Wednesday, November 10. 2004
PHPBB Member List Link Spam
Comments
Display comments as
(Linear | Threaded)
Yeah, I've just been having this exact same problem lately. Luckily a google search brought me here and pointed me to the solution. Thanks!
Yeah, I also found this with Google. I am having the same issues as the Author. When I was using Dragonfly CMS (which includes phpBB 2x) I didn't have this problem.
PHPBB Spam, I know how to block it
See http://www.phpbb.com/phpBB/viewtopic.php?t=239128">http://www.phpbb.com/phpBB/viewtopic.php?t=239128
See http://www.phpbb.com/phpBB/viewtopic.php?t=239128">http://www.phpbb.com/phpBB/viewtopic.php?t=239128
I like my solution better since it prevents the bogus account from getting created in the first place. But if the spammers figure out how to bypass my extra form field, then the method you linked to might be handy.
Thanks for the code, I was looking at some much more difficult fixes! Hope this works... Thank again
Unfortunately I've found that it's getting less effective. Some spammers have figured out how to include the extra data field. Turning on the Captcha added in a recent update of PHPBB seems to have helped, but I still get one or two bogus accounts every week. Perhaps these guys are so desperate that they will create an account manually?
At this point I'm considering removing the memberlist from the public entirely and also not storing any member website data. It's really not that important for my online community.
At this point I'm considering removing the memberlist from the public entirely and also not storing any member website data. It's really not that important for my online community.
Thanks for the tip. Your solution inspired me and I created a similar approach. I've set up the board where I was having a problem with link spam such that the user's website URL isn't shown on the Memberlist page unless that user has actually posted something. This way, I am back to only needing to moderate posts rather than watching the member list as well. I added the following to "memberlist.php" immediately after $www and $www_img are defined (line 206 in phpBB 2.0.17):
/////////////////////////////////////////////////////////////////////
//
// Begin mod to discourage link spam by not showing website URL for
// users unless they have made some posts.
//
if ($row['user_posts'] <= 0) {
$www = '';
$www_img = '';
}
//
// End mod
//
/////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////
//
// Begin mod to discourage link spam by not showing website URL for
// users unless they have made some posts.
//
if ($row['user_posts'] <= 0) {
$www = '';
$www_img = '';
}
//
// End mod
//
/////////////////////////////////////////////////////////////////////
Correction: that ampersand-l-t-semicolon in my code should just be a less than sign. The preview only worked when I entered it as the HTML character entity, but I guess it gets displayed differently when the post is made. Sorry for the confusion.
Thanks for the comment...this blog software is odd about how it parses comments, and I couldn't figure a quick way to fix the less-than-sign, so I'll leave it as-is for now. 
I just discovered today that the user's URL gets displayed on more than just the member list page. If you click on the user's name in the member list page, you are taken to their profile which also shows their URL. So, my previous post won't necessarily discourage link spam if the offenders know about this. To remedy this situation, I have now applied the same requirements to my user profile pages so that the URL is only shown when the user has actually made a post. Please note that if the code below contains the character ampersand-l-t-semicolon, you should replace that with a less than sign (this is a result of the way the blogging software works - see above). You can apply this additional patch to usercp_viewprofile.php immediately before $www_img and $www are set (line 142 in phpBB 2.0.17):
/////////////////////////////////////////////////////////////////////
//
// Begin mod to discourage link spam by not showing website URL for
// users unless they have made some posts.
//
if ($profiledata['user_posts'] <= 0) {
$profiledata['user_website'] = "";
}
//
// End mod
//
/////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////
//
// Begin mod to discourage link spam by not showing website URL for
// users unless they have made some posts.
//
if ($profiledata['user_posts'] <= 0) {
$profiledata['user_website'] = "";
}
//
// End mod
//
/////////////////////////////////////////////////////////////////////
A useful service for phpBB owners: know the risk of your forum being spammed.
http://www.phpbb-security.com/check.php
http://www.phpbb-security.com/check.php
Recently I released a MOD named "Textual Confirmation" (wtill waiting for approval for the phpBB MOD database).
Textual Confirmation (TC) asks newly registering user a question. If the answer is wrong, TC rejects the registration. Also, TC notifies the forum admin and the community spam database. The administrator can edit the questions and answers in the Administration Panel.
