they're just hiring "sweat shop spammers" to do it manually, and training them to decode the captchas. Since so many of these spammers don't come from english-speaking (China and Russia anyone?) that seems likely. Perhaps they even have automated tools to help them, and only need a human for the actual captcha bit.

I also wonder if the demise paid links in Google has made getting these other links even more important.

Or maybe it's the first step in Skynet's plant to wipe out human civilization and impose robot rule on us all!

Comments

MCG said…
I know three phpBB-based forums which managed to stop spam registrations with KittenAuth. They were probably human spammers not bots since they were getting round phpBB's default CAPTCHA. Lord knows why KittenAuth should have stymied them, but it did.
The Author said…
Hmm, it could just be that CAPTCHA is so heavily used that it was worth their way to find a way around it, whereas KittenAuth is presumably smaller... I'll have to look into trying that, although keeping up with moderating new accounts hasn't been too bad.

Popular posts from this blog

Security Tips - Passwords and Logins

Passwords are something we all have to live with. There are other authentication methods slowly coming into use (i.e. two-factor) but it's hard to see passwords going away anytime soon. I assume everyone knows the basics - use "good" passwords, don't share them between sites, don't write them on a sticky note on your desk, don't save them in a file named "passwords.txt" on your computer, etc etc. That's all well and good, but there's so much more you can do! Good Passwords A "good" password is hard to guess, is what we're told. I think most people are unclear about what exactly "guess" means. These days, it means that it needs to be resistant to password cracking attacks that are getting ever more fast and sophisticated. Just making sure that you have numbers, characters, upper/lower case, etc isn't enough. The gold standard most important thing about a password is that it is long . The longer the better.

Another VI tip - using macros, an example

God I love VI. Well, actually, vim but whatever. Here's another reason why. Suppose you need to perform some repetitive task over and over, such as updating the copyright date in the footer of a static website. (Yes, yes I know you could do a javascript thing or whatever, just bear with me.) Of course you could just search and replace in some text editor, changing "2007" to "2008" (if you're stupid) - and you'll end up with a bunch of incorrect dates being changed, most likely. What you need to do is only change that date at the bottom. And suppose that because of the formatting, you can't use the "Copy" part of the string in a search replace - perhaps some of the pages use "©", some spell out "Copyright" etc. This is where vi macros come in handy. A macro in vi is exactly what you expect, it records your actions and allows you to play them back. To start recording, press q followed by a character to use to "stor

Using FIle FIlters in FileZilla

Here's a handy tip for situations when you want to download a large number of files - but only of a certain type. For example, perhaps you want to download all the PHP files from a largish website, scattered through many subdirectories. Perhaps you're making a backup and don't want any image files, etc. FileZilla (still the best FTP in my opinion) has a handy feature called filename filters - located under the Edit menu. Here you can set various filters that filter out files based on their filename. Took me a minute to figure that out - you're saying show only PHP files, rather you're saying filter out files that do not have ".php" as their suffix. For some reason, that seems a little backwards to me, but whatever. It works quite well. You can also check whether the filter applies only to files, only to directories - or both. In this example, you'd want to check only files, as otherwise you won't see any directories unless they happen to end in