Topic: How to keep spam bots out of your Forum!

[Sea Mac]

Even WITH Stop Forum Spam's Database PLUS Mod httpBL and a honeypot installed there would still be spambots registering every now and then. One actually posted Spam (I deleted it hours later) one time!

There is a feature built into the SMF 2 branch of the forum in the "Anti Spam" tab of the "Security" section called Verification Questions. I turned them on and made 6 question answer pairs for anything trying to register to answer.

And NO One has registered since! (Apparently ... If it weren't for attacks by spam robots this site would get zero traffic.)

Spam robots cannot guess that the correct answer to "How many toes on a foot?" should be "5" ... and the other 5 answers are also just boxes to leave blank - to a robot.

http://wiki.simplemachines.org/smf/SMF2.0:Security_and_Moderation#Anti-Spam

A human could Easily Answer them: and One human actually signed up TWICE to manually place an AD - both times I reported his registering email address to "Stop Forum Spam" as a KNOWN Spammer! He will be prevented from manually registering with OTHER SFS web sites ... 2 addresses are in their database.

Get a SMF 2 forum and just turn on the Verification Questions! Then go on vacation. It's safe.

So far ALL of the spam robots seem to be baffled by simple questions that would make HUMANS Roll On the Floor Laughing (ROFL) at the absurdity ...

"Can YOU eat Electricity?" 
(Only if you salt it heavily ... it is too bland otherwise ... )

http://wiki.simplemachines.org/smf/SMF2.0:Security_and_Moderation#Verification_Questions

Configure Verification Methods

Below you can set which anti-spam features you wish to have enabled whenever a user needs to verify they are a human. Note that the user will have to pass all verification so if you enable both a verification CAPTCHA image and a question/answer test they need to complete both to proceed.


 Verification Questions

If you want users to answer verification questions in order to stop spam bots you should setup a number of questions in the table below. You should pick relatively simple questions; answers are not case sensitive, though you should not use a 0 (zero) or a space as an answer to a question. You may use BBC in the questions for formatting, to remove a question simply delete the contents of that line.

    Visual verification image to display - This allows you to choose whether to add a verification image and to change its difficulty.

    Number of verification questions a user must answer - Select any number above zero to set the number of verification questions which need to be answered.

[Sea Mac]

Do you see that second MOD "MOD Stop Spammer"? It uses the Stop Forum Spam Database and API.

Description:

MOD Stop Spammer v2.3.7
==================

    * Authors:

   M-DVD and snoopy_virtual

    * Version:

   2.3.7

    * Release:

   7th February 2010

    * Languages:

   



    * Compatible With:

   SMF 1.1.1 - 1.1.11
SMF 2 RC2 - RC3
   
   Comment this Mod
   M-DVD's MODs
   Images
   Help support M-DVD's MODs
   
         
Contact Snoopy via Skype
             
IMPORTANT:
This MOD works better when used
together with MOD httpBL

    * Change Log

   

    * Road Map

      (Before you ask for a new feature or report a bug
check if it's already in the cue waiting to be done)

    * Read FAQ


Features:

    * With this MOD you can Block the Registry of Spammers in your Forum.


    * When registering a user, it will compare their data (nickname, IP and mail) with the
      "Stop Forum Spam" DB. If it match any data, then the user is leaved inactive 'Waiting for Approval'.
      Admin > Members > Awaiting Approval


    * You can leave the 'Inmediate Registration' enabled for all users (so you don't disturb them),
      but if a Spammer is detected it will apply 'Register Approval' automatically.


    * Also you can check all data of many members (already registred) automatically with
      a simple click, selecting them in the list...
      Admin > Members > View All Members


    * And report new Spammers and increase the DB, with a simple click.


    * It keeps a record of the number of all Spammers Blocked to date,
      you can enable and disable this MOD and more


Thanks to 'Stop Forum Spam' for your DB and APIs.

You get all 3 for overlapping protection. Like this:



Already this MOD has slammed the Door on over seven thousand threats!
(As of March 10, 2014 at 04:22:12 AM - the number of spammers stopped by MOD httpBL (in just this forum alone!) was: 49147! Seven times what it was!)

If you want to see the look of your "warning.php" page with these settings (the page everybody with an IP considered dangerous is going to be redirected to) press this link: warning.php

This is the latest in security! Install a honeypot on your domain and then http:BL MOD first, Stop Spammer MOD second, and Re-Captcha MOD third. THEN you'll be secure!

As for Smilie sets: I'll give you the 3 or 4 I've got ....

