phpBB bots creating fake users!

Dani · 2006-09-28T16:04:30+00:00

It's very possible that it's a real person who is creating the accounts, and then letting the bots loose posting with them. You should definitely enable email confirmation so members need to verify their emails before they can post.

You can periodically prune emails waiting for verification to keep your database size down. You can also periodically send emails to users who haven't verified after a particular amount of time reminding them about your website.

nathanpacker 0 Posting Whiz in Training · 2006-09-28T16:10:14+00:00

It's very possible that it's a real person who is creating the accounts, and then letting the bots loose posting with them. You should definitely enable email confirmation so members need to verify their emails before they can post.
You can periodically prune emails waiting for verification to keep your database size down. You can also periodically send emails to users who haven't verified after a particular amount of time reminding them about your website.

Good stuff. Guess that's all we can really do. We've implemented email verification, and I guess I'll just tell the owner of the site to do some housekeeping every now and then. Thanks again for your input, and keep it up, the site rocks. ;)

Dani · 2006-09-28T16:24:03+00:00

Thank you ... I use email verification but don't require image verification. I figure that if they have a valid email and they have to click the link in it, it's definitely a human registering, so image verification isn't going to add any additional layer of security onto that. I think it's mostly for people who have email verification disabled.

nathanpacker 0 Posting Whiz in Training · 2006-09-28T16:53:14+00:00

Yeah, good point. And now that I think about it, I think you're right in your first post about it not being bots. Because we did have the image verification turned on, it really couldn't have been bots, unless there's some new high-tech ones I don't know about. But it is kind of redundant to have both.

Dani · 2006-09-28T22:45:36+00:00

Yup. :) Image verification prevents against bots and email verification prevents against bots and makes sure emails are valid. There are some bots nowadays that can read very simple image verification (ie when the letters are not distorted).

cyfm 0 Junior Poster in Training · 2006-10-05T22:35:38+00:00

You may also want to block the IP addresses of the repeat offenders, this can sometimes help. Their are many 'mods' avaliable on phpbb.com which can help against stopping auto bots joining your forum!

bbdog 0 Newbie Poster · 2006-10-06T09:13:17+00:00

You may also want to block the IP addresses of the repeat offenders, this can sometimes help. Their are many 'mods' avaliable on phpbb.com which can help against stopping auto bots joining your forum!

I simply google every user that signs on, if they populate lots of forums with 0 replies I simply remove them. I've turned up "users" that these bots sign on lots of sites, these bots are not very sophisticated. I've also removed the website field from the registration feature on my forum I guess that if they want to join my forum they won't be miffed if I don't show their website.

nathanpacker 0 Posting Whiz in Training · 2006-10-06T10:34:49+00:00

You may also want to block the IP addresses of the repeat offenders, this can sometimes help. Their are many 'mods' avaliable on phpbb.com which can help against stopping auto bots joining your forum!

Yeah, we just installed a mod to log the ip's, and we have blocked one or two. I think that's about as good as it's going to get as far as automated blocking.

nathanpacker 0 Posting Whiz in Training · 2006-10-06T10:35:43+00:00

I simply google every user that signs on, if they populate lots of forums with 0 replies I simply remove them. I've turned up "users" that these bots sign on lots of sites, these bots are not very sophisticated. I've also removed the website field from the registration feature on my forum I guess that if they want to join my forum they won't be miffed if I don't show their website.

This is a good idea, however, the owner of the forum simply doesn't want to take the time to do that. We were looking for more of an automated method at blocking fake users.

cyfm 0 Junior Poster in Training · 2006-10-06T15:49:33+00:00

dog that seems a very mundane task which takes up alot of time, their are alot of automated mods out their that can do the job for you.

Dani · 2006-10-07T08:52:59+00:00

Yes, I guess his method only works on very new (or closed) communities where you're excited about the one or two new members you got this week.

nathanpacker 0 Posting Whiz in Training · 2006-10-07T10:27:18+00:00

Yes, I guess his method only works on very new (or closed) communities where you're excited about the one or two new members you got this week.

Yeah, I do get stoked about those first few members!

Dani · 2006-10-07T10:34:10+00:00

Oh, those were the days!

nathanpacker 0 Posting Whiz in Training · 2006-10-07T11:42:36+00:00

Oh, those were the days!

