Spammer active on forum?


I am getting russian spam in my pb. Also the site is dreadfully slow by times. For more information about the spam moderators can contact me.

We are aware of the spam in the forums but are you getting personal message spam?

I’m whacking the spam as fast as I can…

I hate spammers…buncha jerks

Currently reading:

Proves that included visual CAPTCHA plugins are ineffective. Our questions obviously have landed in bot databases.
UTC-12 registration block can be tested, although I guess, since the guide is several years old, it does not work anymore nowadays. EDIT: Does not work anymore since UTC-12 cannot be selected. Looks like new phpBB versions just show actually used time zones for selection, so index 0 entry (UTC-11) IS in real use an we would break real user registrations when blocking it.

Will test again:

NB: I enabled the “Stop Forum Spam” extension some hours ago.

Thanks for this let’s hope it works.

Still several spam posts, but when checking in detail, all of them have registered before I enabled the extension.

When checking the user logs in ACP, I see 11 blocked registers only today. I hope there not too much false alarms, lets see.

I’m checking daily :slight_smile:

Played around with ACP a bid, disabled the phpBB native spambot countermeasures now, since they seem to be without any effect anyway, as long as we do not install and maintain Q&A or some proven functional new visual or puzzle style CAPTCHAs.

All CAPTCHA extensions I could find are either known to be “cracked” by bots or not updated anymore several years, so most likely ineffective as well. Everything else needs active and regular maintaining (new questions, puzzle combinations and such), so as long as no one of your guys has fun being creative on this, I would simply fallback on the “Stop Forum Spam” (SFS) database, which seems to work VERY effective. AFAIK there was one single spammer slipping through in the last three days, while dozens were blocked every day.

I currently allowed registrations if SFS server is down, which is not default. AFAIK there were two spammers and one regular user registered without spam check. Will monitor this for a while by going through those logged cases manually. Generally I don’t like to block registrations only because any 3rd party server is down, however if too many spammer slip through due to this, we have to change it.

EDIT: Enabled Cloudflare IP normalisation, so that spammers cannot be only tracked by name and mail but as well by IP.

Nice work thanks.

Some still slipping through, especially during Stop Forum Spam server downtimes, which occur somehow quite often (check logs). I think we indeed need block registers, in that case. Info should be announced/sticky in forum, also would be good to know how the registration page looks like if it is blocked due to SFS downtime. Sadly hard to check via test registers :wink:.

I do not feel any difference otherwise after disabling Q&A CAPTCHA, so this can stay and make registers much easier for regular users.

Still experimenting, since spammers still slipping through, although not much:

I re-enabled CAPTCHA, but reCAPTCHA this time. I noticed that the simple amount of registration attempts raised by ~ factor 4, after I disabled Q&A CAPTCHA. Makes sense since registration attempts failing on CAPTCHA are simply not logged. So our previous Q&A CAPTCHA was not ineffective, but only effective against ~80% of spam bots. While StopForumSpam does a VERY good job, with that high registration rate, here and there a spammer slips through. Lets see how well reCAPTCHA performs. Although I am no fans of sending any data to this provider, at least users will know it as being used very widely, they are updating it constantly and Fourdee already registered for a key some time ago :wink:.

Additionally I registered at StopForumSpam to have Ban Hammer reporting to their database and supporting the whole system. This means johnvick WarHawk:
Always use Ban Hammer to ban spammers and have all their posts and data (signature, avatar, attachments, …) purged all together and have it reported to the StopForumSpam database.
[hr]Jep, reCAPTCHA is indeed quite effective, when watching the StopForumSpam trigger logs:

29 Oct 2019 14:11
<---- Enabled reCAPTCHA
29 Oct 2019 12:05
29 Oct 2019 11:49
29 Oct 2019 11:40
29 Oct 2019 11:06
29 Oct 2019 10:49
29 Oct 2019 10:28
29 Oct 2019 10:18
29 Oct 2019 10:18
29 Oct 2019 09:41
29 Oct 2019 09:20
29 Oct 2019 09:14
29 Oct 2019 09:13
29 Oct 2019 09:07
29 Oct 2019 08:49
29 Oct 2019 08:38
29 Oct 2019 08:11
29 Oct 2019 08:06
29 Oct 2019 07:48
29 Oct 2019 07:45
29 Oct 2019 07:24
29 Oct 2019 07:19
29 Oct 2019 06:55
29 Oct 2019 06:42
29 Oct 2019 04:35

Nice work thanks.

Roger that!

Still many spammers slipping through. Its like “they” need some hours to know which CAPTCHA we use, then are able to crack it. SFS does its job, but there are now several registers which have less then 5 entries in their database (for either mail, IP or username), hence SFS does not trigger. The ones I checked have now 5 or more entries with our block+report :wink:. I reduced the required entries to 3, however this raises the chance for false blocks of course.

I saw you needed three register attempts to finally get through SFS filter? Since I never saw this block page, was it at least clear about what to do/try? From what I could derive from the logs, your mail address must have been the issue, but having a look into the SFS database I could not find a single entry, so I am confused why it triggered. Or did you do some step to get it removed there meanwhile?

I tried several emails. First some temp ones, so I didn’t think twice about being blocked. Red message just says

No soup for you! Your address was flagged as spam

, or something of the sort.
Then tried with a first non-temporary email, but that one didn’t work either. Just in case of bad cookies, I cleaned my browser history, and was finally able to sign in with another address.
I might have been tunnelling through Tor on the first attempts, pretty sure that didn’t help…

P.S. I am a Nigerian prince looking to transfer funds … I’m joking.