[Sea Mac]

I posted this Topic to help all those poor people who mistakenly think that phpBB is a secure free forum software/script.

(Modified it on July 8th, 2011 to reflect new version numbers.)

Nothing could be farther from the truth: and the new wave of more intelligent bot scripts are wreaking havoc with ANY phpBB forum out there!

There IS a Secure & FREE Forum software/script: it is SMF 2.0 (Simple Machine Forum). There is a conversion script to change your phpBB Forum over to a SMF forum, too.

Here is what you should do if you are tired of fighting spammers:  

Download the Full Install SMF 2.0 Install Package. Get it here: http://www.simplemachines.org/download/

Convert from phpBB to SMF as quickly as you can.  Get the phpBB2 to SMF 2.0 converter OR the phpBB3 to SMF 2.0 converter script - whichever you need. Get it Here: http://download.simplemachines.org/?converters;software=phpbb

Convert from your unsafe spambot magnet phpBB forum to a safer and more secure SMF forum.

I have found a way to Stop the Bad Guys from getting into your SMF Forums!

A Combination of 3 Standard MODS made for SMF Forums have given me a much needed rest from chasing out comment spamming robots.

The 3 MODS that have tested OK and ACTUALLY WORKED For me - on 4 functioning SMF 2.0 forums So Far - are MOD http:BL to Armor Plate the Forum, and then MOD Stop Spammer to let you find/sort/and Deal with Spammers that already registered, and then add MOD ReCAPTCHA to Armor Plate Registration!  

I'm one of the Internet's "White Hats" because my sites actually help CATCH and Mark Spammers! I've got THREE Different "Honey Pots" set up on 3 different Domains already and I'm TELLING you Right now how to get these annoying scripts OFF of Your SMF Site! A Spammer wouldn't want you to know this:

How to rid your Site (Any Current SMF 2.0 Site, Actually) of 99.5% of Attack/Harvesting/Spam Scripts.

(You will Need 'domain file manager' or 'FTP' access to your Domain in order to upload the honeypot script to your root folder (sometimes called public_http) so make sure you have access before we start.)

First Step. Sign up for a FREE "Honey Pot" script, custom built JUST For YOUR Domain, from Project Honeypot. Here is an Overview of the Honeypot install process that walked me through it ... http://www.snoopyvirtualstudio.com/tutoriales/index.php?estudio=httpBL_2 (it comes up in Spanish and you must select English from the Language menu to see it.)

When Signing up: Enter the Domain that your SMF Forum is hosted on. The Scripting Language to choose for your honeypot script is PHP 4+ - let them choose the name of the script for you, too. Go ahead and Share your honeypot, too, if you want: I shared all 3 of MY Domains honeypots. Only an Internet "White Hat" would sign up - let alone share freely!

Second Step:  Download the zipped honeypot script to your computer. Unzip it. Use FTP to place the script in the root folder of your Domain: do NOT Rename it! Carefully note its URL: after you activate it you cannot move it without starting all over again with a new honeypot script. After you follow the instructions to activate your honeypot you may request an API Key for access to the http:BL Database Access.

Third Step: Download the http:BL MOD from http://custom.simplemachines.org/mods/index.php?mod=2155 - then use your Package Manager to upload the MOD and Install it. (Back Up the Whole Site - and databases - first!) You'll need the URL of your Site's activated honeypot AND your http:BL API Key to first switch on this MOD. (Leave the Search word/keyword blank) Plug in those 2 facts in the MODS Control Panel (In the Members section - Down at the bottom - you'll see MOD httpBL has been added) and enable it.

That takes care of 98% of bad guys right away! Any known very bad IP address won't even be allowed to see your forum: they see a challenge page instead!

Next, you'll want to sign up over at Stop Forum Spam and Get an API Key from THEM. When you have an API Key go get the MOD Stop Spammer.

Again, Upload the MOD - back up the site and database - Install it. Activate the
MOD from the Members/Registration/Settings. All 5 of the checkboxes should be checked (on). You can CHECK your existing members against the database of Spammers known IP addresses - 5,000 a day -  and quickly eliminate bad ones, with this MOD!
 Finally, Put in ReCAPTCHA for Registration!
You know the drill by now. Sign up for a Public Key/Private Key set here: http://recaptcha.net/whyrecaptcha.html  Then get and install this MOD MOD ReCAPTCHA. Plug in your Account Details in the spaces provided (also located at Members/Registration/Settings ) and activate it.

 And then you'll not have to battle spammers any more! I tell you: It's Working for ME!