miniBB ® miniBB®
miniBB Support Forums
 | Forums | Register | Reply | Search | Statistics | Manual |
Custom Tutorials and Modifications miniBB Support Forums / Custom Tutorials and Modifications /   

Elegant anti-spam solution

Page  Page 1 of 2:  1  2  Next »  
Author Risa
Registered
#1 | Posted: 8 Oct 2006 10:46 
I wanted to keep my minibb forum open for non-registered users but shortly I was plagued by tuns of spam. And I found much easier and elegant solution than ugly CAPTCHA.

Just add this code to the main_post_form.html template - somewhere under "postText" textarea:

<noscript><p>Anti SPAM protection, fill in this field with text &quot;nospam&quot;: <input name="chckforspm" size="6" /></p></noscript>
<script type="text/javascript">
document.write('<input type="hidden" name="chckforspm" value="no' + 'spam" />');
</script>

Users with enabled javascript will see form without a change. Users with disabled javascrit will have to fill word "nospam" to the new field. Robots that generate SPAM can not work with javascript, they also don't know what word to fill in.

Of course you can use any other word than nospam.

Step two:

Just add this code on beggining of index.php

if ($action=='ptopic') {
if ($chckforspm!="nospam") { echo "Anti-spam check failed! Click Back and fill in word &quot;nospam&quot;!"; die;}
}

And that's it... You can also include script or function to handle anti-spam check.

Author tom322
Registered
#2 | Posted: 8 Oct 2006 12:21 
I don't know why you think the Captcha is not elegant - you can easily adjust the colors, look etc to your own website... :)

Author marsbar
Associated Member
#3 | Posted: 8 Oct 2006 18:14 
Tastes differ, tom322. :-) (I do not mind CAPTCHA.) Thanks to Risa for offering an alternative anti-spam solution.
- mb

Author tom322
Registered
#4 | Posted: 8 Oct 2006 21:33 | Edited by: tom322 
Did you check it how it's working? I might use it on another unrelated website if it's working good ;).

Actually, I think it's working good. But the problem is - the spammers will know what "keyword" to use to continue spamming (unless you change the keyword often....).

Author Paul
Lead Developer
#5 | Posted: 9 Oct 2006 02:52 | Edited by: Paul 
Risa
If it would be so easy, Captcha never was invented.

I can easily crack your code and write a function, which bypasses it like it would be a human. Your suggestion means nothing in automated spam programs world.

The POST string which such kind of program needs to pass, may look something like that:

?action==ptopic&postMsg=postMsg_text&topicTitle=topic_title_text&chckforspm=nospam

Knowing secret phrase program needs to verify, and URL variable under which it needs to be passed, there's nothing genious to work around this.

By the way, the second mistake in your code is that it will work only when PHP's setting register_globals is set to ON. It should use $_POST array. In most common configurations nowadays, register_globals is set to OFF. But this doesn't really matter, because your solution is weak, anyway.

Most common Captcha solutions, including our own, are working different way. Secret phrase can not be read from source code, but is stored in a session. That way automated programs have no chances to read it and emulate it. This is still the only one way to fight automatic spam.

Author Martoi
Guest
#6 | Posted: 24 Nov 2006 14:22 
it doesnt work. if you have java script enabled, you see no difference. if you disable it you can see a form. even if i post a message with not filling it in, the post appears. 10 minutes after i changed the code as you said i had 3 spam messages...

Author myowndictionary
Registered
#7 | Posted: 26 Nov 2006 07:44 | Edited by: myowndictionary 
I tried this with simply a hidden form variable, but that didn't work, I had to get javascript to set a variable inside the SESSION and put that same variable as visible on the web page. Then, when the form was submitted, the submitted value is compared to what was in the session. This works around the spam engines because the variable the form needs to send changes every time and it's not possible to read a "gif" file (mine didn't use the gif, it especially makes random numbers in a string a red color font, but the spam engines aren't that smart.)

To fix the javascript she is using, she can generate a random string using php or javascript, and then encode it like I do, and then check it against the SESSION variable content like I do.

Author Paul
Lead Developer
#8 | Posted: 27 Nov 2006 08:14 
Guys,

until the value you need to insert as verifycation code, is somewhere visible in the source of the page, it's not serious and can be very easy to hack. Even if you write a tricky JavaScript function to encode the value, then decode it back again (using JS function), it is still possible to program the same type function in PHP, which decodes the encoded value...

It all doesn't matter, until the verifycation code is available in the source. It only matters, when it's available in the session; and even this can be hacked, if somebody is curious about hacking exactly your forums. But this is already a criminal offence - thus miniBB captcha addon provides a workaround even about that...

Author Guest_Rik
Guest
#9 | Posted: 11 Mar 2007 20:14 
Why isn't there a captcha addon for registering?
I do not have any intention to let guests posts but when bots can register without any problem this doesn't make a different.

