This blog is retired.

Archive for the ‘phpBB’ Category

MOD Textual Confirmation Rises From Pit of Despair

Sunday, September 9th, 2007

True Story:

I became so irritated from using phpBB2 Advanced Visual Confirmation, which ended up causing me more trouble that it was worth, that I finally did something about it.

After thinking that I had wrapped a spammer-proof wall of security around my forum, I discovered that spammers were having an easier time decrypting my captcha images than my authorized members were. In fact, I often ended up having to manually register new users who I thought weren’t smart enough to decipher the image that was sitting right there in front of their face. It was only after I tried (and failed) to register one particular user 5 times that the truth hit me:

When it comes to default captcha decoding skills: Computers win, humans lose.


How to bypass Textual Confirmation

Tuesday, August 14th, 2007

Someone has asked Google how to bypass Textual Confirmation. Great! The alternative to CAPTCHA is taking off, even spammers noticed it. Now they’ve started to think about bypassing. Would you mind to help them and share ideas?


SPAM-Weary Webmasters March On!

Wednesday, August 1st, 2007

While poking around the Internet I came across this article about ways to stop PHPBB spam. In it the author talks about 2 tools he believes everyone running a phpBB board needs. What’s nice about the article is that it isn’t a cleverly disguised plug for these products. Instead it’s an independent review so you can be sure these products really work.


Forum Spammer List

Thursday, June 28th, 2007

The previous posting comes with a big introduction, and the essence is hidden. Highlighting it:

Forum Spammer List, or FSpamlist for short. This, in a nutshell, is an online database full of known spammer’s email addresses, popular domains, usernames, and IP addresses that are all easily exportable so that forum administrators can import them into their forum’s ban lists.

A little something else…

Wednesday, June 27th, 2007

Geez, where do I begin? Spam…it’s all about spam. Why can’t we all live in a wonderful e-world, filled with blogs, picture streams, and wonderful myspaces… without the hassle of spam. I guess it’s just like anything else, it’s subject to users and abusers. Hustlers I call ‘em; Skid Row-ers I call ‘em. Plain ‘ole scum of the Earth. What are we going to do? They are clever, very very clever… Well of course!– We must fight the fires with even clever-er(?) :) methods. CAPTCHA was a god-send. That’s one way. The boys over at bbantispam have come up with a simple yet effective way to wade through the masses of complex, yet somewhat feeble in circumstances, spam bots. Why boys, can’t you even say “hello”? I love it. Keep it coming bbantispam…’cause I’m ready to say “goodbye”. If you don’t know, they have even come up with an effective link rejector. They themselves said it best… what do spammers register everywhere for?.. duh! to post links.. The links rejector will phase through their links of garbage.

So why am I here? I’m certainly not here to compete. The folks at bbantispam certainly have a legitimate and effective product on their hands. I’m here to introduce, rather humbly, a little project of mine.

Introducing Forum Spammer List, or FSpamlist for short. This, in a nutshell, is an online database full of known spammer’s email addresses, popular domains, usernames, and IP addresses that are all easily exportable so that forum administrators can import them into their forum’s ban lists. With your help, this database can grow and stay current to aid in forum administrators everywhere to stop known spammers from even registering. Well, how can you help you might ask? This online database can be updated by anyone, anywhere. Well what about false-positives, JACK! Well, that’s when you’ve got to trust me… I’ve set-up a few security measures to keep the spammers out and the legitimates in. See a name in the database that looks like it shouldn’t be there?…just flag it using the link in the spammer profile page and the volunteer team and I will take a look it.

Well, I’ve said a lot… I’ve just pulled a shameless plug haven’t I? I wouldn’t like to think so.

I’ve come all this way to make a proposal to the folks at bbantispam. I, myself, have installed the Textual Confirmation tool on my forum. It works quite well might I add, and I noticed in the Readme (and in your bbantispam’s forum) that in the free version of the Textual Confirmation tool actually sends back the spammer’s data to bbantispam that gets the confirmation prompt wrong. I am proposing that on future feedback reports, that information would also be sent to FSpamlist for holding, and my team and I will look at the data and decide whether it is valid and should therefore be inserted into the database. Why would you do this for us? Well, I thought we are here to stop spam any way we can. But, I do understand the logic of barter, or partnerships if you would. This would be the first partnership of its kind. What I am offering you is complete and utter credit for all data sent to FSpamlist. Those exact terms are open to discussion.

Well, there I’ve said it.. I’m just one fishhook in a sea of spammers.

If you would like more information about my project FSpamlist please visit the following sites:

FSpamlist Main Page
FSpamlist Blog (for updates and such)
FSpamlist Forum (for open discussion)

Two sorts of phpBB2 spam

Tuesday, June 26th, 2007

I’ve just got a complaint from an user who purchased Textual Confirmation (TC). To his dissatisfaction, TC haven’t stopped spam. Investigations revealed that he gets spam in guest postings, which is outside of the scope of TC. To stop such spam, he actually needs Advanced Textual Confirmation. The following is what I’ve answered.