Testing Today 1/5/07

New to the board and want to practice? Do it here. Find a bug in the forum, report it here.

Moderator: Tuna Cowboy

Testing Today 1/5/07

Postby poopShotgun » Fri Jan 05, 2007 2:30 pm

I'm getting sick of deleting spam users, so I am taking additional steps today.

Some testing will take place and your profile page may look a little wierd (especially if you edit it) or you may not be able to register. This should hopefully only be for short periods of time, so try again in a few minutes (I'll revert the file if it doesn't work...)

All of this coding and modification will probably take no longer than two or three hours and you will probably not notice it. If you do, rest assured that backups have been made and the forum will continue to work.

Thanks for your patience.

Description of Modifications (for those interested...)
I am planning on adding a question to the registration page that will do nothing but look for a response. Something like "Please enter your age." The variable that holds the question data will be named randomly and I may change it if it becomes compromised. The idea is that a spambot will attempt to fill in the correct information and then register automatically. Without filling out my question, which cannot be filled out via script until the variable name is compromised, the registration is stopped. A human will answer the question and be allowed to register.

If this does not stop the flood of spam users that we are still experiencing (even if their crap never makes it too the board...) then we know that some asshole in Nigeria or Brazil is paying fools to attack phpBB forums.

If this does work, I will make attempts to randomize the variable name each time the page is loaded. That way I don't have to edit the files every month or so.

These kind of things will never stop human spammers, but we've already made tremendous steps towards a scripted-spam-free board. Once the scripts are dealt with, behavior will reveal the others.
Splash me on in the morning and wear the great smell of me all day long.
User avatar
poopShotgun
 
Posts: 1601
Joined: Fri Apr 28, 2006 7:13 am
Location: Under the evil influence of Uranus

Postby Cevin » Fri Jan 05, 2007 3:34 pm

How about one of those weird "enter the numbers and letters above in the box below" thingies? Know what I am talking about? The characters are in some kind of picture all wavey.
User avatar
Cevin
 
Posts: 941
Joined: Wed Apr 26, 2006 8:21 am
Location: Unknown

Postby poopShotgun » Fri Jan 05, 2007 3:39 pm

A CAPTCHA dialogue? We already have one of those and it's obviously compromised. I am adding an additional required question. In fact, I just finished and tested it, anybody else want to give it a try? It just asks your age under the CAPTCHA box, but it doesn't care what you enter.

If you don't enter it, registration fails with an error. Hopefully this will stop more of the spam scripts; The weekend is coming up , so we'll see.

EDIT: Working perfectly. I even have an emailer set up so I can track how much we've stopped with the script. More on this Monday. Thanks again for your patience.
Splash me on in the morning and wear the great smell of me all day long.
User avatar
poopShotgun
 
Posts: 1601
Joined: Fri Apr 28, 2006 7:13 am
Location: Under the evil influence of Uranus

Postby Cevin » Fri Jan 05, 2007 6:56 pm

You rock J!
User avatar
Cevin
 
Posts: 941
Joined: Wed Apr 26, 2006 8:21 am
Location: Unknown

Postby poopShotgun » Sun Jan 07, 2007 10:02 am

In the 48 hours or so since the change, it's stopped 57 attempted spam registrations. No spam users have had to be deleted.

I'll change the code every so often and hopefully (keep fingers crossed) we'll never have spam again.
Splash me on in the morning and wear the great smell of me all day long.
User avatar
poopShotgun
 
Posts: 1601
Joined: Fri Apr 28, 2006 7:13 am
Location: Under the evil influence of Uranus


Return to Test Messages and Forum Updates

Who is online

Users browsing this forum: No registered users and 2 guests

cron