Here is a thread on phpbb.con about TC, with my explanation why I developed it and with feedback:
http://www.phpbb.com/phpBB/viewtopic.php?t=463860
Textual Confirmation (TC) asks newly registering user a question. If the answer is wrong, TC rejects the registration. Also, TC notifies the forum admin and the community spam database. The administrator can edit the questions and answers in the Administration Panel.
Here is a thread on phpbb.con about TC, with my explanation why I developed it and with feedback:
http://www.phpbb.com/phpBB/viewtopic.php?t=463860
I recently wrote my own text confirmation for my board. It's not as sophisticated as yours, but hopefully it will work.
#1 on Google is pretty cool. Expect a spammer attack here anytime 
Here comes another spam link. I'm working on putting together a phpBB-specific anti-spam resource:
http://wiki.phpbb.cc/Spam
Feel free to contribute.
Here comes another spam link. I'm working on putting together a phpBB-specific anti-spam resource:
http://wiki.phpbb.cc/Spam
Feel free to contribute.
Definitive Guide to phpBB Spam Control >
http://russell.ekushey.com/journal/index.php?itemid=93
Try it out!
http://russell.ekushey.com/journal/index.php?itemid=93
Try it out!
This is a link to the most effective phpBB spam prevention technique I have found. This has made a massive difference. I have tried many other techniques.
Basically the idea is to block a user from posting URLs if he has never posted to the forums before.
Hope it helps! If we all lockdown our forums a little we might start to control such spam. (well I hope).
http://www.acediary.com/itsecurity/phpbbspam/diary.php?view=55
Basically the idea is to block a user from posting URLs if he has never posted to the forums before.
Hope it helps! If we all lockdown our forums a little we might start to control such spam. (well I hope).
http://www.acediary.com/itsecurity/phpbbspam/diary.php?view=55
Is there any way to delete members who have entered their URL illegally before the mod en-masse? or do I have to remove them one by one?
If you search the mod lists on phpbb.com, I think there is an admin module that will let you delete multiple users at one time.
Hi,
I run an automobile forum using phpBB. Spamming was off the hook. Around 20 registration per day and nasty posts. Looked for solution for ever on google. with no luck i tried this myself and reduced spamming 99 % for phpBB. Adding to what Mike at the top does this solution has few more steps. Check it out at http://appleicase.com/board.htm
Cheers
I run an automobile forum using phpBB. Spamming was off the hook. Around 20 registration per day and nasty posts. Looked for solution for ever on google. with no luck i tried this myself and reduced spamming 99 % for phpBB. Adding to what Mike at the top does this solution has few more steps. Check it out at http://appleicase.com/board.htm
Cheers
I just installed phpbb, as it's free and has a handy Hebrew translation available. Unfortunately I just noticed this memberlist annoyance.... There seems to be a mod that fixes it, but not for the hebrew version... darn it
Give the anti-spam question a try...it is simple enough that you should be able to modify one PHPBB file and one template file.
http://boonedocks.net/mike/archives/143-PHPBB-Anti-spam-Registration-Question.html
http://boonedocks.net/mike/archives/143-PHPBB-Anti-spam-Registration-Question.html
In reply to the above, I wrote a free phpbb2 mod to prevent spammers from signing up or posting on your board.
Download it at http://www.phpbbantispam.com
Dev topic: http://www.phpbb.com/community/viewtopic.php?t=393606
Download it at http://www.phpbbantispam.com
Dev topic: http://www.phpbb.com/community/viewtopic.php?t=393606
We have similar experience that our phpbb forum was spammed everyday. But we know the registration of phpbb does require a visual "Confirmation code", just wondering if these spammers are automated bolts, how can they read the info of visual code ?
There is existing software out there that can bypass the visual confirmation without a human. For example, see:
http://www.13bit.com.ar/post/2007/09/Breaking-the-phpBB-CAPTCHA.aspx
http://www.13bit.com.ar/post/2007/09/Breaking-the-phpBB-CAPTCHA.aspx
The PHPBB board that I maintain recently picked up a new user account: Analina. The user signed up with the email analina@gmail.com. The user left a link to visualpicz.com, which redirects to a page full of prescription drug links. At first I thought it
Tracked: Oct 24, 18:58