In experience I've had the most problems with bots registering and not with bots posting spam (as I never let guests posts)
Bots spaming as a members I've already had enough (with phpbb)
If there is already something anti bot registering please let me know.

Author tom322
Registered
#10 | Posted: 11 Mar 2007 20:31 
Why isn't there a captcha addon for registering?
There is: http://www.minibb.com/captcha.html

Author Guest_Rik
Guest
#11 | Posted: 11 Mar 2007 21:15 
So there is no free anti spam solution?
What is the point of having a forum if you are 100% sure that bots will register and post spam?

That the PM plugin is not free I can understand but basic anti spam security should be in a standard install.
If you aren't even basically protected against spam in the free version why would you want to buy extra addons.

Sorry but anti spam protection should be a basic feature in every script.
Not doing this is just helping the enemy and by this you help make the internet a big trash bin where you need to search interesting posts within millions of spam posts.

That's my idea at least.

Author tom322
Registered
#12 | Posted: 11 Mar 2007 22:54 
So there is no free anti spam solution?

You can set it up to require that a new user must click on the confirmation link in the email before he/she can post. You can also manually accept each new user. Bots won't go through this process.

The minibb captcha could also used by other features than registration (could be set up for any forum action so that it's 100% spam proof). And you receive an open source. So I don't think it's just yet another "anti spam protection."

Besides, it costs less than $10... Come on, if the developers were based in the US, it would have costed at least 2-3 times as much. Plus, after the transaction fees the authors receive possibly about $8. Being serious about the project spending $10 for something that has proven to work 100% as advertised is nothing.

Author Paul
Lead Developer
#13 | Posted: 13 Mar 2007 04:52 
Guest_Rik

So there is no free anti spam solution?

I think Anti-Guest addon is the one could help you. miniBB also provides other methods/alogorithms of protection.

Check here:
http://www.minibb.com/forums/12_4434_0.html
http://www.minibb.com/forums/2_3786_0.html

Starting any forums in "opened" mode is a good method. Until they become well-known and nobody spams them, it could mean they are not popular and maybe even useless. So when you feel they are becoming spammed (and that way they are becoming "known") you may invest a bit and continue to promote them.

If you think more deeper why Captcha is not free, you may discover that miniBB just provides the gradual investment plan. You could install the absolutely free software and later won't be able to find a person who will maintain or fix it for you free. You could buy an expensive software which has it all-in-one for the all-in-one huge price, but won't even know why you need this or that feature. With miniBB, you install the basics and pay exactly for what you need.

If you think we could support this project free forever, it's a big mistake. Even if something is free, somebody pays for it.

Also if you think $10 is a big price - welcome to program this addon yourself... it's open source.

Author Guest_Rik
Guest
#14 | Posted: 13 Mar 2007 09:35 
Paul,

first of all I do understand you can't support this project for free forever. And I do not find $10 a lot (it's very cheap to be honest), also the other plugins aren't expensive.

But I do think spam protection should be in the basic packet.
Yes it is good to keep unpopular forums open in the beginning to get more people but nowadays spam bots do not check if your forum is popular. From the moment you have a google PR and your in their list, they will send you spam even if your forum is zero active.

And I can promise you that after your forum is full of spam (200 spamposts in 1 day isn't that creazy) no real person will ever visit your board again. I've had this with a phpBB board that I had put on a site with a starting PR and less than 100 visitors a day.
The forum itself had less than 5 visitors a day and 1 post every 2 or 3 days.
Till I got on a bots list. I hadn't checked the forum for around a month and my surprise was big. All at once I had over 1000 members and a forum full of posts (all spam)
The real members I had all left, and since then the forum is completely dead.

Just to explain that anti spam is important from the first moment you start a forum.

Author tom322
Registered
#15 | Posted: 13 Mar 2007 10:52 
I hadn't checked the forum for around a month and my surprise was big.
I think here lays the gist of the problem. Running a serious forum (or any other website) is at last a part-time job. I cannot imagine to check in to a forum once a month only; there's no ideal forum software that would: review the posts, clean spammy or offensive messages, or automatically create useful posts by itself. Why even create a forum if it's not even interesting for the webmaster to work on it more than once a month...

Page  Page 1 of 2:  1  2  Next » 
Custom Tutorials and Modifications miniBB Support Forums / Custom Tutorials and Modifications / Elegant anti-spam solution Top

Your Reply Click this icon to move up to the quoted message

 Short link for this topic:

 ?
Only registered users are allowed to post here. Please, enter your username/password details upon posting a message, or register first.


Before posting, make sure your message is compliant with our forum posting rules. If not, it may be locked or deleted with no explanation.
 
 
miniBB Support Forums Powered by Forum Software miniBB ® Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contacts
Try the Captcha add-on: protect your miniBB-forums from the automated spam and flood.
Captcha Addon for miniBB