OSDev.org https://forum.osdev.org/ |
|
Ghost reply notifications https://forum.osdev.org/viewtopic.php?f=6&t=20096 |
Page 2 of 2 |
Author: | purage [ Thu May 21, 2009 11:07 pm ] |
Post subject: | Re: Ghost reply notifications |
Chase wrote: What do you do you think either one of those things would acheive? A higher level of difficulty than your present attempt. If you would like to get fancy you might try to write a more proactive script that might identify a bot. For Example 01. User-Agent not being there could throw an alarm 02. Host being the same as the IP might throw an alarm 03. Coming from a proxy might throw an alarm Of course if detected the script would redirect to 127.0.0.1. |
Author: | Brynet-Inc [ Thu May 21, 2009 11:23 pm ] |
Post subject: | Re: Ghost reply notifications |
The point here is that even a few deviations from the vanilla phpBB package should be enough to break automated scripts, like shuffling around the input form elements.. or asking a random question. Sure it might risk confusing new users, but if they can't figure it out.. they probably should be here. |
Author: | chase [ Thu May 21, 2009 11:45 pm ] |
Post subject: | Re: Ghost reply notifications |
It would only present a higher level of difficulty for the real people trying to use the forums. You can't spam proof a service that is meant to be used by the public, for small sites like our all you can do is make it unique enough that we aren't worth targeting. As for the other suggestions... 01. I switch the user-agent on my browser all the time, don't you think the spammers have figure out what an IE user-agent string looks like? 02. I'm not even sure what you are trying to say 03. Not all proxies add headers so they can't be detected that way. I can't keep track of all the proxy ip addresses in the world. And even if I could, don't forget Tor and all the zombie PCs in the world. This is part of why there is a spamhaus filter already in phpBB. We already block this stuff to the point it causes problems for some users, even I couldn't make a post once within the last week. What good do you think sending a redirect would do? Some spam bots don't even bother to read the http responses at all and the ones that do wouldn't follow a redirect. Spam bot software isn't like a web browser and doesn't follow the rules of an RFC. |
Author: | chase [ Thu May 21, 2009 11:46 pm ] |
Post subject: | Re: Ghost reply notifications |
Brynet-Inc wrote: Sure it might risk confusing new users, but if they can't figure it out.. they probably should be here. Are you trying to say something about our new users? |
Author: | purage [ Fri May 22, 2009 12:23 am ] |
Post subject: | Re: Ghost reply notifications |
You can test for a proxy by attempting to connect to google.com or somewhere using their IP address and the known proxy ports (at least three). When they register they are redirected aren't they? Instead of the confirmation page they get their local host. I don't see why this wont work. As for the number 2 suggestion, I am not too sure why anymore as I was messing with this kind of stuff years ago, but it has something to do with invalid records or the lack of any that normally signify spammer. I am not sure if this applies very much anymore. Lastly, I thought I should also mention that you have now successfully given away the version of your phpBB forum. Not sure if that matters to you or not. |
Author: | pcmattman [ Fri May 22, 2009 12:40 am ] |
Post subject: | Re: Ghost reply notifications |
Why should it matter if people know what version of phpBB is being used? It's not like it's difficult to find out by other means. We already have a great team of moderators who respond extremely quickly and clean up. Spam is just a part of life on a forum, and chase has clearly taken measures to significantly reduce the amount of spam. |
Author: | purage [ Fri May 22, 2009 12:43 am ] |
Post subject: | Re: Ghost reply notifications |
By what other means would you suggest? Does this forum announce its self in the header, do you think? There is a reason they no longer list it at the bottom. It is a security risk. The point is to make it stop all together or as much as possible. Reverting back to taking care of it by hand accomplishes nothing once again. |
Author: | Brynet-Inc [ Fri May 22, 2009 1:24 am ] |
Post subject: | Re: Ghost reply notifications |
chase wrote: Brynet-Inc wrote: Sure it might risk confusing new users, but if they can't figure it out.. they probably should be here. Are you trying to say something about our new users? Clearly I had the subconscious desire to omit n't, bizarre. |
Author: | royalbru [ Wed Aug 05, 2009 7:14 am ] |
Post subject: | Re: Ghost reply notifications |
Yes I have the same problem :- |
Page 2 of 2 | All times are UTC - 6 hours |
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |