Stopping Spam - Techniques and Strategies for 3.1.x

A simple and easy way to totally stop SPAMbots signing up
Administrator
Site Admin
Posts: 251
Joined: Tue Nov 18, 2014 11:30 am

Stopping Spam - Techniques and Strategies for 3.1.x

Post by Administrator » Thu Feb 26, 2015 11:51 am

Stopping Spam - Techniques and Strategies

Updates to common spamming software have led to severe shortcomings in the stock, image-based CAPTCHAs. The below information has been written in light of this. Do note that any and all specifics are written for phpBB 3.1.x

This topic discusses common methods for spam prevention. For a brief overview of what spam is, see the spam FAQ

  • Effective Solutions
    • At this time, the below solutions seem to be most effective when fighting spambots.
    • Q&A CAPTCHA
      For this technique to be effective, you must use simple but non-obvious question and answer combinations. For instance, "Who do you see in the mirror?" can be an effective question, while "What colour is the sky?" or "2+2 = ?" are not. These questions are particularly effective on niche forums where one can ask a question that is not immediately obvious to the general populace. Avoid simple colour or number answers. Remember, a difficult question does not always have a difficult answer.

      An example of a hard question but easy answer:-
      • Q: Hydrogen appears at what position in the periodic table ?
        A: 1
      An example of a easy question but hard answer for (say) a car marque forum:-
      • Q: What is this forum main content?
        A: Ford Mustang
    • The secret is to have a unique answer for your forum, and if/when it gets known and programmed into the SPAMbots, just change it to another unique Q&A
    • To enable the Q&A CAPTCHA, browse to Spambot countermeasures on the General tab of the Administration Control Panel (ACP), then select "Q&A" under "Installed Plugins". Select "Configure", setup your question and answer pairs, then submit the forum. Notice you may need separate Q&As for each language you use.
  • Downloadable CAPTCHA Plugins
    • The key to effective spam prevention is making your forum unique. An effective way to do this is to utilize a third-party CAPTCHA plugin. A list of validated CAPTCHA plugins (and other antispam Extensions) is available here Do note that all antispam MODs are not equally effective--you should review feedback in each item's Support area in the Customisation Database before deciding on the solution that is right for you. Any Extension from the Extensions in Development topic has not been approved, so read the topic very carefully and use at your own risk.
    • [CDB] Sortables CAPTCHA
    • [CDB] Stop Forum Spam
    • [CDB] Ban Hammer
    • [CDB] AntiSpam by Cleantalk
    • [CDB] Activation Justification
    • KeyCaptcha (Highly successful as the 3.0.x MOD and ported to 3.1.x at my request. Works extremely well although it has not been submitted for inclusion in the CDB as yet)
    Other Solutions
    • Newly Registered Users Group - This feature, which is enabled by default, allows the administrator to define a minimum post count; if a user is below this limit they will be a member of the Newly Registered Users group. Permissions may be set on this group much like any other group -- an example use is to place the Newly Registered Users group on the moderation queue for all forums. The user is automatically removed from the group when they reach the defined post amount.
    • Custom Profile Fields - There is an article in the Knowledge Base detailing utilising Custom Profile Fields as a spam deterrent. This seems to be effective against most bots.
    • Admin Activation - This is not practical on most boards, but is an excellent option on smaller, less-trafficked boards. Many spam registrations utilise Gmail addresses or .cn domains, and use a seemingly random combination of letters and numbers for their username.
  • Broken Visual CAPTCHA Plugins
    • These CAPTCHAs are included in the stock install but have been broken by spambots. They are ineffective and should not be used.

      Simple Image CAPTCHA
      Image

      GD 3D CAPTCHA
      Image

      reCAPTCHA
      Image

These steps, used individually, should work to slow or stop your spam problem. Please seek support for the EXT's listed above in their respective topic.

Administrator
Site Admin
Posts: 251
Joined: Tue Nov 18, 2014 11:30 am

Re: Stopping Spam - Techniques and Strategies for 3.1.x

Post by Administrator » Fri Feb 27, 2015 9:46 am

The BBCode for the above is here. Please feel free to use it on your own forum if you so wish.

Code: Select all

[size=150][b][color=#0000FF]Stopping Spam - Techniques and Strategies[/color][/b][/size]

[size=120]Updates to common spamming software have led to severe shortcomings in the stock, image-based CAPTCHAs. The below information has been written in light of this. Do note that any and all specifics are written for phpBB 3.1.x 

This topic discusses common methods for spam prevention. For a brief overview of what spam is, see the [url=https://www.phpbb.com/support/docs/en/3.0/kb/article/what-is-spam/]spam FAQ[/url][/size]

[list][b][size=150][color=#0000FF]   Effective Solutions[/color][/size][/b]
[list][*]At this time, the below solutions seem to be most effective when fighting spambots.
[*]Q&A CAPTCHA
         For this technique to be effective, you must use simple but non-obvious question and answer combinations. For instance, "Who do you see in the mirror?" can be an effective question, while "What colour is the sky?" or "2+2 = ?" are not. These questions are particularly effective on niche forums where one can ask a question that is not immediately obvious to the general populace. Avoid simple colour or number answers. Remember, a difficult question does not always have a difficult answer.