Ha, don't you wish you were still enjoying those days like me. But you're Mrs. Big-time now.

klayburn 0 Newbie Poster · 2006-10-20T20:34:44+00:00

I am also having trouble with people creating fake accounts and posting their urls in the www field of their registrations on my boards.

BBDOG, How do you go about disableing the www/URL feature for new registrants? I looked in the admin panel and could not find that feature. Am I missing it or do I need to hard code some file? (which I do not know how to do)

bbdog 0 Newbie Poster · 2006-10-20T21:29:39+00:00

I am also having trouble with people creating fake accounts and posting their urls in the www field of their registrations on my boards.
BBDOG, How do you go about disableing the www/URL feature for new registrants? I looked in the admin panel and could not find that feature. Am I missing it or do I need to hard code some file? (which I do not know how to do)

I am using subSilver template. What you need to do is go into the templates directory and open profile_add_body.tpl locate all reference to website and remove them there should be 3.

stymiee 111 He's No Good To Me Dead Team Colleague · 2006-10-20T23:12:44+00:00

Disabling it in the template will not solve this problem. The form submission can still succeed because it does not need to come from your website. You will need to remove it from the code that processes the form submission or just remove it from the memberlist.

klayburn 0 Newbie Poster · 2006-10-20T23:38:33+00:00

I am using subSilver template. What you need to do is go into the templates directory and open profile_add_body.tpl locate all reference to website and remove them there should be 3.

Your rock BBDog. Thank you so much. I am also using the subsilver. I will try that. I just spent hours cleaning out my fake members, moving my boards and hiding them fromt he search engines.

Thanks.

Barnz 0 Junior Poster in Training · 2006-10-22T22:34:50+00:00

Your rock BBDog. Thank you so much. I am also using the subsilver. I will try that. I just spent hours cleaning out my fake members, moving my boards and hiding them fromt he search engines.
Thanks.

Yes and like stymiee said, it will not solve the problem as a whole. The fake entries can still reach your database, which may mean you will still have to spend time deleting them.

klayburn 0 Newbie Poster · 2006-10-23T02:52:08+00:00

I put my board behind a password protected directory. Hopefully this will help. Thanks for your advise. I was very useful.

stymiee 111 He's No Good To Me Dead Team Colleague · 2006-10-23T04:11:49+00:00

I put my board behind a password protected directory. Hopefully this will help. Thanks for your advise. I was very useful.

If the directory is password protected, how will potential new members be able to view it?

ludacwisp 0 Newbie Poster · 2006-10-26T08:02:57+00:00

It's very possible that it's a real person who is creating the accounts, and then letting the bots loose posting with them. You should definitely enable email confirmation so members need to verify their emails before they can post.
You can periodically prune emails waiting for verification to keep your database size down. You can also periodically send emails to users who haven't verified after a particular amount of time reminding them about your website.

There's a brand new black hat seo program in the works that does exactly this--sign up as a fake user to a phpboard without a captcha in order to post their url within the profile. Even with the captcha, who knows, they may develop tools to read it.

stymiee 111 He's No Good To Me Dead Team Colleague · 2006-10-26T20:01:24+00:00

There's a brand new black hat seo program in the works that does exactly this--sign up as a fake user to a phpboard without a captcha in order to post their url within the profile. Even with the captcha, who knows, they may develop tools to read it.

That has existed for years. Ask anyone with a phpbb forum.

plaxo 0 Newbie Poster · 2007-06-02T15:35:51+00:00

When you guys say "email confirmation" do you mean the user will receive a confirmation email to create an account or to validate an account that has already been created?

I am a phpbb admin, and the only option I see is to enalbe tha latter.

What I need is to prevent spammers to create accounts in the first place, but I couldn't find any option that will enable such a feature.

The default image verification that comes with phpbb is useless. Can this be made more spammer prone?

plaxo

stymiee 111 He's No Good To Me Dead Team Colleague · 2007-06-02T20:48:02+00:00

There is a phpbb mod called Visual Confirmation. I've heard great things about it and plan to install it this weekend on my phpbb site.

wtwolf6 0 Newbie Poster · 2007-09-06T07:34:39+00:00

Just wanted to say these bots inject there sql code into the database with out touching the forums registration pages.
A friend had this issue and we found a perfect fix for it.
http://www.phpbb.com/community/viewtopic.php?f=15&t=375262&st=0&sk=t&sd=a

This has stopped all the registrations to his site and this should do the same for yall