It is currently Sun Dec 21, 2014 1:03 am

  • Forum
    Posts
    Last post

Login  •  Register

Who is online

4 users online: 0 members and 4 guests
Members: No members
Our newest member Asenefarar

  • Chatbox
Dec 14 - bajadulce -  
I've had a recent blast of new spambots in another forum I run as well. The security question nested in the banner is no longer an effective means. Bots have been programmed to look for this now it looks like. Guess it has become a trendy solution. Oh well it worked for awhile. You might want to turn off registration entirely until can come up w/ a plan. Otherwise could have as much as 50 users registering a day. I'd shut if off till you can come up w/ a new plan. email verification won't do it.
Dec 14 - bajadulce -  
I'll send you guys the new FTP passes and login info to the server here in the morning. I'd say turn off registration in the meantime.
Dec 14 - krasi0 -  
You are right. Probably the answer to the current security question has been hardcoded inside the spambots. What if we change the question to something like: "What is the name of poiuy_qwert's complete modding suite?" or "Which game does BWAPI work with?"
Dec 14 - bajadulce -  
https://www.phpbb.com/community/viewtopic.php?t=2122696 I'll have to read some of this. At our golf forum we simply set up a yahoo email account and a contact info sheet where people had to make some kind of formal application reason for wanting to be part of the forum. The nice thing about the security question we had was that it was 2 words, included numbers.
Dec 14 - bajadulce -  
Prob the safest method is to have new registered users automatically be part of a separate user group that can easily be pruned etc. That new group can only post in a designated forum that flags admin that they are indeed real members wanting to join and not bots. From there they can be allowed to post into the forums. Not very convenient, but would seem effective.
Dec 14 - bajadulce -  
I'll prob try this on our golf forum. The new forum/category maybe called Registration and New Accounts. Didn't we try something like this in the beginning? Was a pain if I remember, but zero chance of bot getting through that's for sure.
Dec 14 - krasi0 -  
IIRC, at first we had manual admin approval for every registration, but it was overwhelming. Too many bot registration attempts resulting in flooding the admin's mailbox...
Dec 14 - krasi0 -  
I believe, it will be best if it's somehow automated. The security question used to do a good job for a long time, but obviously a human user has hardcoded it inside the spam bot repertoire, so might just think of another security question. Another option integrating: Google's NO-Captcha ( http://googleonlinesecurity.blogspot.de ... ptcha.html )
Dec 14 - krasi0 -  
OK, updated the secret question to win some time. Also cleaned up a few spambot accounts.
Dec 14 - Myk -  
Thanks for getting it back online, baja. I think our question based sign-up process works pretty good except that we let it go for long enough that someone hardcodes the answer into their spam setup.

cron