An example of a hard question but easy answer:-
[list]
        Q: Hydrogen appears at what position in the periodic table ?
        A: 1[/list]

An example of a easy question but hard answer for (say) a car marque forum:-
[list]Q: What is this forum main content?
A: Ford Mustang[/list][/list]

[list]The secret is to have a unique answer for your forum, and if/when it gets known and programmed into the SPAMbots, just change it to another unique Q&A[/list]

[list]To enable the Q&A CAPTCHA, browse to Spambot countermeasures on the General tab of the Administration Control Panel (ACP), then select "Q&A" under "Installed Plugins". Select "Configure", setup your question and answer pairs, then submit the forum. Notice you may need separate Q&As for each language you use.[/list][/list]
        
[list][b][color=#0000FF][size=150] Downloadable CAPTCHA Plugins[/size][/color][/b]
[list]The key to effective spam prevention is making your forum unique. An effective way to do this is to utilize a third-party CAPTCHA plugin. A list of validated CAPTCHA plugins (and other antispam Extensions) is available [url=https://www.phpbb.com/community/viewforum.php?f=451]here[/url] Do note that all antispam MODs are not equally effective--you should review feedback in each item's Support area in the Customisation Database before deciding on the solution that is right for you. Any Extension from the [url=https://www.phpbb.com/community/viewforum.php?f=456]Extensions in Development[/url] topic has not been approved, so read the topic very carefully and use at your own risk.

[*][url=https://www.phpbb.com/customise/db/extension/sortables_captcha/][CDB] Sortables CAPTCHA[/url]
[*][url=https://www.phpbb.com/customise/db/extension/phpbb_3.1_stop_forum_spam/][CDB] Stop Forum Spam[/url]
[*][url=https://www.phpbb.com/customise/db/extension/ban_hammer_2/][CDB] Ban Hammer[/url]
[*][url=https://www.phpbb.com/customise/db/extension/antispam_by_cleantalk/][CDB] AntiSpam by Cleantalk[/url]
[*][url=https://www.phpbb.com/customise/db/extension/phpbb_3.1_activation_justification/][CDB] Activation Justification[/url]
[*][url=http://keycaptcha.com]KeyCaptcha[/url] (Highly successful as the 3.0.x MOD and ported to 3.1.x at my request. Works extremely well although it has not been submitted for inclusion in the CDB as yet)[/list]

[b][size=150][color=#0000FF]Other Solutions[/color][/size][/b]
[list][*]Newly Registered Users Group - This feature, which is enabled by default, allows the administrator to define a minimum post count; if a user is below this limit they will be a member of the Newly Registered Users group. Permissions may be set on this group much like any other group -- an example use is to place the Newly Registered Users group on the moderation queue for all forums. The user is automatically removed from the group when they reach the defined post amount.
[*]Custom Profile Fields - There is an article in the Knowledge Base detailing utilising Custom Profile Fields as a spam deterrent. This seems to be effective against most bots.
[*]Admin Activation - This is not practical on most boards, but is an excellent option on smaller, less-trafficked boards. Many spam registrations utilise Gmail addresses or .cn domains, and use a seemingly random combination of letters and numbers for their username.[/list]  [/list]


[list][b][size=150][color=#0000FF]Broken Visual CAPTCHA Plugins[/color][/size][/b]
[list]These CAPTCHAs are included in the stock install but have been broken by spambots. They are ineffective and should not be used.

Simple Image CAPTCHA 
[img]http://s19.postimg.org/vq6famppf/screenshot_801.jpg[/img]

GD CAPTCHA
[img]http://s19.postimg.org/d822qe7xf/screenshot_799.jpg[/img]

GD 3D CAPTCHA
[img]http://s19.postimg.org/6vmxgk4v7/screenshot_800.jpg[/img]

reCAPTCHA
[img]http://s19.postimg.org/cmd3uacv7/screenshot_802.jpg[/img][/list]  [/list]


These steps, used individually, should work to slow or stop your spam problem. Please seek support for the EXT's listed above in their respective topic.

Administrator
Site Admin
Posts: 251
Joined: Tue Nov 18, 2014 11:30 am

Re: Stopping Spam - Techniques and Strategies for 3.1.x

Post by Administrator » Thu Apr 23, 2015 11:14 am

Updated 23-04-15

Administrator
Site Admin
Posts: 251
Joined: Tue Nov 18, 2014 11:30 am

Re: Stopping Spam - Techniques and Strategies for 3.1.x

Post by Administrator » Wed Jun 03, 2015 3:03 pm

Updated 03-06-15

Administrator
Site Admin
Posts: 251
Joined: Tue Nov 18, 2014 11:30 am

Re: Stopping Spam - Techniques and Strategies for 3.1.x

Post by Administrator » Sat Aug 06, 2016 6:05 pm

Updated 06-08-16