Forum under attack

Pixel · 13 May 2006 at 04:11

I've got a little forum that I've been running for a while, but recently it's come under attack by spambots. My forum has obtained a failry decent Google Pagerank recently which is probably why it's caught the eye of these spammers.

What happens is this:
- New member will register with a name like "fjnoizsofo9899"
- In their profile there will be a link to some porn or "meds" site
- Their signup email will almost always be Russian (.ru)
- If the account is left for a few days, it'll start making spam threads

I've enabled visual confirmation to register (enter a code shown in picture) but it's had no effect whatsoever. I've also enabled admin confirmation of new registrations, but it's making it a real chore having to sift through new signups all the time.

So I'm stuck, these guys don't seem to be stopping anytime soon, and it seems like there's nothing I can do about it. Do any of you know any way I can stop this at all?

I'm using phpBB, latest version.

JPL · 13 May 2006 at 05:48

It seems that the registration bots work by going directly to the submission of the form information, bypassing the various agreement screens by simply setting "agreed=true". As luck would have it web form variables are case sensitive so changing all occurences of the variable 'agreed' to contain some or all upper case letters, ie 'AGReed' will defeat the current crop of registration bots.

There are 3 files that need to be changed,

admin/admin_users.php
includes/usercp_avatar.php
includes/usercp_register.php

I simply opened each file with Notepad and did a search for agreed and replaced it with my choice of words.

Any registrations that go through the proper pages will be fine but registrations that try to bypass parts of the registration process will fail.

I think there is also a mod about that bans the IP address of attempted registrations that do not go through the correct procedure but I have not tried it yet.

This was info passed on to me by someone that visits my board and it has stopped the registration bots that used to plague my board

Hope it is of use to you.

regards
J-P

Pixel · 14 May 2006 at 01:41

JPL said:
It seems that the registration bots work by going directly to the submission of the form information, bypassing the various agreement screens by simply setting "agreed=true". As luck would have it web form variables are case sensitive so changing all occurences of the variable 'agreed' to contain some or all upper case letters, ie 'AGReed' will defeat the current crop of registration bots.

There are 3 files that need to be changed,

admin/admin_users.php
includes/usercp_avatar.php
includes/usercp_register.php

I simply opened each file with Notepad and did a search for agreed and replaced it with my choice of words.

Any registrations that go through the proper pages will be fine but registrations that try to bypass parts of the registration process will fail.

I think there is also a mod about that bans the IP address of attempted registrations that do not go through the correct procedure but I have not tried it yet.

This was info passed on to me by someone that visits my board and it has stopped the registration bots that used to plague my board

Hope it is of use to you.

regards
J-P

Thanks, I'm going to try this now.

Pixel · 14 May 2006 at 01:57

I've implemented those changes, just changed the first 3 letters of "agreed" to upper-case in the files you listed. Standard registration still works perfectly.

I guess I won't know if it's worked for sure for a couple of days, I tend to get at least 1 spambot signup per day. I'll let you know.

Thanks again for your help.