miniBB ® 

miniBB

®
Support Forums
  
 | Start | Register | Search | Statistics | File Bank | Manual |
News miniBB Support Forums / News /  
 

miniBB 3.0.3 is up: fighting profile spammers and fixing minor bugs

 
Author Paul
Lead Developer 
#1 | Posted: 19 Sep 2013 16:16 
At first, this release should be important for those who tired of massive spam registrations, which can't be avoided even if Captcha module is installed, or some other protection tool (China still has lots of 1-buck workers to complete this manually). Spammers usually have registered insignificant accounts, but having Website field provided, or even other Profile-related fields filled in with URL-values.

Despite these URLs are active only for logged members, and inactive for guests and search engines, this version of miniBB provides a solution to avoid this behavior. We still support the Website field, considering it is important for "normal" posters who will get some "profit" from their useful postings; but the solution doesn't allow to fill this field in, until a member has been made more than '$allowHyperlinksProfile' posts on forum. '$allowHyperlinksProfile' can be defined differently, or it is equal to '$allowHyperlinks' value by default.

The approach works that way:

1) when registering an account, it's not possible to provide Website field's value; and if it has been provided, the script will not allow to register an account;

2) when editing the Profile, it will be possible to provide the value for the Website field only having at least '$allowHyperlinksProfile' total posts made on forum;

3) if member's topic or message has been deleted, and now this member has less than '$allowHyperlinksProfile' of total posts, the Website field will be nulled automatically (so the spammer has no chances to keep this link after his bulk postings were deleted);

4) There is a basic function coded to protect other text-type fields of the Profile to not have possible to insert 'http', 'www' or 2-4 letter char followed after dot (single domain).

This solution came from the suggestional thread of one of our members: and it has been proved to work on miniBB forums for about two weeks - now it seems I'm truly happy with it, because it also stopped bulk registrations for miniBB forum.

Other minor updates of this release include few non-critical bugfixes and polishing updates. Follow Updates History for details (check below the file, as usually).

Make a backup of your database and files before upgrading!
And feel free to provide reports and comments in this thread.

Hopefully you all will feel safe with this release (like me) ;)
Enjoy miniBB.

Author boteha
Partaker
#2 | Posted: 22 Sep 2013 12:09 
Hello,

I have an od version of miniBB. My forum - http://www.touslescables.com/bb/index.php

Is-it possible to have your new fighting profile spammers on it ?

Can you do it for me and for how much ?

Regards.

Author Paul
Lead Developer 
#3 | Posted: 23 Sep 2013 09:29 
Hello,
It seems You just need to upgrade your version completely. That one you are having, seems to be too outdated and besides of the current feature, may have lots of other holes to fix. Refer to our upgrading rates and services, contact us privately (sorry but this thread is not for private cases discussions). Surely the upgrade could be done keeping your layout and the database.
Cheers.

Author marsbar
Associated Member
#4 | Posted: 9 Oct 2013 01:03 
Hi Paul,

Many thanks for the timely release of miniBB 3.0.3--it looks just like the upgrade my miniBB needs! :-D

Yes, finally, in the last couple of weeks the spammers--predominantly from networks in China--have found my installation of miniBB. :-( Unlike previous spammers who would drive by and flood the pre-moderation queue with rubbish, this latest wave of spammers are "silent"; i.e., they register solely to advertise a web site address in the website field, and never post. And since the website field in my miniBB's registration form has long been commented out, the spammers probably have been registering through direct submission (action=register) method, as you recently deduced.

Paul:
1) when registering an account, it's not possible to provide Website field's value; and if it has been provided, the script will not allow to register an account;

2) when editing the Profile, it will be possible to provide the value for the Website field only having at least '$allowHyperlinksProfile' total posts made on forum;

3) if member's topic or message has been deleted, and now this member has less than '$allowHyperlinksProfile' of total posts, the Website field will be nulled automatically (so the spammer has no chances to keep this link after his bulk postings were deleted);

4) There is a basic function coded to protect other text-type fields of the Profile to not have possible to insert 'http', 'www' or 2-4 letter char followed after dot (single domain).
Very clever.

Paul, am I right in thinking that the above will work if I have not disabled the website field at the script and database level? I have only commented out the website field from the registration web form template.

With best wishes and thanks -
marsbar

Author Paul
Lead Developer 
#5 | Posted: 9 Oct 2013 09:20 
marsbar
Yes, it should work. Actually, you may check it out - even if Website field is on form (it should be surrounded by the proper <!--WEBSITE-->...<!--/WEBSITE--> flags), then it's removed on registration; and if the registration form is being submitted 'with' this field filled in (direct submission), then it's denied to post. This field becomes visible only when a user has the proper amount of posts on the board.

Well, it seems this feature is still only for live forums and doesn't take Premoderation add-on in attention, I may work it out later after this feature is rolled out.

Author marsbar
Associated Member
#6 | Posted: 9 Oct 2013 13:34 
Thanks for your prompt reply, Paul.

So, what you are saying is that your new solution should work in the following situations:

a) if the website field is removed from the HTML of the registration form.
or
b) if the website field remains the HTML of the registration form (i.e., no change to default miniBB template for registering new users).
or
c) if the web site field is removed at the core script level and removed from the backend database.

Another related question, for my own learning:
removing the website field from the HTML of the registration form is only effective against profile spam accounts created via the "normal" registration method (action=registernew), correct?

With thanks,
marsbar

Author Paul
Lead Developer 
#7 | Posted: 9 Oct 2013 14:38 
marsbar:
b) if the website field remains the HTML of the registration form (i.e., no change to default miniBB template for registering new users).
This is the proper one, regarding the newest release of miniBB i.e. 3.0.3.
You don't have to remove this form, it should be surrounded by <!--WEBSITE-->...<!--/WEBSITE-->, the script will do the rest.

Removing the website field completely is your custom modification and that means, regular/useful members will not be able to put it on form even if they would like to promote their resource instead of giving your forum useful replies. I think that's the worst approach, I'm considering this field as very important in terms of qualified content on forum.

Removing this field actually doesn't mean that the spam accounts will lower in creation. But it will cut off those accounts wanting to bump just their Website and nothing else. Actually, there are no strict tools against spam or false accounts at all; may be then there would be only needed a premoderation on accounts themselves, not just postings; but this feature is currently not available in Premoderation add-on; you may use "Profiles verification" add-on instead (it's free).

News miniBB Support Forums / News /
 miniBB 3.0.3 is up: fighting profile spammers and fixing minor bugs
 Share Topic's Link

Your Reply Click this icon to move up to the quoted message


  ?
Post as a Guest, leaving the Password field blank. You could also enter a Guest name, if it's not taken by a member yet. Sign-in and post at once, or just sign-in, bypassing the message's text.


Before posting, make sure your message is compliant with forum rules; otherwise it could be locked or removed with no explanation.

 

 
miniBB Support Forums Powered by Forum Software miniBB ® Home  Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contact Us
Proceed with the Captcha add-on: protect your miniBB-forums from the automated spam and flood.


  ⇑