Forum phpBB2 a problém se Spam boty

Napsal dne Pro 18, 2006 na Blog | 2 komentáře

Provozujete diskuzní forum phpBB2? Pak se dříve či později setkáse s problémem zvaném spam boti. Co je takový bot zač?

Může to být človek, nebo napsaný program, který se vám registruje na fóra pod ruzným uživatelskm jménem. Vše jen za účelem, aby vám posílal příspěvky, PM (soukromé zpravy uživatelům), emaily, zakládal nová témata a podobně. Nebo jen měl vyplněný profil s odkazem či podpisem. Proč?phpBB - anti spam

Noo, kvůli reklamě. V příspěvkách je většinou spousta odkazů, směřující na vlastní stránky různého obsahu (ať už personální blok, obchod erotického zboří, kasína, prodej viagry ..). Uživatel si proste chce zvýšit PageRank a to udělá tak, že na něj bude vaše stránka odkazovat. Čímž samozřejmě škodí i vám – snižuje tím váš PageRank, naštvává uživatele (znepřehlednuje a otravuje ostatní uživatele) Jak se proti nim tedy brátni?

Mazat a banovat IP moc nepomůže, také sehnání lidí, co budou jejich "produkty" odstranovat není přiliš efektivní. Přesto je zde pár postupů, co fungují a pomáhají.

Pokud tedy máte forum phpBB2 a chcete pomoci od spam botů, zkuste toto:
  1. Update – vždy mějte nainstalovanou poslední verzi phpbb2
  2. Nastavte způsob aktivace účtu na ‚uživatele‚ – pak budou muset kliknout na odkaz, co jim přijde emailem
  3. Zapněte visuální ověření – při registraci bude muset človek opsat číslo z obrázku
  4. Využijte nějaký bezpečnostní plugin – klidně i více, jejich seznam najdete v tomto článku nebo na adreách:

phpBB.com – Preventing SPAM – Bots and Humans
phpBB.com – Modifications: security
nebo si zkuste tento jednoduchý antispam mod pro začátek

Section 1: Introduction

 

Lately, a few topics have been started with suggestions for preventing SPAM on phpBB boards. After reading through some very incorrect information, I present you with what I hope is a factually correct, informative and easy to follow guide. It is important to note that SPAM is not a security threat; at worst you will have to go through your board and delete some topic/users. Rather than install every MOD you come across, you should first try using the built in SPAM protection features that come with the latest version of phpBB 2.0.x. Then, if necessary, install a MOD or two until you find the combination that best works for your board.

One thing I would like to add is that you should always take other people’s posts with a grain of salt. If someone writes "it doesn’t work" or "my suggestions are the best", don’t just assume that’s the case. Not all boards get hit with the same bots and not everyone knows how to follow installation instructions

 

Section 2: Using what you already have

  1. Update Update Update!
    With each new version of phpbb, security is improved and bugs are fixed. If you’re not running the latest version, you should update as soon as possible. Before updating, it’s a good idea to check out the updating guide: http://www.phpbb.com/kb/article.php?article_id=271.
  2. Set activation to ‚user‘ or ‚admin‘
    This feature sends an activation email to either the user registering or the administrator. Unless you plan on activating all members personally, you should leave this set to ‚user‘. Many bots use fake emails when registering, so this will stop them from activating the account. It will also discourage some human spammers, since they will need to provide a valid email account each time they register. Not only does this stop some spam, it also helps make sure that all members have valid email accounts on file (which will prevent emails from bouncing back when you send mass emails). You can activate this option in the ‚configuration‘ section of the administration panel.
  3. Enable visual confirmation
    This is the image with the numbers/letters you had to enter into the box when registering on this site. While doing nothing to prevent human SPAM, it should block most of the bots. This feature has been improved in recent versions and even further improvements are in the CVS (will be in the next release). You can activate this option in the ‚configuration‘ section of the administration panel. If you are using the latest version of phpBB, but do not see this option in the administration panel, your template is likely out of date. See this article by espicom for more info and the fix:http://www.phpbb.com/kb/article.php?article_id=329.
  4. Disable guest posting
    If you allow guests to post, SPAM bots will not even bother registering. It is therefore generally recommended that you disable guest posting on your board (find out how). If you absolutely must allow guests to post, I suggest you install the Anti-bot Guest Post MOD (#2 below) by otseng or the Visual Confirmation for Guests MOD by Kanuck (#15 below).

Section 3: The artillery

  1. If you have done everything above and are still being spammed, check out the MODs below. Like it says in the introduction, don’t just install everything you see. Read the descriptions and decide which MODs look like they will work best with your board. If you have never installed a MOD, you should check out the mod installation tutorial. Always remember to make backups of any files you plan on editing (or just be like me and backup the whole directory).

