| View previous topic :: View next topic |
| Author |
Message |
kunalkunal2
Joined: 13 Dec 2006
Posts: 279
Digg It |
 Posted: Sun Jul 01, 2007 12:33 am Post subject: Idea for getting rid of spam. Nice and easy. |
|
|
Since all the spammers post in the wii development section, which is the first section. Why not change it to another section like spam. Make it the first subsection, cuz all the spambots post in the first section. I think Wiili should do this. What do you say?
_________________
Check out my collection of my wii script's
freewebs.com/kunalkunal2 |
|
| Back to top |
|
 |
TiagoTiago
Joined: 20 Jan 2007
Posts: 710
Location: Brasil
Digg It |
| Posted: Sun Jul 01, 2007 4:09 am Post subject: |
|
|
what if we had captchas for account creation and posting? (real captchas, not those lame math things)
_________________
please put the scripts on the wiki so they dont get lost as new stuff is posted!
phpBB doesnt like me,somtimes it will forget to warn me about new replies to threads I asked it to,if you see a thread I should have responded, could please email me? |
|
| Back to top |
|
|
tuxido
Site Admin
Joined: 05 Nov 2006
Posts: 150
Digg It |
| Posted: Sun Jul 01, 2007 5:24 pm Post subject: |
|
|
| I'll try to improve on the anti-spam features of the board. Admins fell free to delete the post, don't just lock them. You can put the names of the spam bots on the wiki. |
|
| Back to top |
|
|
zeldafreakforever
Joined: 27 May 2007
Posts: 37
Digg It |
| Posted: Sun Nov 04, 2007 2:17 am Post subject: |
|
|
How about this MOD?
The MOD is real simple and you only edit one file so it will be included with this post for you to copy and paste so you can prevent this sort of annoyance from happening and stopping it. What the program does is add an auth encrypted signature and looks for a post that took more than 5 seconds after the posting area was generated other wise if a post was made within the 5 second time frame (faster than a human) it just shows a preview and not the actual post, so the bot never really posts and you don't ever see it.
Below is the code for both PHP-Nuke with phpBB forums and also the phpBB2 stand alone bulletin board.
| Code: | #-----[ OPEN ]------------------------------------------
#
posting.php
#
#-----[ FIND ]------------------------------------------
#
$refresh = $preview || $poll_add || $poll_edit || $poll_delete;
#
#-----[ BEFORE, ADD ]------------------------------------------
#
switch ($mode) {
case 'newtopic':
$secretkey = 'f' . $forum_id;
break;
case 'quote': // If we're quoting, we need to determine the topic ID
$sql = 'SELECT topic_id FROM ' . POSTS_TABLE . ' WHERE post_id=' . $post_id;
if (!($query = $db->sql_query($sql)))
{
message_die(GENERAL_MESSAGE, 'Could not obtain quoted topic information', '', __LINE__, __FILE__, $sql);
}
if (($row = $db->sql_fetchrow($query)))
{
$topic_id = $row['topic_id'];
}
else
{
message_die(GENERAL_MESSAGE, 'No_such_post');
}
// Fall through to 'reply' case
case 'reply':
case 'vote':
$secretkey = 't' . $topic_id;
break;
case 'editpost':
$secretkey = 'p' . $post_id;
break;
}
// Generate a signature to validate this page
$authkey = md5("nana" . $secretkey . "foofoo");
$authval = md5($HTTP_SERVER_VARS['HTTP_USER_AGENT'] . $secretkey . $HTTP_SERVER_VARS['REMOTE_ADDR']);
$timekey = md5("time" . $secretkey);
$timepad = preg_replace('/[^0-9]/', '', $HTTP_SERVER_VARS['REMOTE_ADDR']) + 0;
$timeval = time() ^ $timepad;
// Check the signature - if this is a submit which doesn't jive with the above, turn it into a preview
if ($submit && (!isset($HTTP_POST_VARS[$authkey])
|| $HTTP_POST_VARS[$authkey] != $authval
|| !isset($HTTP_POST_VARS[$timekey])
|| ($HTTP_POST_VARS[$timekey] ^ $timepad) > time() - 5))
{
$submit = false;
$preview = true;
}
#
#-----[ FIND ]------------------------------------------
#
// Generate smilies listing for page output
generate_smilies('inline', PAGE_POSTING);
#
#-----[ BEFORE, ADD ]------------------------------------------
#
// Insert our signature into the form
$hidden_form_fields .= '<input type="hidden" name="' . $authkey . '" value="' . $authval . '">';
$hidden_form_fields .= '<input type="hidden" name="' . $timekey . '" value="' . $timeval . '">';
#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------ |
_________________
Want free MS Points? http://freem1spoints.vndv.com/index.html |
|
| Back to top |
|
|
para
Joined: 20 Aug 2007
Posts: 89
Digg It |
| Posted: Sun Nov 04, 2007 3:16 pm Post subject: |
|
|
I use phpBB on my forum and it also suffered from spam bots. It's a tiny forum no one ever uses, but I used to get ~5-8 created spam accounts per week. After changing some code around I have been running it for several months without a single bot registration.
Here's what I did to fix it:
- Put a captcha on the login screen. When you register on phpBB the account is created but no cookie is set. So they are either making their own cookie somehow or someone is logging in initially then letting the bot take over. Either way this reduced spam account creations by quite a bit.
- Disallow registration if the website field of the account creation page is set. I put a big red "Do not fill this in or your account will not be created" there, but still left the field active for data entry. The bots go there, automatically fill it in, and are denied registration. Users can then go into their profile and set their website themselves after registration.
Give it a try. I have a diff file if you'd like to use it. |
|
| Back to top |
|
|
zeldafreakforever
Joined: 27 May 2007
Posts: 37
Digg It |
| Posted: Sun Nov 04, 2007 6:37 pm Post subject: |
|
|
| para wrote: | I use phpBB on my forum and it also suffered from spam bots. It's a tiny forum no one ever uses, but I used to get ~5-8 created spam accounts per week. After changing some code around I have been running it for several months without a single bot registration.
Here's what I did to fix it:
- Put a captcha on the login screen. When you register on phpBB the account is created but no cookie is set. So they are either making their own cookie somehow or someone is logging in initially then letting the bot take over. Either way this reduced spam account creations by quite a bit.
- Disallow registration if the website field of the account creation page is set. I put a big red "Do not fill this in or your account will not be created" there, but still left the field active for data entry. The bots go there, automatically fill it in, and are denied registration. Users can then go into their profile and set their website themselves after registration.
Give it a try. I have a diff file if you'd like to use it. |
Thats actually a really good idea.
_________________
Want free MS Points? http://freem1spoints.vndv.com/index.html |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
