header 'warning'

Look here first for answers to common questions
Post Reply
User avatar
c2bill
1k Poster
Posts: 170
Joined: March 15th, 2006, 6:26 pm
Location: Vermont, USA

header 'warning'

Post by c2bill » May 5th, 2006, 2:03 pm

no, we're not being hacked. i screwed up the header somehow - am trying to fix it...

-bill

User avatar
Tyn
10k Poster
Posts: 1058
Joined: March 17th, 2006, 3:01 am
Location: Gouda, the Netherlands

Post by Tyn » May 5th, 2006, 4:49 pm

Bill,

How can we be sure this is you!
Tyn

M42H

"We keep you alive to serve this ship. So row well and live."




"Nobody move! I've dropped me brain!"

MomofJBN
2k Poster
Posts: 218
Joined: March 18th, 2006, 2:12 pm
Location: AZ

Post by MomofJBN » May 6th, 2006, 10:23 pm

We may not have been hacked, but there are a lot of spam posts all of a sudden. :x
Schenley
Wife of Jeff
[img]http://img.photobucket.com/albums/v235/momofjbn/dudes_small.jpg[/img] Mom of Jonathan (12), Benjamin (10), and Nicholas (8)

User avatar
c2bill
1k Poster
Posts: 170
Joined: March 15th, 2006, 6:26 pm
Location: Vermont, USA

Post by c2bill » May 8th, 2006, 11:08 am

re spam- we're moving to an 'email confirmation' system - so all posters will have to have a valid email address - this tends to slow (but not stop) spam posts. on another funny note i'm starting to get requests from advertisers to 'sell space' on the forum - we're a victim of our own popularity!

bp

User avatar
Jeff_FLG
Paddler
Posts: 9
Joined: May 10th, 2006, 12:21 am
Location: Flagstaff, AZ
Contact:

Post by Jeff_FLG » May 10th, 2006, 1:02 am

Hello Bill,

I've been lurking for a while and finally joined. I'm greatly enjoying my C2 and keeping motivated as a member of the AZ Outlaws. Schenley (MomofJBN in the post above) is my better 7/8.

This thread caught my eye -- I run a PHPbb forum myself, and the email confirmation plus capcha should help with the spam...it did for us. But even with that, I did have enough problems that I finally had to hack it to (1) remove the member list and (2) change the "agree to terms" registration variable to something the bots couldn't recognize. #1 eliminates the incentive for bots to harvest email addresses, or to get trackbacks for their own email and web sites when legitimate crawlers come through, and #2 really constipates them...I haven't had a single automated registration since.

I'm not suggesting you axe the user list; I have no idea how many members of this forum use it, and as the proud owner of one post I hardly imagine I know what's best for these boards. But if you get bizarre registrations with .pt and .ru addresses, that might be what's going on. I looked at the various content options you have now, and it does look like you have things reasonably locked down. So hopefully this will work better than IPB (which I have never had trouble with, but I guess nothing's perfect).

And you know, you could replace that stock phpBB banner with a nice C2/erging logo!

Thanks for your efforts in providing this forum for everyone.
Jeff
Favorite ergers: Schenley (MomOfJBN), Jonathan (10), Benjamin (8), Nicholas (6)
AZ Outlaws / 901,503 m since 12/16/2005
www.flagmusic.com

PaulH
6k Poster
Posts: 983
Joined: March 15th, 2006, 10:03 pm
Location: Hants, UK
Contact:

Post by PaulH » May 10th, 2006, 9:51 am

Jeff,

Can you explain the option 2 you mention? It would be great to have the details in case we need it.

Cheers, Paul

User avatar
Jeff_FLG
Paddler
Posts: 9
Joined: May 10th, 2006, 12:21 am
Location: Flagstaff, AZ
Contact:

Post by Jeff_FLG » May 10th, 2006, 5:22 pm

Option #2 is one of the better bot-killers I have seen. The bots come in and supply “true” wherever the variable “agreed” appears in the reg forms – the TOS, the COPPA rules, and so on. There are three files in your phpBB directory structure where this variable appears: admin/admin_users.php, includes/usercp_avatar.php, and includes/usercp_register.php.

Go into these files and do a global search and replace of “agreed” with something else, like “yep_thats_fine”, or something mixed case like “OkeYDoKey.” The PHP won’t care what you use (as along as you've made sure to change all instances of the variable!), and the bots won’t have any idea what you’ve changed it to. I recommend taking the characters “a-g-r-e-e” out of the name entirely (i.e., don’t use “yep_i_agree”) since a few bots now seem to be on to this and appear to be smart enough to search substrings, or even to try to deduce the variable name via offsets from other known strings. (Some programmers have way too much free time! :roll:)

Since I hacked our boards in this way, I have occasionally had manual registrations from casino hucksters and the like, but the obvious auto signups (particularly porn-related) have been greatly reduced.

I see that besides a couple of legit signups, there are two obvious spam members here just since I joined last night! I feel your pain... :?
Jeff
Favorite ergers: Schenley (MomOfJBN), Jonathan (10), Benjamin (8), Nicholas (6)
AZ Outlaws / 901,503 m since 12/16/2005
www.flagmusic.com

User avatar
johnlvs2run
Half Marathon Poster
Posts: 3265
Joined: March 16th, 2006, 1:13 pm
Location: California Central Coast
Contact:

Post by johnlvs2run » May 10th, 2006, 5:32 pm

You could put "I don't agree" for one of the choices, then they would click that one.

Many sign up pages have letters to retype in prior to signup approval.

I don't know how effective this is, but it seems would cause more of a problem to the robots.
72, 5'8", 155lbs ~ Skierg Lightweights
Attention Concept2 --> please add a lightweight division for the Skierg.

User avatar
Jeff_FLG
Paddler
Posts: 9
Joined: May 10th, 2006, 12:21 am
Location: Flagstaff, AZ
Contact:

Post by Jeff_FLG » May 10th, 2006, 7:14 pm

John Rupp wrote:You could put "I don't agree" for one of the choices, then they would click that one.
A slightly more involved hack, but it would be doable, and you're right, it might indeed fool some of the scripts...and might be necessary if enough of them seem to have "adapted" to the trick above.
Many sign up pages have letters to retype in prior to signup approval.
Yep, that's a "captcha," which C2 is using (I had to type one in last night). Many flavors of these exist, and though they do indeed help, they're far from bulletproof. The one used by these boards is probably not hard for character recognition software to defeat. The best solution for this whole problem of auto-registrations is several layers of security -- captcha, code hacks, user list and email list control, etc. Quite the annoyance, these folks, but that's life on the Net.
Jeff
Favorite ergers: Schenley (MomOfJBN), Jonathan (10), Benjamin (8), Nicholas (6)
AZ Outlaws / 901,503 m since 12/16/2005
www.flagmusic.com

MomofJBN
2k Poster
Posts: 218
Joined: March 18th, 2006, 2:12 pm
Location: AZ

Post by MomofJBN » May 13th, 2006, 3:08 pm

More spam posts popping up in the General section. :roll:

Schenley
Schenley
Wife of Jeff
[img]http://img.photobucket.com/albums/v235/momofjbn/dudes_small.jpg[/img] Mom of Jonathan (12), Benjamin (10), and Nicholas (8)

Post Reply