    If you have questions regarding a specific MOD, please ask it in that MOD’s topic, not here.

  2. Active members Only by defender-uk
    Description:[/b]Extremely simple MOD that prevents inactive users from showing up in the memberlist.
  3. Anti-bot Guest Post Mod by otseng
    If you allow guests to post on your board, this MOD will help prevent SPAM by adding a drop down to the guest posting screen.
  4. AntiSpam Mod by deMone
    Prevents instant registrations by checking the amount of time it took to fill in the form.
  5. Block Open Proxy Registrants by TerraFrost
    Blocks those attempting to register from open proxies.
  6. Configure Member Profile Required Fields by ycl6
    Allows the admin to set which fields are required during registration.
  7. ConfusaBOT lite & ConfusaBOT ACP by espicom
    This simple MOD changes the registration form URL from "…profile.php?mode=register&agreed=true" to "…profile.php?mode=register&XXX=true", allowing you to define the XXX. This will stop bots that skip the agreement and go straight to the form. The ACP version allows you to change the agreed variable in the configuration section of the administration panel, while the lite version defines the variables in the constants.php file. Which you choose to use is completely up to you.
  8. Deter Comment Spam by TerraFrost
    Provides a deterrence to so-called comment spammers by adding rel="nofollow" tags on a conditional basis. For a further explanation, see the "Author comments" in the install.txt file.
  9. disable spambots by magenta
    Checks the amount of time it took to submit the registration form. If it is less than 5 seconds, the form cannot be submitted.
  10. Easy BotStopper by battye
    Removes the website field from the registration form (still available in user profiles). If a bot supplies this information anyway (via a separate script), the registration will be denied.
  11. Hide Zero Posters by TerraFrost
    This MOD will prevent users with 0 posts from showing up in the memberlist. This is a great tool for preventing human spammers.
  12. The humanizer by Underhill
    Adds the question ‚Are you human?‘ to the registration form which must be answered for the registration to be processed. Since this isn’t a standard phpBB question, most bots will not answer it.
  13. Redirect anonymous users to login by StefanKausL
    Will prevent guests from getting your members‘ contact information by disallowing guests to view the memberlist, groups, profiles, etc.
  14. Registration disable website signature by EXreaction
    Removes the signature and website fields from the registration form (still available in user profiles). If a bot supplies this information anyway (via a separate script), the registration will be denied. Also has an autoban feature.
  15. Spam Words by Joe Belmaati
    Allows you to specify words in the administration panel that are not allowed to be used in posts. When a user tried to use a forbidden word, an error will be displayed.
  16. User Shield by Wo1f
    Hides usernames and corresponding profile data from all except the Administrator until activated. Manage (activate or delete) non-activated members from the memberlist.
  17. Visual Confirmation for Guests by Kanuck
    Adds the visual confirmation to the posting page for guests. If you enable guest posting, you can use this MOD to prevent spammers from having a field day.
  18. Anti Bot Question by MagMo
    This MOD replaces the standard visual confirmation with a question selected at random from a pool. You may add custom questions to the pool, which makes this MOD very dynamic.
    ** This MOD has not been validated by the phpBB MOD team.
  19. Antispam for all fields by Ramon Fincken
    This MOD uses the word replacement list to check all profile fields (website, interests, etc.) as well as the posting field. An extensive bad word list is provided. Also checks remote websites for bad words. Admin panel settings.
    ** This MOD has not been validated by the phpBB MOD team.
  20. Anti-spam bots registration by RevJim &Anti-Spam ACP by EXreaction
    Both of these MODs disable the signature and website fields for users with less than X posts. The ACP version by EXreaction adds configurable options to the administration panel.
    ** This MOD has not been validated by the phpBB MOD team.
  21. myVIPcode – fight spam registrations by Martin Aignesberger
    Requires a "VIP code" to be entered at registration. You can specify where the VIP code can be found on your site
    ** This MOD has not been validated by the phpBB MOD team.
  22. Unique Registration Hash by pentapenguin
    This MOD changes the "agreed=true" part of the registration form to a unique identifier to help stop spam bots from registering.
    ** This MOD has not been validated by the phpBB MOD team

Section 4: Miscellaneous

  1. SPAM removal tools
    Admin Toolkit – Allows you to mass delete users. Users should never be deleted straight from the users table.

    Translations
    Dutch: http://www.phpbb.nl/viewtopic.php?t=31511
    Dutch: http://www.phpbbservice.nl/viewtopic.php?t=2
    Espa?ol: http://www.tomatoma.ws/foros/viewtopic.php?t=10201

    Other anti-SPAM threads

  2. Fight the spam registration bots! by espicom
  3. Anti-Spam Thread! by EXreaction

Zdroj: phpBB forum

Zanachat odpověď