Page 2 of 5 FirstFirst 1234 ... LastLast
Results 11 to 20 of 46

Thread: Need to have some better security on the forums

  1. #11

    Default

    Added "Android" and "converter" to the list of checks that will flag a post for the moderation queue if the user's post count is less than three, that should cut out lots of this spam lately.

  2. #12
    Join Date
    Nov 2008
    Posts
    787

    Default

    There's three kinds of attacks:

    1) automated broad-scale attacks against random vbulletin boards found via google
    2) specialized attacks specifically crafted for a certain forum
    3) humans paid to manually register and spam

    Type 1 attacks are easily defeated by changing the registration form in ways the bots don't expect. We've reduced the bots in a phpBB board with a few simple tricks:
    - changed the URL of the registration form, most bots don't even find it any more. Disallowing the registration form in robots.txt seems to help, too.
    - we made the "username" field invisible (via css). If anyone submits a non-empty "username", it's a bot.
    - we added a field "actual_username" that's displayed instead. If anyone submits an empty actual_username, it's a bot.

    It's as effective as a custom captcha but not as annoying.


    Custom registration forms can be defeated by hand-crafting attacks to the specifics of the board (attacks of type 2), but usually nobody will bother. Our 100k-person board should be more attractive for such things, but it hasn't happened yet.


    The best automation against Type 3) are badword-filters, disabling links in the first x posts or adding new threads of recently-registered to the moderator-queue.
    Last edited by rohcQaH; 01-15-2010 at 10:05 AM.

  3. #13
    Join Date
    May 2007
    Location
    Third Rock from the Sun
    Posts
    6,587

  4. #14
    Join Date
    Sep 2007
    Location
    Connecticut,USA
    Posts
    985

    Default

    Quote Originally Posted by deanjo View Post
    Well there are some trends if you look at the spams,

    1) they always start a new thread on their initial spam, make it so that creating a new thread on the first posts from a new user can't be put up until reviewed

    2) since these are mostly bot signups have the signup process not accept a signup when the form is "instantly" filled from their macro's, etc. Usually with their signups are filled in all in one shot, something a human couldn't really do. Restrict it to the signup process has to take at least a minimum time such as 10 seconds.

    There are other ways as well to minimize the effect, they just have to be put in place.
    There's mods and patches for vbulletin for thwarting spammers cold.

    Also disabling signatures and avatars for new people till they reach a certain number of posts also helps too, as some spammers use signatures filled with links to badware

    Quote Originally Posted by Michael View Post
    Added "Android" and "converter" to the list of checks that will flag a post for the moderation queue if the user's post count is less than three, that should cut out lots of this spam lately.
    as other "spam words" pop up add them to the checklist too.

    @Michael, spammers will always try to get around whatever you throw at them, so its pretty much a must to keep devising new ways to keep on top of the spammers.

    Quote Originally Posted by L33F3R View Post
    oh man. poor Qaridarium would be trying for hours and hours.
    LOL!

    But Q's not really a spammer though, despite how badly worded his posts are.
    Last edited by DeepDayze; 01-20-2010 at 12:44 AM.

  5. #15
    Join Date
    May 2007
    Location
    Third Rock from the Sun
    Posts
    6,587

  6. #16

    Default

    Going to be upgrading vBulletin today or tomorrow to hopefully take care of some of this recent spamming...

  7. #17
    Join Date
    May 2007
    Location
    Third Rock from the Sun
    Posts
    6,587

    Default

    Quote Originally Posted by Michael View Post
    Going to be upgrading vBulletin today or tomorrow to hopefully take care of some of this recent spamming...
    Good to hear, missed one.

    http://www.phoronix.com/forums/showt...551#post108551

  8. #18
    Join Date
    May 2007
    Location
    Third Rock from the Sun
    Posts
    6,587

  9. #19
    Join Date
    Aug 2006
    Posts
    158

  10. #20
    Join Date
    May 2007
    Location
    Third Rock from the Sun
    Posts
    6,587

    Default

    Need some Kraft dinner with all this spam.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •