Anybody knows how to nuke Spambots?
 

I'm starting to pick up more and more spam bot signups on my PHPBB forums. Most of them simply register, include a website link and a few keywords in location, occupation and signature, and never activate. The sign-ups seem to be automated, or are there really trolls out there that sit on the computer spamming on 12/31/07 at 11.51 pm EST? They do somehow manage to read out the activation code which is provided as a jpg.

Sole purpose of theses sign-ups seems to be to boost an URL for Viagra, Cellphones, etc. in google rankings by creating many back links. These signups typically have

- no referer or user agent
- a bogus ICQ number
- bogus email account (.uk, .de, .com, .au, etc.)
- a changing proxy IP

I actually didn't mind this as long as it was happening in moderation, but lately some asswipe signs up with 15-20 different addresses every day, which is too much.

Can someone explain to me how that spam-biz works, what do people get really out of it doing this, and how it can be avoided?

are you running the latest version of phpbb? later releases normally include fixes to prevent it.
There are also possibly mods/addons you can install.

since i installed phpbb 3 - all spam was gone... totally... not even one bot user, not even one spam message... I have tons of them before the upgrade....

Well, it's true, whenever we upgrade the forum the problem seems go away for about 4-6 weeks, then it starts all up again. They seem to find a backdoor quickly. Haven't tried version 3 yet.


We've been dealing with this shit for 2 years now.

When I was running v2 - i had the same problem
I have 3 running since BETA - half a year without spam...
you might give it a try...

another thing that can always help is adding a human input box in the sign up form (i did that on v2 and it helped a lot). something simple...

We did exactly that, a code is displayed as a JPG and needs to be put in manually into a dialog box. It did take care of the problem for about 4 weeks, now they must have figured out a way to automatically read out the JPG.

It is a bot, I am sure. No matter how geeky you are, you're not sitting on Christmas and New Years Eve all night signing up for forums and putting codes into dialog boxes, and that was exactly the time when I go lots of sign-ups. (Even the most relentless GFY posters, guys that apparently never sleep, with a message count of 2 posts/hr. over a 3 year time period, seemed to give it a rest on New Years Eve.)

Can you post a sample of your CAPTCHA jpg? Might just a better captcha

There's your problem. You should consider switching to vbulletin.

OK

http://img181.imageshack.us/img181/5818/kapwo8.jpg

Been broken for months...very easy captcha to break, same font, all caps, no distortion etc etc.. even the "are you human?" was a dumb idea

They do it, as you said, for backlinks and traffic...do the upgrade as suggested.

OK, I will.

Yeah that captcha is pretty weak