Are there new spam scripts out there that start to seep into the forum, or what is the matter?
It's not so bad yet, but things should be checked, if these are scriptgenerated or if people are doing it.
And then security beefed up if necessary, so that scripts have a real hard time.
Regards,
Guckytos
New spam scripts out, or what?
you missed one
http://www.celestiaproject.net/forum/viewtopic.php?t=8913
It is somewhat annoying... doesn't phpbb have that 'enter this number from this garbled image" barrier when people register?
http://www.celestiaproject.net/forum/viewtopic.php?t=8913
It is somewhat annoying... doesn't phpbb have that 'enter this number from this garbled image" barrier when people register?
My Celestia page: Spica system, planetary magnitudes script, updated demo.cel, Quad system
-
- Posts: 835
- Joined: 27.09.2004
- With us: 20 years 2 months
- Location: Massachusetts, USA
I believe there is a visual confirmation code in PHPBB 2.0. However, that would involve and upgrade. And that can be very dauting as I have found out with my use of Xoops and Drupal.
Homebrew:
WinXP Pro SP2
Asus A7N8X-E Deluxe
AMD Athlon XP 3000/333 2.16 GHz
1 GB Crucial RAM
80 GB WD SATA drive
ATI AIW 9600XT 128M
WinXP Pro SP2
Asus A7N8X-E Deluxe
AMD Athlon XP 3000/333 2.16 GHz
1 GB Crucial RAM
80 GB WD SATA drive
ATI AIW 9600XT 128M
The captcha used by phpBB is weak and has been broken by software.
Reference:
http://sam.zoy.org/pwntcha/
Reference:
http://sam.zoy.org/pwntcha/
bdm wrote:http://sam.zoy.org/pwntcha/
I'd be interesting to know how many spammers employ anti-Captcha software.
Apparently one has to do something unique to keep spammers away. Assuming spammers do only automated registering, even a slight variation might suffice.
The URL of the register page could be changed. Create a simple HTML-page at the old URL, which contains an explanation and a link to the new URL of the register page. For more difficulty password protect the register page and put the password on the HTML-page. This should throw most automated tools off track - as long as they haven't learnt that trick.
But these things would cost some time to implement and I don't expect Chris to spend the time unless the situation is becoming worse.
Harald
Evidently enough that the Celestia forums get spammed daily.Harry wrote:I'd be interesting to know how many spammers employ anti-Captcha software.bdm wrote:http://sam.zoy.org/pwntcha/
Harry wrote:Apparently one has to do something unique to keep spammers away. Assuming spammers do only automated registering, even a slight variation might suffice.
We could change the captcha away from the phpBB default. A strong captcha would have some or all of the following features:
- Different fonts.
- Different backgrounds.
- Different colours, including dark-on-light and light-on-dark.
- Different rotations of the text.
- Different number of characters.
- Large number of combinations of possible answers.
- Distortion.
This is really taking the mickey now, we've got four new ones in the space of three hours today.
Is it me or does all the spam end up in the Users forum and nowhere else?
Is it me or does all the spam end up in the Users forum and nowhere else?
My Celestia page: Spica system, planetary magnitudes script, updated demo.cel, Quad system
Custom captcha
I think we should look at the feasibility of customising the captcha. phpBB uses a fairly weak captcha and it has been broken (see my previous posts for details). I have experimented briefly with the creation of custom captchas and it's quite easy to do in PHP.
If we use a variety of fonts, font colours and backgrounds, we can make a captcha that's strong enough to defeat the spambots with only a few hours' work. Having lots of backgrounds is easy - some of the more interesting Celestia textures will do nicely. Include some dark backgrounds as well as light ones, so the spambots can't exploit the trick of picking out the dark text from the light background all the time. Then we create an image, tile it with the background, and overwrite some text, and there's a new captcha that will baffle the bots.
If we use a variety of fonts, font colours and backgrounds, we can make a captcha that's strong enough to defeat the spambots with only a few hours' work. Having lots of backgrounds is easy - some of the more interesting Celestia textures will do nicely. Include some dark backgrounds as well as light ones, so the spambots can't exploit the trick of picking out the dark text from the light background all the time. Then we create an image, tile it with the background, and overwrite some text, and there's a new captcha that will baffle the bots.