Chase wrote:What do you do you think either one of those things would acheive?
A higher level of difficulty than your present attempt.
If you would like to get fancy you might try to write a more proactive script that might identify a bot.
For Example
01. User-Agent not being there could throw an alarm
02. Host being the same as the IP might throw an alarm
03. Coming from a proxy might throw an alarm
Of course if detected the script would redirect to 127.0.0.1.
The point here is that even a few deviations from the vanilla phpBB package should be enough to break automated scripts, like shuffling around the input form elements.. or asking a random question.
Sure it might risk confusing new users, but if they can't figure it out.. they probably should be here.
Twitter: @canadianbryan. Award by smcerm, I stole it. Original was larger.
It would only present a higher level of difficulty for the real people trying to use the forums. You can't spam proof a service that is meant to be used by the public, for small sites like our all you can do is make it unique enough that we aren't worth targeting.
As for the other suggestions...
01. I switch the user-agent on my browser all the time, don't you think the spammers have figure out what an IE user-agent string looks like?
02. I'm not even sure what you are trying to say
03. Not all proxies add headers so they can't be detected that way. I can't keep track of all the proxy ip addresses in the world. And even if I could, don't forget Tor and all the zombie PCs in the world. This is part of why there is a spamhaus filter already in phpBB. We already block this stuff to the point it causes problems for some users, even I couldn't make a post once within the last week.
What good do you think sending a redirect would do? Some spam bots don't even bother to read the http responses at all and the ones that do wouldn't follow a redirect. Spam bot software isn't like a web browser and doesn't follow the rules of an RFC.
You can test for a proxy by attempting to connect to google.com or somewhere using their IP address and the known proxy ports (at least three). When they register they are redirected aren't they? Instead of the confirmation page they get their local host. I don't see why this wont work. As for the number 2 suggestion, I am not too sure why anymore as I was messing with this kind of stuff years ago, but it has something to do with invalid records or the lack of any that normally signify spammer. I am not sure if this applies very much anymore. Lastly, I thought I should also mention that you have now successfully given away the version of your phpBB forum. Not sure if that matters to you or not.
Why should it matter if people know what version of phpBB is being used? It's not like it's difficult to find out by other means.
We already have a great team of moderators who respond extremely quickly and clean up. Spam is just a part of life on a forum, and chase has clearly taken measures to significantly reduce the amount of spam.
By what other means would you suggest? Does this forum announce its self in the header, do you think? There is a reason they no longer list it at the bottom. It is a security risk.
The point is to make it stop all together or as much as possible. Reverting back to taking care of it by hand accomplishes nothing once again.
