PHP Help

[Yukiko]

I have to confess that PHP code confuses me and I need help with my forums.

I am getting fed up with 'bot spammers' that create accounts, confirm them and then post messages or any of the above on my forums. Actually when it happens on any forums is irritates me.

Is there any way that the PHPBB code can be made 'bot resistant'?

I am currently using the standard PHPBB install with visual confirmation enabled.

My thoughts were that prospective registrants would have to certify that they are human when they get sent to the activation link in the email by entering a codeword or perhaps a field that moves to random locations in the list of user data that is entered at registration time that requires them to enter the codeword "human".

I realize that eventually these fixes too will become subverted by bots but maybe there's a way that we can define the codeword that needs to be entered and thus twart the efforts somewhat.

I am so tired of the "cheap drug barely legal teen male organ enlargement win free gamestation cheap mortgage male lesbians in drag" crap that gets posted on BBSes.

Can anyone help me and everyone else who has this problem?

Thanks in advance.

[OldnGrey]

Yep, we've just done a phpbbs upgrade and still the bots get accounts although nowhere near as many.

I heard that verification by pictures rather than 'identify a character in a bitmap' is a better way to go. I will ask my partner who is rapidly running out of hair.

[Barbeirosa]

One way to avoid bots is not to use an 'off-the-shelf' forum software but instead make something yourself or use something less well known.

[Yukiko]

Thanks O&G. I appreciate it.

Barb, the one thing I like about PHPBBS is its ease of installation and configurability. If I knew how the bots were actually gaining access that might help fix the issue. I'd rather not use any other BBS software. There has to be some way to prevent the bots from invading.

As for writing my own...
*laughs*
my brain has just about reached its capacity for knowledge and besides that I am a one person show here with my shard. I don't have time to write a BBS.

[tekproxy]

These bots are poorly programed and will probably fail if small things are changed.

It may be trivial to modify or replace random image generation mechanism or you can do a ~10 line mod and change a few field names used for registration. Details:
http://www.phpbb-seo.com/boards/phpbb-forum/discussions-vt252.html

There's a lot of discussion already out there with people that know more.

[Yukiko]

Thanks Tek.

It appears that that technique works for t6hem so I'll give it a shot.

[Danielle]

The current trend is to use pictures and have the users identify the object in the picture. This is exceedingly difficult for a "bot" to accomplish but a simple task for a human being. It's also not widely used yet, so even if a bot could be created to break it, it wouldn't happen in the near future.

You must however ensure that the pictures are random, not just in content, but in size. Meaning you have a picture of a red ball.. but that picture has a distinct file size. It could thus be identified to some degree of accuracy by a bot based just on the filesize of the image. You must then ensure that not only is the object shown random, but the size of the file is also random. This can be accomplished with a little random editing of the image with PHP/GDI.. similar to how the text-based CAPTCHA images are generated. The goal here though is just to randomize the size, rather than obscure the image.

[Yukiko]

Wouldn't having all image files the same size be the way to go? That way the bot wouldn't know which one was which image.

Anyway, I am currently testing the method mentioned on the forums referrenced by Tek above.

However if anyone wants to create some other bot twarting techniques I, and I am sure many others, would be grateful.

[Danielle]

[Yukiko]

OK.

I am not sure how the images are generated for the current visualization system so I leave this whole idea to those who know better than me.

I just hope that someone who knows PHP will help out with this problem.

[tekproxy]

You could get about 20 pictures of random objects and resize them to the same size using a good program like adobe photoshop, and then serve one up randomly during registration and resize it on the fly +-10-20 pixels.

[Yukiko]

Sounds good to me. Anyone who knows PHP would like the job of helping us out is welcome to take up the mantle.
*smiles*

[MuadDib]

Yukiko, that antispam code, got CWO Banned. THe reason is, the variable it replaces and checks for to ban, is required by the avatar and other various systems that use forms. Reason being, it is also used due to it matching a table field's name. lmao. Removed the ban part from avatar code it had change.

[Yukiko]

You mean the anti-spam code that Tek referred me to or the info you sent me? I am still only using the info that Tek sent me to. Have not implemented your stuff yet Maud.

So far the only issue I have on my boards is that I am having to log in twice to get fully logged in. This is the same for all members. It shows you logged in at the bottom of the forum main but you don't get full access to the forums until you log in a second time. I have tried to figure out what's wrong but haven't yet. I am thinking about just going back to a virgin install and manually berfing the spammers.

[tekproxy]

My forums did that for a while, but only with Opera and not every time. Have you upgraded to the newest version? That may fix it. After a lot of mess with PHPBB2, no offense to the devs, it's open source and free, I switched to another forum and never looked back.