Fighting Spam

This forum is about this website itself: the content pages, the forums, and the wiki.
User avatar
Carsten
Site Admin
Posts: 2132
Joined: 2004-08-19, 13:46
Location: Germany
Contact:

Fighting Spam

Postby Carsten » 2009-04-14, 13:44

We're currently experiencing an increased amount of successful automated registrations to our Ca3D-Engine forums with subsequent spam posts. This is currently a general world-wide problem, not only with our forums, and we're currently establishing several counter measures. (In fact, a new method has been activated today.)

Some of these measures are somewhat experimental though, and not all are always effective, so that our kind forum users are sometimes bothered with notification emails about new posts that have been triggered by bots posting spam.

We're very sorry about these incidents, and hope to be able to improve the situation soon. :up:

Good news is that in the meanwhile, we're working intensively and successfully on fixing the remaining issues for the next release (proper physics integration will be possible without adversely affecting level load time, almost no impact on memory requirements (thus better CPU cache coherence), and only minimal impact on FPS). Stay tuned! :wohow:
Best regards,
Carsten
scott
Posts: 173
Joined: 2004-08-23, 09:11

Re: Fighting Spam

Postby scott » 2009-04-15, 07:50

Yeah the spam posts get annoying, I look on here everyday for new posts only to find crap.
Do you have an authentication code system for new member registration?

Glad to hear about the progress on the next build. :mrgreen:
User avatar
Carsten
Site Admin
Posts: 2132
Joined: 2004-08-19, 13:46
Location: Germany
Contact:

Re: Fighting Spam

Postby Carsten » 2009-04-15, 23:19

scott wrote:Yeah the spam posts get annoying, I look on here everyday for new posts only to find crap.

Yes, agreed, my greatest concern is to save you all from such cases.

Do you have an authentication code system for new member registration?

Yes, for new user registrations the captcha is in place (since this forum was converted to phpBB3), as well as a number of other built-in bot-prevention features.
All this however proved insufficient since a few days to keep bots out and prevent them from posting spam.

For now, it seems that phpBB3's "Queue posts" feature is a good solution:
It implements the ability to put registered users posts to post approval if their post count is lower than a specified value. I've set this value to 1, which means that everybody who has posted at least once is not subject to post queuing - everything works as usual.
For newly registered users, who have never posted a single post, their posts are queued until approved by a moderator. Users can post without queuing and approval as soon as the specified number of posts has been approved (just 1 in our case).

Of course, our moderators will only approve genuine posts. As this is necessary only for the first post, the user will experience the delay until the approval only once.

Moderators, please do nothing about the spam posts which are waiting for approval (please don't delete them): They're invisible to guest and registered users (i.e. visible only to moderators and admins). In the admin interface, I can then delete them (together with all their posts) with a single mouse click :twisted:, and will do so every time I identify them (which is easier when all their nonsense posts are still there).

:thanks:
I would like to take to opportunity to warmly thank Thrawn and Kai for their great job moderating the forums - you rarely see them intervene in public, but the moderator logs are evidence of their careful work.
Best regards,
Carsten
V-Rage
Posts: 3
Joined: 2009-04-24, 08:14

Re: Fighting Spam

Postby V-Rage » 2009-04-25, 08:56

Carsten wrote:
scott wrote:Yeah the spam posts get annoying, I look on here everyday for new posts only to find crap.

Yes, agreed, my greatest concern is to save you all from such cases.

Do you have an authentication code system for new member registration?

Yes, for new user registrations the captcha is in place (since this forum was converted to phpBB3), as well as a number of other built-in bot-prevention features.
All this however proved insufficient since a few days to keep bots out and prevent them from posting spam.

For now, it seems that phpBB3's "Queue posts" feature is a good solution:
It implements the ability to put registered users posts to post approval if their post count is lower than a specified value. I've set this value to 1, which means that everybody who has posted at least once is not subject to post queuing - everything works as usual.
For newly registered users, who have never posted a single post, their posts are queued until approved by a moderator. Users can post without queuing and approval as soon as the specified number of posts has been approved (just 1 in our case).

Of course, our moderators will only approve genuine posts. As this is necessary only for the first post, the user will experience the delay until the approval only once.

Moderators, please do nothing about the spam posts which are waiting for approval (please don't delete them): They're invisible to guest and registered users (i.e. visible only to moderators and admins). In the admin interface, I can then delete them (together with all their posts) with a single mouse click :twisted:, and will do so every time I identify them (which is easier when all their nonsense posts are still there).

:thanks:
I would like to take to opportunity to warmly thank Thrawn and Kai for their great job moderating the forums - you rarely see them intervene in public, but the moderator logs are evidence of their careful work.



quick solution would be to use SMF. I used it for so long, and no cases of spam ever occured. you can even transfer your existing database
User avatar
Carsten
Site Admin
Posts: 2132
Joined: 2004-08-19, 13:46
Location: Germany
Contact:

Re: Fighting Spam

Postby Carsten » 2009-04-25, 10:21

V-Rage wrote:quick solution would be to use SMF. I used it for so long, and no cases of spam ever occured. you can even transfer your existing database

Well, we're generally very happy with phpBB3 as-is, and switching to an entirely different forum software is certainly a lot of work involved. Also, bot attacks and spam posts are not so much a matter of the forum software, but popularity both of the forum software and contents. In other words, after a short pause we'd be seeing spam in a different forum software, too.
Good news is that the next version of phpBB3 will have improved and additional anti-spam features built in. Also, the now employed "Queue posts" feature seems to serve us very well: As planned, I've been able to delete several bot accounts plus their spam posts before they were ever indicated to our regular members. :up:
Best regards,
Carsten
MatthiasG.
Posts: 21
Joined: 2009-01-11, 11:36
Location: Germany

Re: Fighting Spam

Postby MatthiasG. » 2009-10-04, 20:58

Hello Carsten!

