New spam scripts out, or what?

General discussion about Celestia that doesn't fit into other forums.
Topic author
Guckytos
Posts: 439
Joined: 01.06.2004
With us: 20 years 5 months
Location: Germany

New spam scripts out, or what?

Post #1by Guckytos » 24.02.2006, 11:07

Are there new spam scripts out there that start to seep into the forum, or what is the matter?
It's not so bad yet, but things should be checked, if these are scriptgenerated or if people are doing it.
And then security beefed up if necessary, so that scripts have a real hard time.

Regards,

Guckytos

Avatar
selden
Developer
Posts: 10192
Joined: 04.09.2002
With us: 22 years 2 months
Location: NY, USA

Post #2by selden » 24.02.2006, 12:50

I think the scripts that understand phpbb's login procedures are becoming more popular.
It used to be one or two a week. Now it's several each day. I delete the postings when I see them.

*sigh*
Selden

Malenfant
Posts: 1412
Joined: 24.08.2005
With us: 19 years 3 months

Post #3by Malenfant » 24.02.2006, 15:50

you missed one ;)

http://www.celestiaproject.net/forum/viewtopic.php?t=8913

It is somewhat annoying... doesn't phpbb have that 'enter this number from this garbled image" barrier when people register?
My Celestia page: Spica system, planetary magnitudes script, updated demo.cel, Quad system

buggs_moran
Posts: 835
Joined: 27.09.2004
With us: 20 years 2 months
Location: Massachusetts, USA

Post #4by buggs_moran » 25.02.2006, 14:03

I believe there is a visual confirmation code in PHPBB 2.0. However, that would involve and upgrade. And that can be very dauting as I have found out with my use of Xoops and Drupal.
Homebrew:
WinXP Pro SP2
Asus A7N8X-E Deluxe
AMD Athlon XP 3000/333 2.16 GHz
1 GB Crucial RAM
80 GB WD SATA drive
ATI AIW 9600XT 128M

Harry
Posts: 559
Joined: 05.09.2003
With us: 21 years 2 months
Location: Germany

Post #5by Harry » 26.02.2006, 16:37

There is a visual confirmation code ("captcha") on this forum's Register page. So either it doesn't work correctly, or the spammers have caught up.

Harald

bdm
Posts: 461
Joined: 22.07.2005
With us: 19 years 4 months
Location: Australia

Post #6by bdm » 27.02.2006, 01:51

The captcha used by phpBB is weak and has been broken by software.

Reference:
http://sam.zoy.org/pwntcha/

Harry
Posts: 559
Joined: 05.09.2003
With us: 21 years 2 months
Location: Germany

Post #7by Harry » 27.02.2006, 09:15

bdm wrote:http://sam.zoy.org/pwntcha/

I'd be interesting to know how many spammers employ anti-Captcha software.
Apparently one has to do something unique to keep spammers away. Assuming spammers do only automated registering, even a slight variation might suffice.
The URL of the register page could be changed. Create a simple HTML-page at the old URL, which contains an explanation and a link to the new URL of the register page. For more difficulty password protect the register page and put the password on the HTML-page. This should throw most automated tools off track - as long as they haven't learnt that trick.

But these things would cost some time to implement and I don't expect Chris to spend the time unless the situation is becoming worse.

Harald

bdm
Posts: 461
Joined: 22.07.2005
With us: 19 years 4 months
Location: Australia

Post #8by bdm » 07.03.2006, 01:32

Harry wrote:
bdm wrote:http://sam.zoy.org/pwntcha/
I'd be interesting to know how many spammers employ anti-Captcha software.
Evidently enough that the Celestia forums get spammed daily.
Harry wrote:Apparently one has to do something unique to keep spammers away. Assuming spammers do only automated registering, even a slight variation might suffice.

We could change the captcha away from the phpBB default. A strong captcha would have some or all of the following features:
  • Different fonts.
  • Different backgrounds.
  • Different colours, including dark-on-light and light-on-dark.
  • Different rotations of the text.
  • Different number of characters.
  • Large number of combinations of possible answers.
  • Distortion.

symaski62
Posts: 610
Joined: 01.05.2004
Age: 41
With us: 20 years 6 months
Location: france, divion

Post #9by symaski62 » 07.03.2006, 03:50

holle new SPAM

http://www.phpbb.com/phpBB/viewtopic.php?p=1404100

2.00.11 version PHPbb..com
windows 10 directX 12 version
celestia 1.7.0 64 bits
with a general handicap of 80% and it makes much d' efforts for the community and s' expimer, thank you d' to be understanding.

Malenfant
Posts: 1412
Joined: 24.08.2005
With us: 19 years 3 months

Post #10by Malenfant » 14.03.2006, 04:41

This is really taking the mickey now, we've got four new ones in the space of three hours today. :evil:

Is it me or does all the spam end up in the Users forum and nowhere else?
My Celestia page: Spica system, planetary magnitudes script, updated demo.cel, Quad system

bdm
Posts: 461
Joined: 22.07.2005
With us: 19 years 4 months
Location: Australia

Custom captcha

Post #11by bdm » 16.03.2006, 01:15

I think we should look at the feasibility of customising the captcha. phpBB uses a fairly weak captcha and it has been broken (see my previous posts for details). I have experimented briefly with the creation of custom captchas and it's quite easy to do in PHP.

If we use a variety of fonts, font colours and backgrounds, we can make a captcha that's strong enough to defeat the spambots with only a few hours' work. Having lots of backgrounds is easy - some of the more interesting Celestia textures will do nicely. Include some dark backgrounds as well as light ones, so the spambots can't exploit the trick of picking out the dark text from the light background all the time. Then we create an image, tile it with the background, and overwrite some text, and there's a new captcha that will baffle the bots.


Return to “Celestia Users”