Anyone know why this forum has been hit with a dozen or so purported American college football live-stream spams today? (Other than that it’s the first weekend of the season.) Glad it’s only this one; but is there any way to do automatic blocking? The links supposedly point to PDFs on various sites, but you couldn’t pay me to click on one and find out where it really goes.
The spammers seem to prefer relatively low traffic forums, for whatever reason.
Some forum software will automatically block posts with only links for content. Don’t know if that’s possible with our software or not.
Katherine
Thanks, Katherine. I just loathe that kind of “marketing.” Actually, I don’t care much for any marketing (except of course publicity for my books 
), but that sort of stuff doesn’t even deserve the name “marketing,” IMO. Thus I tend to get a little too worked up about it. Thanks for removing the junk! Hope there won’t be any more.
Really annoying those spammers are. 
phpBB comes with the ability to add a question in the register process that a bot can’t figure out. It doesn’t have to be hard - something that the registering (live) person would easily know (so it doesn’t stop them registering). On another board I belong to, this has stopped spammers absolutely cold. And it’s much better than “captcha” which makes my eyes hurt (but doesn’t stop bots).
Or, there’s Bad Behavior, which is magic and effective but a bit more geeky to install.
How the heck are all the bots getting though the captcha? I barely pass as human and I know I’m … well, I guess maybe i don’t know that I’m human. Hmm…
Just a little humor…
That’s what I’d love to know! I’ve been through all of the captcha options we have at this point, including Google’s vaunted oh-so-fancy-knows-if-you’re-human (which basically boils down to: does your browser have a big fat dossier attached to it back at Google’s data mining headquarters) stuff and it makes no difference. I’ve gone back to a question and answer, though this time with something a little less obvious than “What software do we sell?”.
On top of that we also use a central database of known bad addresses, IPs and usernames, which does block a fair amount going by the logs, but an annoying percentage still slip through that.
One interesting pattern I have spotted is that they seem to be triggered off of WordPress activity. We post a blog article and they all activate and start spamming on phpBB. Curious how they are piggybacking in like that, I suppose any sort of “ping” the site might make to public feeds that indicates its not a dead site might do the trick though.
There has to be an API hole that’s letting them create accounts directly. That’s tha only explanation. Even a botnet would need to pass captcha which should trigger a boat load of fails. I’m too lazy to look, but has phpBB been releasing any updates?
In the meantime, is it possible to configure it so that any posts that only contain links get rejected? It won’t stop the accounts from forming but it might at least give us some respite from having to see the actual posts.
(Either that or require moderation for all first-time posters?)
1 Like
Yeah, I’m thinking of some kind of new user policy like that. Moderation might generate too much overhead for us, but a no-links until you post three sort of thing might be worthwhile.
Mainly it’s annoying to me because it is happening during a period of time in which I have zero time to spend on the forum installation/config. 
I hear ya.