A solution to prevent spamming?

[Eidolon]

I've noticed in the past few weeks/months that these forums are sufffering from spammers. I don't know if it's possible with PHPBB however it would possibly be worth adding a HRI (Human Readable Image) to the registration page, as this would prevent bots from signing up and posting. Also doing a wildcard ban on "@mail.ru" and "@cashette.com" I've found also helps, as these two domains tend to be a favourite for spammers.

[Atomic-Pigeon]

Using e-mail validation is the best way. I've had spam postings even with the letter verification method, but asking a spammer for their e-mail address puts them off completely.

[jonl]

Hi, I recently joined this forum and my registration DID include an image verification stage so perhaps your suggestion has been acted upon.

I dont think asking for email addresses is a particular deterrent, most spammers change their address much to regularly for that to be effective.

The best way I know of dealing with spam on notice boards is to give all users a privilidge to mark a particular posting as being potential spam thereby alerting trusted users or website hosting administrators an immediate alert that something that looks like spam has been added to the board and may require deletion.

On the subject of spam, does anyone know how to get MS outlook mail rules to spot an email that contains only an inlined picture? Spammers seem to be getting around antispam measures based only on text rules (ie delete mails containing the word ******) by using low quality images of the text message they want to broadcast. Outlook seems to be able to detect email that has a non-inlined attachement but the spammers are using inlined ones (ie picture appears automatically when you view the email), I would be happy to delete all messages containing an inline attachment since my real customers never send me messages like this.

Thanks in advance for any info

Jon

[eUKhost.com]

Hello Jon,

All members have permission to notify a thread as spam to forum moderators. Eidolon is the only customer who has sincerely done this whenever he saw any spam posts on the forum. I don't think we can do anything else to stop spam posts as the words commonly used in spams threads have been banned in the forum but that will only change that spam word but wont stop spammers from posting threads.

Regarding the spam email you don't need to do much only your end as we have custom spam protection script on all Linux servers which checks every incoming email and common spams are deleted by the script. If you get 5 - 10 spams per day then you should manually delete those as we have suffered more than anyone else due to spams and we have taken every possible step to reduce incoming spams.

One thing you should check is that you should never put any email address in plain text on your website hosting and the email address in whois information of your domain name should be something different from your most important email addresses. If we try and hit the sources of spammers then we can get on top of spamming but stopping incoming spams completely is next to impossible if you put your email address for display in text format for crawlers to grab and add to their database.

[jonl]

Thanks Eukhost

Yes, currently my commercial website hosting includes a form that directs to PHP code in my CGI bin and only the PHP code contains the email address so as far as I understand it, I am now safe.

Unfortunately the former owner of my company did expose the text email on the web and as always there is the dilemna of
cutting off a communication route that may still be all that older customers have kept in their records.

These days however my biggest concern is the use of my domain name by spoofers who make it look as if I am sending out spam, I have detailed this in another post.

Thanks for the reply
Jon

[swexpert]

Hi Jon
You're safe as long as you understand

Sorry if it sounds rude but that's possibly how it is. You never know "what tommorrow will bring". Well how about reading your form, disabling javascript and then calling your PHP page directly with the parameters? Whether it is GET or POST should not matter much because most spammers would be running a webserver on their own system.

What I have found effective in forms is: Showing emails via scripting not direct text, not trusting on client side validations and Inclusion of CAPTCHA (image code) helps a lot in dettering automated bots.

Hope that helps a bit.

Regds
IJ

[fgames1]

the image verification is called code captcha it would be nice also to prevent spamming a cell phone code verification for non members