Added "Android" and "converter" to the list of checks that will flag a post for the moderation queue if the user's post count is less than three, that should cut out lots of this spam lately.
Announcement
Collapse
No announcement yet.
Need to have some better security on the forums
Collapse
X
-
-
There's three kinds of attacks:
1) automated broad-scale attacks against random vbulletin boards found via google
2) specialized attacks specifically crafted for a certain forum
3) humans paid to manually register and spam
Type 1 attacks are easily defeated by changing the registration form in ways the bots don't expect. We've reduced the bots in a phpBB board with a few simple tricks:
- changed the URL of the registration form, most bots don't even find it any more. Disallowing the registration form in robots.txt seems to help, too.
- we made the "username" field invisible (via css). If anyone submits a non-empty "username", it's a bot.
- we added a field "actual_username" that's displayed instead. If anyone submits an empty actual_username, it's a bot.
It's as effective as a custom captcha but not as annoying.
Custom registration forms can be defeated by hand-crafting attacks to the specifics of the board (attacks of type 2), but usually nobody will bother. Our 100k-person board should be more attractive for such things, but it hasn't happened yet.
The best automation against Type 3) are badword-filters, disabling links in the first x posts or adding new threads of recently-registered to the moderator-queue.Last edited by rohcQaH; 15 January 2010, 10:05 AM.
Comment
-
Everybody welcome the new member
Comment
-
Originally posted by deanjo View PostWell there are some trends if you look at the spams,
1) they always start a new thread on their initial spam, make it so that creating a new thread on the first posts from a new user can't be put up until reviewed
2) since these are mostly bot signups have the signup process not accept a signup when the form is "instantly" filled from their macro's, etc. Usually with their signups are filled in all in one shot, something a human couldn't really do. Restrict it to the signup process has to take at least a minimum time such as 10 seconds.
There are other ways as well to minimize the effect, they just have to be put in place.
Also disabling signatures and avatars for new people till they reach a certain number of posts also helps too, as some spammers use signatures filled with links to badware
Originally posted by Michael View PostAdded "Android" and "converter" to the list of checks that will flag a post for the moderation queue if the user's post count is less than three, that should cut out lots of this spam lately.
@Michael, spammers will always try to get around whatever you throw at them, so its pretty much a must to keep devising new ways to keep on top of the spammers.
Originally posted by L33F3R View Postoh man. poor Qaridarium would be trying for hours and hours.
But Q's not really a spammer though, despite how badly worded his posts are.Last edited by DeepDayze; 20 January 2010, 12:44 AM.
Comment
-
-
Going to be upgrading vBulletin today or tomorrow to hopefully take care of some of this recent spamming...Michael Larabel
https://www.michaellarabel.com/
Comment
-
Originally posted by Michael View PostGoing to be upgrading vBulletin today or tomorrow to hopefully take care of some of this recent spamming...
Comment
-
Comment