Celestia Forums

Are there new spam scripts out there that start to seep into the forum, or what is the matter?
It's not so bad yet, but things should be checked, if these are scriptgenerated or if people are doing it.
And then security beefed up if necessary, so that scripts have a real hard time.

Regards,

Guckytos

I think the scripts that understand phpbb's login procedures are becoming more popular.
It used to be one or two a week. Now it's several each day. I delete the postings when I see them.

*sigh*

you missed one

http://www.celestiaproject.net/forum/viewtopic.php?t=8913

It is somewhat annoying... doesn't phpbb have that 'enter this number from this garbled image" barrier when people register?

I believe there is a visual confirmation code in PHPBB 2.0. However, that would involve and upgrade. And that can be very dauting as I have found out with my use of Xoops and Drupal.

There is a visual confirmation code ("captcha") on this forum's Register page. So either it doesn't work correctly, or the spammers have caught up.

Harald

The captcha used by phpBB is weak and has been broken by software.

Reference:
http://sam.zoy.org/pwntcha/

bdm wrote:http://sam.zoy.org/pwntcha/

I'd be interesting to know how many spammers employ anti-Captcha software.
Apparently one has to do something unique to keep spammers away. Assuming spammers do only automated registering, even a slight variation might suffice.
The URL of the register page could be changed. Create a simple HTML-page at the old URL, which contains an explanation and a link to the new URL of the register page. For more difficulty password protect the register page and put the password on the HTML-page. This should throw most automated tools off track - as long as they haven't learnt that trick.

But these things would cost some time to implement and I don't expect Chris to spend the time unless the situation is becoming worse.

Harald

Harry wrote:

bdm wrote:http://sam.zoy.org/pwntcha/

I'd be interesting to know how many spammers employ anti-Captcha software.

Evidently enough that the Celestia forums get spammed daily.

Harry wrote:Apparently one has to do something unique to keep spammers away. Assuming spammers do only automated registering, even a slight variation might suffice.

We could change the captcha away from the phpBB default. A strong captcha would have some or all of the following features:

• Different fonts.
• Different backgrounds.
• Different colours, including dark-on-light and light-on-dark.
• Different rotations of the text.
• Different number of characters.
• Large number of combinations of possible answers.
• Distortion.

holle new SPAM

http://www.phpbb.com/phpBB/viewtopic.php?p=1404100

2.00.11 version PHPbb..com

This is really taking the mickey now, we've got four new ones in the space of three hours today.

Is it me or does all the spam end up in the Users forum and nowhere else?

I think we should look at the feasibility of customising the captcha. phpBB uses a fairly weak captcha and it has been broken (see my previous posts for details). I have experimented briefly with the creation of custom captchas and it's quite easy to do in PHP.

If we use a variety of fonts, font colours and backgrounds, we can make a captcha that's strong enough to defeat the spambots with only a few hours' work. Having lots of backgrounds is easy - some of the more interesting Celestia textures will do nicely. Include some dark backgrounds as well as light ones, so the spambots can't exploit the trick of picking out the dark text from the light background all the time. Then we create an image, tile it with the background, and overwrite some text, and there's a new captcha that will baffle the bots.