Forums

Unfortunately no one can be told what FluxBB is - you have to see it for yourself.

You are not logged in.

#1 2013-01-18 19:37:21

Studio384
Developer
From: Belgium
Registered: 2012-04-11
Posts: 633
Website

Do something against those spambots!

Today, someone posted a post on the FluxBB Benelux community and asked me to translate it and post it on FluxBB.org. This is the translation (free translated):

Fisher wrote:

Do something against those spambots! I've a FluxBB forum and I'm very happy with it but I've so much trouble with spambots, and I'm not the only one with this problems. I know you guys are doing something about it in FluxBB 2, but before FluxBB 2 will be released, there is a lot of time between now and then! I know there are some plugins to prevent spambots, but because it's not out-of-the-box, it gives FluxBB a pretty bad reputation.

So: please, integrate one of those plugins into FluxBB so those problems are finally solved! Please develop a FluxBB 1.6 and do something about it. I know FluxBBs vision is to deliver only what's necessary for a forum, but right now, FluxBB need really something against spambots!

And actually, he's right. We should do something against those spambots on FluxBB installations (Franz!). I know that we're concentrating more on FluxBB 2, but he is right about the fact that FluxBB gets a bad reputation with this problem. So, we should concider a change of plans, even if just one developer works on this feature, and it doesn't need to be a new system, we could use simply a modification and integrate it into the core.


FluxBB Community Benelux - ModernBB 3.4
Profile Plus: A new FluxBB profile interface

Offline

#2 2013-01-18 19:58:52

123
Member
From: Poland
Registered: 2012-07-24
Posts: 289

Re: Do something against those spambots!

Choice question, for example, in which country produces everything? Answer China

But it helps to have these bots, other modifications do not give anything.
Best if the questions were few, random. Really there is a problem with bots and it's huge. So an average of 10 a day catching FluxBB spambots.


https://github.com/123s   My profile in github
tytan theme is great
Ach, lekceważyłaś wolę króla
a w nocy naszego spotkania, śmiałaś się do łez

Offline

#3 2013-01-18 20:05:13

mitchellm
Member
Registered: 2012-12-15
Posts: 30

Re: Do something against those spambots!

As a user of FluxBB, I would love it if more spambot protection were built into the regular installation.

I realize there are spambot mods available, and I've taken advantage of a couple. But it seems those mods that are most effective also seem to require about 200 steps to install them correctly. (I'm exaggerating, but you get what I mean.)

I am a relative novice to installing forums, nor is it my job to be a coder. For me the beauty of FluxBB is that it's light, fast, and simple to install. Adding spambot protection that comes with the standard install (before version 2.0) would be a very welcome step.

Last edited by mitchellm (2013-01-18 20:06:07)

Offline

#4 2013-01-18 20:14:47

123
Member
From: Poland
Registered: 2012-07-24
Posts: 289

Re: Do something against those spambots!

Violate spambots online communication, and that communication is the idea of FluxBB, you need to once and for all get rid of the trash, I would suggest for now integrate FluxBB installation package against spambotom one modification. A FluxBB 2 solve it in the FluxBB.


https://github.com/123s   My profile in github
tytan theme is great
Ach, lekceważyłaś wolę króla
a w nocy naszego spotkania, śmiałaś się do łez

Offline

#5 2013-01-18 22:34:52

Studio384
Developer
From: Belgium
Registered: 2012-04-11
Posts: 633
Website

Re: Do something against those spambots!

That's the point of this discussion, integrate a simpel modification in the core for protection against spambots. smile And I agree whit this idea. And actually, I hope Franz does to, because it's getting worser every day, and that damaged FluxBBs reputation.

Last edited by Studio384 (2013-01-18 22:35:12)


FluxBB Community Benelux - ModernBB 3.4
Profile Plus: A new FluxBB profile interface

Offline

#6 2013-01-18 22:50:10

sklerder
Member
From: Brittany
Registered: 2012-11-06
Posts: 116
Website

Re: Do something against those spambots!

Hi !

The probleme if this anti-spam protection becomes "standard" is that the robots will "learn" how to bypass it ...
And the problem will come again, and again, and again sad

With SpamBarrier, I tried to limit this problem by having a customizable HoneyPot field name, but it can be bypassed too hmm
Other solutions may exist, but will there be a real good solution one day ?

Offline

#7 2013-01-18 23:00:19

Studio384
Developer
From: Belgium
Registered: 2012-04-11
Posts: 633
Website

Re: Do something against those spambots!

sklerder wrote:

Hi !

