Forum spam, bots reading captcha's?

warren-the-ape · Posted: Sat Jul 11, 2009 9:20 am

Ey guys, I thought this wouldn't happen at my site but it happened anyway, well better late than never I guess Rolling Eyes

Running php-nuke 7.9 (patched) with nukesentinel here.

In the past we already experienced some spam, mainly in the article/news comments but never in the forum (bb2nuke 2.0.23), and not something that continued for 2 days.

It started yesterday with a couple of bots signing up, activating their account and spamming the forum with all kinds of crap.

The bots are from all over the place, UK, India, Russia etc. and also the spam varies a lot.
Atm I'm just deleting the posts and accounts in the hope that it will stop at some point Wink

I already found;

Only registered users can see links on this board!
Get registered or login to the forums!

Which pointed me to a phpbb mod

Only registered users can see links on this board!
Get registered or login to the forums!

Thing is, they don't sign-up through the phpbb register process but the standard php-nuke register page, so.. nice mod but not very helpful I guess.

If I look in my logs I see they access the registration page;

Code:

www.website.com/modules.php?name=Your_Account&op=new_user

And then request the captcha pic;

Code:

http://www.website.com/modules.php?gfx=gfx&random_num=712887

So I guess they read it out with some sort of OCR software?

I also thought about installing the Approve Membership module. Thing is that I made quite some changes to various files included. Why can't those guys just supply the hacks needed just like the phpbb mods out there Cool

Is there anything I can do about this? I red something about adding a 'yes' 'no' checkbox to the registration process to see if it's a bot or not.

"Are you a bot" [yes] [no] - not sure if that will help at all?

I'm kinda at a loss here as you may have noticed Wink

Guardian2003 · Posted: Sat Jul 11, 2009 11:39 am

This is a known problem with all phpNuke versions, which is why we switched for a different CAPTCHA system in RavenNuke (tm).
They are not so much reading the CAPTCHA as forcing their own value.
If you can't or won't migrate to RavenNuke(tm), it should not be too hard to modify the registration page to add another form value.
I don't remember off-hand but I think the function new_user you could add a textarea input and ask the user to type in a specific word or a checkbox or radio button.

And then which ever function deals with processing the (confirmUser?) add something like

Code:

if(!$_POST['inputname'] = $value;
redirect

warren-the-ape · Posted: Sat Jul 11, 2009 3:08 pm

Thnx for your reply Guardian, but wow forcing their own captcha's, didn't know that was possible?

Anyway, I just wondered if there were more solutions to battle this problem. I'm not even sure an extra check box in the registration process would work?

I believe there was a topic from Dad137(?) asking for a similar IP check tool. It would be great to have something like this built-in into NS for example.
Pretty much all those IP's are flagged over at

Only registered users can see links on this board!
Get registered or login to the forums!

But wasn't it you Guardian who built a similar tool but shut it down cause nobody would submit new spammers?

I see if I can fiddle around with the registration fields although my php knowledge is nowhere near my html/css knowledge. Understanding yes but building from scratch is perhaps a bridge too far Wink

montego · Posted: Sat Jul 11, 2009 4:46 pm

The problem is that we're very much focused on producing a high quality CMS rather than trying to patch older *nukes. We keep improving upon RN all the time and if you are not using it, you can't benefit from those efforts. Sure wish you would consider migrating.

However, some type of spam stopper capability within NS might not be a bad idea. Another tool in the tool chest.

slackervaara · Worker Joined: Aug 26, 2007 Posts: 234

I have used bbantispam or Advanced Textual Confirmation for two years now and I have not had a single spam, despite guests are allowed to post in the forum. Easy to install and if the installation code is put in config.php all spam in PHP-Nuke is stopped effectively.

Only registered users can see links on this board!
Get registered or login to the forums!

Guardian2003 · Posted: Sat Jul 11, 2009 11:34 pm

Just remember, stopping automated registrations and stopping spam should be seen as two different efforts. phpNuke and older versions of phpBB were notoriously vulnerable to automated registrations so stopping that with a simple form modification would give you most bang for the buck.
Human nature being what it is, people don't want to spend time on one site just to post spam, so stopping automated processes will cut spam by 90 odd %

If you wanted to be really devious, you could actually change one of the input field names and then on the processing of the form, if the renamed input field has a value because it was filled by a bot, you could sent them to NS Smile

I use a similar technique in robots.txt to send spider/bots that don't adhere to my robots.txt instructions to oblivion.

montego · Posted: Sun Jul 12, 2009 8:07 am

G, that is a very interesting idea!

warren-the-ape · Posted: Sun Jul 12, 2009 2:19 pm

slackervaara wrote:

I have used bbantispam or Advanced Textual Confirmation for two years now and I have not had a single spam, despite guests are allowed to post in the forum. Easy to install and if the installation code is put in config.php all spam in PHP-Nuke is stopped effectively.

Only registered users can see links on this board!
Get registered or login to the forums!

That's looking very nice and simple Slacker, thnx for the link! I will certainly give this a try. This would actually be very similar to an extra/hidden "are you a bot" checkbox in the registration process.

@ Guardian
The mod described by Slackervaara will actually stop spam from the root > the registration form.

@ Montego
Yeah yeah I know, you don't have to repeat it for me Wink

I'm well aware that you guys are abandoning the old nuke versions more and more, but I guess that even RN is not completely spam free. Atm I don't have the time and energy to migrate since i have a lot of other stuff going on, the cms is running ok (apart from the spam bots since yesterday), and I made quite a lot of custom changes.