Do you know the "Kreis-Captchas"?

I would replace the Submit-Button with one of it.

Heres a little bit of code, which you can use (this is only example-code, just written, could be, that it is not running correctly):

Please call this example2.php:

Code: Select all

    <?php
    session_start(); // Very important!!!! On top!!!!

    mt_srand((double)microtime()*1000000); // initalize the random-generator
    $image   = imagecreatetruecolor(250, 80); // Create Image width, height
    $target_circle = mt_rand(1, 6); // Select an open circle
    imagefilledrectangle($im, 0, 0, 249, 79, imagecolorallocate($image, 255, 255, 255)); //Background-Color
    imagerectangle($im, 0, 0, 249, 79, imagecolorallocate($image, 0, 0, 255)); // Border-Color

    $color = array();
    $color[] = imagecolorallocatealpha($im, 0, 0, 0, 90);
    $color[] = imagecolorallocatealpha($im, 128, 0, 0, 90);
    $color[] = imagecolorallocatealpha($im, 255, 0, 0, 80);
    $color[] = imagecolorallocatealpha($im, 0, 255, 0, 70);
    $color[] = imagecolorallocatealpha($im, 0, 0, 255, 90);
    $color[] = imagecolorallocatealpha($im, 255, 153, 0, 70);
    $color[] = imagecolorallocatealpha($im, 153, 0, 255, 90);
    $color[] = imagecolorallocatealpha($im, 0, 255, 255, 70);
    shuffle($color);   //shuffle color array

    for($i=1; $i <= $circle; $i++){
      //Draw circles
      $durchmesser = $mt_rand(30, 50);
      $radius = ($durchmesser / 2)+2; //Radius of the circles
      $x = mt_rand($radius, 250 - $radius);   /x Position
      $y = mt_rand($radius, 80 - $radius); /y Position
      $start = 0; //0 - 360 degrees = closed circle
      $end = 360;
      if($target_circle == $i){ //If circle should be open
        $start = mt_rand(0,360); //Circle aperture between start and end
        $end = $start-45;
        //Save X-,Y- and Radius in session
        $_SESSION['circle_x'] = $x;
        $_SESSION['circle_y'] = $y;
        $_SESSION['circle_r'] = $radius;
      }
      imagesetthickness  ($image, 2);
      imagearc($image, $x, $y, $durchmesser, $durchmesser, $start, $end, $color[$i]);
    }
?>


And here's the example.php:

Code: Select all

    <?php session_start();?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Circle-Captcha</title>
    </head>

    <body>
    <?php
       if(isset($_POST['button_x']) && isset($_POST['button_y'])) {
          if(!empty($_SESSION['circle_x']) && !empty($_SESSION['circle_y']) && !empty($_SESSION['circle_r'])){
             $dx = $_POST['button_x'] - $_SESSION['circle_x'];
             $dy = $_POST['button_y'] - $_SESSION['circle_y'];
             $r1 = sqrt($dx * $dx + $dy * $dy);
             if ($r1 < $_SESSION['circle_r']){echo "OK";}else{echo "WRONG!";}
          }
       }
    ?>
       <form id="form1" name="form1" method="post" action="<?=$_SERVER['PHP_SELF'];?>">
          <label>
          <input type="image" src="example2.php" style="cursor:crosshair;" name="button" id="button" value="Send" />
          </label>
       </form>

    </body>
    </html>


Hope you'll like it ;)
Greetings from germany,

MatthiasG.
User avatar
Carsten
Site Admin
Posts: 2132
Joined: 2004-08-19, 13:46
Location: Germany
Contact:

Re: Fighting Spam

Postby Carsten » 2009-10-05, 18:30

Dear Matthias,

MatthiasG. wrote:Do you know the "Kreis-Captchas"?

thank you very much for your message and example code! :-D

The problem with such code is that it must be integrated into our forum software as a patch (modification, "MOD"), and many MODs make upgrading and maintaining the forum core very tedious and difficult.
However, there are many good news regarding spam prevention: First, new versions of phpBB3 will come with a very modular and pluggable captcha system that allows the addition of arbitrary captchas to a forum very easily (even multiple at a time) and without the maintenance problems that the current custom-coded patches inherently bring.
Also, right now, it fortunately seems that our existing anti-spam measures are quite effective, and I even consider turning off the "first-post of a new user is moderated" queue again. :-)

Anyways, I think that the new phpBB version that supports pluggable captchas will be available soon. Adding Circle captchas will then be a pleasure! :up:

Many thanks for your post, and best regards,
Carsten

Return to “Website, Forum and Wiki”

Who is online

Users browsing this forum: No registered users and 1 guest