The probleme if this anti-spam protection becomes "standard" is that the robots will "learn" how to bypass it ...
And the problem will come again, and again, and again sad

With SpamBarrier, I tried to limit this problem by having a customizable HoneyPot field name, but it can be bypassed too hmm
Other solutions may exist, but will there be a real good solution one day ?

Yes, hoping that big companies like Microsoft succeed in taking down the largest botnets in this world and hope that the botnet that spams on FluxBB forums is one of it. Anyway, passing an anti-bot registration isn't that easy when it's variable, so it changes every time so the bot can't "learn" from it. Actually, I don't think the bot that cause all the problems on FluxBB installations will ever learn to pass it.


FluxBB Community Benelux - ModernBB 3.4
Profile Plus: A new FluxBB profile interface

Offline

#8 2013-01-19 09:18:25

123
Member
From: Poland
Registered: 2012-07-24
Posts: 289

Re: Do something against those spambots!


https://github.com/123s   My profile in github
tytan theme is great
Ach, lekceważyłaś wolę króla
a w nocy naszego spotkania, śmiałaś się do łez

Offline

#9 2013-01-19 10:12:58

Pierre
Member
From: Germany/Bonn
Registered: 2010-05-20
Posts: 49
Website

Re: Do something against those spambots!

We use a very simple spam barrier for a long time. It let's you define several questions which possible several answers each. It can store a successful answer in a cookie so users don#t have to answer it more than once a day. It also works with guest posting enabled.

It's just one file and a small patch that has to be applied:
https://projects.archlinux.org/vhosts/b … estion.php
https://projects.archlinux.org/vhosts/b … tion.patch

I think I asked for inclusion once, but it was rejected. Maybe I'll try again :-)

Offline

#10 2013-01-22 17:31:40

Franz
Lead developer
From: Germany
Registered: 2008-05-13
Posts: 5,730
Website

Re: Do something against those spambots!

I am against large changes in the 1.5 branch. I'm open for small and easy-to-do improvements that help almost all of our users.

That is exactly the problem with anti-spam measures. Default protections are easy to get around, and not everybody's situation is the same.

That being said, I definitely want to improve our anti-spam measures. So, let's get concrete. Post some ideas and discuss them.

First suggestion: a honeypot field and automatically-changing field names for the register page.


fluxbb.de | develoPHP

"As code is more often read than written it's really important to write clean code."

Offline

#11 2013-01-22 17:45:00

Pierre
Member
From: Germany/Bonn
Registered: 2010-05-20
Posts: 49
Website

Re: Do something against those spambots!

The patch I proposed is really simple and could be integrated with some minor adjustments.

A honeypot field or random input names wont really help a lot. In my experience custom captcha questions are best.

Offline

#12 2013-01-22 22:39:18

sklerder
Member
From: Brittany
Registered: 2012-11-06
Posts: 116
Website

Re: Do something against those spambots!

Hello !

Pierre wrote:

In my experience custom captcha questions are best.

Xrumer, one of the most efficient BlackHat automated tools, is able to decrypt  CAPTCHA's (at least most of them) ...

Franz wrote:

First suggestion: a honeypot field and automatically-changing field names for the register page.

+1 smile

It's, IMHO, the most simple and successfull way to protect against automated registrations.
"Manual" spammers will success to bypass this protection, but how many percent does it represent ?

If the registrations fields are randomly named, most of automated registrations will fail.
But somme "good" spammers will be able to retrieve theses random names and script the attack hmm

When I look at the attempts on my (little) forum, I'm not sure they are so numerous smile

Offline

#13 2013-01-23 17:14:29

quy
Developer
From: California
Registered: 2008-05-09
Posts: 845

Re: Do something against those spambots!

Franz wrote:

...automatically-changing field names for the register page.

I assume some bots are smart enough to populate the form according to form index order. The 1st field is always username whether its field name is req_user or xpzaLffG; 2nd field is req_email1 and so on. Changing field names will not be as effective unless the field order is randomized also.

Last edited by quy (2013-01-23 17:19:38)

Offline

#14 2013-01-23 18:35:49

seven
Member
From: Torino, Italy
Registered: 2010-08-19
Posts: 159
Website

Re: Do something against those spambots!

Randomizing field orders is easy to do via CSS rules to be inserted in the generated page.

I'm favourable to the honeypot approach with randomized username/email/password fields mixed with honeypots.

Custom captchas are great, but they tend to be tailored to the target forum audience: arch linux forum captcha is marvellous, but it's a windows barrier rather than a spam barrier (maybe that's the same) smile

Another nice-to-have plugin would be a geoip-barrier, but that's easily done in the webserver config...


gamezoo.org - serious gaming services for serious gamers.

Offline

Board footer

Powered by FluxBB 1.5.6