OSDev.org

The Place to Start for Operating System Developers
It is currently Wed Dec 11, 2019 4:07 am

All times are UTC - 6 hours




Post new topic Reply to topic  [ 24 posts ]  Go to page Previous  1, 2
Author Message
 Post subject: Re: Ghost reply notifications
PostPosted: Thu May 21, 2009 11:07 pm 
Offline
On Probation

Joined: Wed Feb 11, 2009 1:04 am
Posts: 119
Chase wrote:
What do you do you think either one of those things would acheive?

A higher level of difficulty than your present attempt.

If you would like to get fancy you might try to write a more proactive script that might identify a bot.

For Example
01. User-Agent not being there could throw an alarm
02. Host being the same as the IP might throw an alarm
03. Coming from a proxy might throw an alarm

Of course if detected the script would redirect to 127.0.0.1. :)


Top
 Profile  
 
 Post subject: Re: Ghost reply notifications
PostPosted: Thu May 21, 2009 11:23 pm 
Offline
Member
Member
User avatar

Joined: Tue Oct 17, 2006 9:29 pm
Posts: 2423
Location: Canada
The point here is that even a few deviations from the vanilla phpBB package should be enough to break automated scripts, like shuffling around the input form elements.. or asking a random question.

Sure it might risk confusing new users, but if they can't figure it out.. they probably should be here.

_________________
Image
Twitter: @canadianbryan. Award by smcerm, I stole it. Original was larger.
UNIX&BSD's, your only aspirations, to be imitated! 8)
Windows, are an opening in an otherwise solid and opaque surface through which light and, sometimes, even air can pass through; nothing more.


Top
 Profile  
 
 Post subject: Re: Ghost reply notifications
PostPosted: Thu May 21, 2009 11:45 pm 
Offline
Site Admin
User avatar

Joined: Wed Oct 20, 2004 10:46 pm
Posts: 671
Location: Texas
It would only present a higher level of difficulty for the real people trying to use the forums. You can't spam proof a service that is meant to be used by the public, for small sites like our all you can do is make it unique enough that we aren't worth targeting.

As for the other suggestions...
01. I switch the user-agent on my browser all the time, don't you think the spammers have figure out what an IE user-agent string looks like?
02. I'm not even sure what you are trying to say
03. Not all proxies add headers so they can't be detected that way. I can't keep track of all the proxy ip addresses in the world. And even if I could, don't forget Tor and all the zombie PCs in the world. This is part of why there is a spamhaus filter already in phpBB. We already block this stuff to the point it causes problems for some users, even I couldn't make a post once within the last week.

What good do you think sending a redirect would do? Some spam bots don't even bother to read the http responses at all and the ones that do wouldn't follow a redirect. Spam bot software isn't like a web browser and doesn't follow the rules of an RFC.


Top
 Profile  
 
 Post subject: Re: Ghost reply notifications
PostPosted: Thu May 21, 2009 11:46 pm 
Offline
Site Admin
User avatar

Joined: Wed Oct 20, 2004 10:46 pm
Posts: 671
Location: Texas
Brynet-Inc wrote:
Sure it might risk confusing new users, but if they can't figure it out.. they probably should be here.

Are you trying to say something about our new users? ;)


Top
 Profile  
 
 Post subject: Re: Ghost reply notifications
PostPosted: Fri May 22, 2009 12:23 am 
Offline
On Probation

Joined: Wed Feb 11, 2009 1:04 am
Posts: 119
You can test for a proxy by attempting to connect to google.com or somewhere using their IP address and the known proxy ports (at least three). When they register they are redirected aren't they? Instead of the confirmation page they get their local host. I don't see why this wont work. As for the number 2 suggestion, I am not too sure why anymore as I was messing with this kind of stuff years ago, but it has something to do with invalid records or the lack of any that normally signify spammer. I am not sure if this applies very much anymore. Lastly, I thought I should also mention that you have now successfully given away the version of your phpBB forum. Not sure if that matters to you or not.


Top
 Profile  
 
 Post subject: Re: Ghost reply notifications
PostPosted: Fri May 22, 2009 12:40 am 
Offline
Member
Member

Joined: Sun Jan 14, 2007 9:15 pm
Posts: 2566
Location: Sydney, Australia (I come from a land down under!)
Why should it matter if people know what version of phpBB is being used? It's not like it's difficult to find out by other means.

We already have a great team of moderators who respond extremely quickly and clean up. Spam is just a part of life on a forum, and chase has clearly taken measures to significantly reduce the amount of spam.

_________________
Pedigree | GitHub | Twitter | LinkedIn


Top
 Profile  
 
 Post subject: Re: Ghost reply notifications
PostPosted: Fri May 22, 2009 12:43 am 
Offline
On Probation

Joined: Wed Feb 11, 2009 1:04 am
Posts: 119
By what other means would you suggest? Does this forum announce its self in the header, do you think? There is a reason they no longer list it at the bottom. It is a security risk.

The point is to make it stop all together or as much as possible. Reverting back to taking care of it by hand accomplishes nothing once again.


Top
 Profile  
 
 Post subject: Re: Ghost reply notifications
PostPosted: Fri May 22, 2009 1:24 am 
Offline
Member
Member
User avatar

Joined: Tue Oct 17, 2006 9:29 pm
Posts: 2423
Location: Canada
chase wrote:
Brynet-Inc wrote:
Sure it might risk confusing new users, but if they can't figure it out.. they probably should be here.

Are you trying to say something about our new users? ;)

Clearly I had the subconscious desire to omit n't, bizarre.

_________________
Image
Twitter: @canadianbryan. Award by smcerm, I stole it. Original was larger.
UNIX&BSD's, your only aspirations, to be imitated! 8)
Windows, are an opening in an otherwise solid and opaque surface through which light and, sometimes, even air can pass through; nothing more.


Top
 Profile  
 
 Post subject: Re: Ghost reply notifications
PostPosted: Wed Aug 05, 2009 7:14 am 
Offline

Joined: Tue Jul 08, 2008 12:44 pm
Posts: 10
Yes I have the same problem :-


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 24 posts ]  Go to page Previous  1, 2

All times are UTC - 6 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group