PHPBB-The humanizer

KeeKee · 2008-01-30 1:05 am

Hello, I'm still learning about this IP stuff and have enjoyed reading the post here.

I have a question concerning the PHPBB Humanizer mod. Does it really cut out the spammers or is it sort of as useless as the captcha in your opinions?

The one mod I have that I need to remove from my boards is the weather mod since it no longer works (phpbb2) However it has been a great mod for spotting spammers as they almost always fill the field out with 123456, If I knew programming better I would find a way to leave that field in the registration.
I can look at a php code and have an idea if colons and such are missing or out of place but that is the extent of it at this point.

Anyway will stop jabbering so the question don't get lost

Captain Red · 2008-01-31 4:24 am

Off the top: I don't know how well it works. This thread is where I default to when I want to know about phpbb anti-spam mods. There's a few paragraphs in there that I'll quote for ya here, though:

What bots can't do is rational thinking. People do this extremely well and that's the key to stopping bots. The most straightforward way to implement this is to ask a question that requires thinking to answer. What is the color of milk?, for instance, is a simple question that's easy to answer for a person; impossible for a bot unless it's already had the question/answer combination programmed into it. Not only that, but unlike CAPTCHAs that rely on pattern recognition, blind and visually impaired people can solve these challenges.
The best implementation of this will ask a question, chosen at random, from a pool of questions written by each forum administrator. This way the possible question/answer combinations are endless and getting past them by bots would require more time and effort than simply having a person manually register and post to each forum, so they should be effective for quite some time to come. A lesser implementation will ask the same question each time. If a spammer grabs that question and associates it to your site they will be able to return and register or post as often as they want until you change the question. Although it may be unlikely they will do that, it is still a possibility. Any questions written should be answered by something other than yes or no as programming a bot to supply either as an answer for any unknown question will be successful half the time when encountering a question with those possibilities as an answer.
Mods that implement this type of challenge are Anti Bot Question (the one I use), Textural Confirmation, Security Question (asks only a single, unchanging question), Registration Auth Code (RAC) (asks only a single, unchanging question) and The Humanizer (not recommended because it asks a single, unchanging question with a yes or no answer). Adding one of the first two mods on the list will give you the best shield against bots; the Security Question and RAC mods somewhat less because of the single question, but one of these four is the minimum that's needed to stop the onslaught of spam, however you may wish to spend a few minutes more and make the spammers job harder and less rewarding.

As it says, yes or no questions can be solved blindly with fifty percent accuracy... so that's one strike. Another might come from the popularity of the mod, if it is popular.(the more places the mod is run, the more incentive there is for it to be cracked by spammers)

The best idea, if you can pull it off(either by yourself or borrowing someone's expertise), is to build something unique to your site. If yours is a larger forum, this will work better and last longer than just about anything you can find pre-built, and if it's a smaller one, it might be that nobody ever expends the effort to crack it.

susato · 2008-01-31 1:33 pm

KeeKee - see Russ's posts here about "commenting out" the html display of certain registration fields.

Most bots detect and fill in registration fields without checking whether normal people can see them, so if a registrant fills out a field invisible to humans, it must be a bot.

This may be one way for you to use the weather mod.

Russ · 2008-01-31 4:36 pm

I did notice yesterday a couple of spammers successfully registered on one of my forums. That means they got past the "fake registration fields in the comment" trick.

Whether they were just human spammers who signed up or a new kind of evolved spambot I am not sure.

KeeKee · 2008-01-31 8:18 pm

Thank you for the replies and link. I had when installing mods read almost all of that spam thread stuff but I think to someone new to coding it can get confusing when you read that it works but you need to modify this and that of the code.
The gentleman helping me learn moding the boards insist on me using easymod which I guess is good for beginners because you can see before and after and learn.
I have a couple of the auto ban mods installed memberlist hidden and such but am looking for a way to lock things down a little tighter before concentrating on trying to draw people to the boards.

yannick · 2008-02-01 10:04 am

Russ wrote:

I did notice yesterday a couple of spammers successfully registered on one of my forums. That means they got past the "fake registration fields in the comment" trick.
Whether they were just human spammers who signed up or a new kind of evolved spambot I am not sure.

or it were real users. Smurf and myself signed up here and were directly added as a spammer...maybe we missed something but I don't know.

Russ · 2008-02-01 2:36 pm

That was because I screwed up and forgot to re-comment the extra fields on the signup page.

Captain Red · 2008-02-03 1:32 am

Russ wrote:

I did notice yesterday a couple of spammers successfully registered on one of my forums. That means they got past the "fake registration fields in the comment" trick.
Whether they were just human spammers who signed up or a new kind of evolved spambot I am not sure.

Might be a borg thing: humans breaking through countermeasures for bots.(or there might be some bots ignoring commented fields now) The former option is less bothersome, to me, than the latter for some reason.

Itchy · 2008-02-13 9:33 pm

Lo all just a quick message to say....... now at last im spam free

i put up a forum a year or so ago didnt do nothing to it just left it on admin approve member when i came back a week or so ago id found my old forum had 3000+ members 2990+ odd where yes youve guessed it spam

so i went to war 1st id check logs to see who had signed up going straight to the registar page so id ban the ip they'll come back so id ban the whole ip address block ... they came back so i blocked the whole country ha ...... some of em came back in the end i ended up banning half the world and got rid of 90% of spam but theres still the od one getting through and i was find through looking at the logs that some people who had found the site via search engines where getting blocked so i went on a mission and the out come is my forum spam free the spammers spammer in the bin ..... now heres what i did....

i installed Links Rejector 1.2.1 , Anti-spam ACP and TextualConfirmation-1.0.1 all can be downloaded from phpbbhacks

links rejector allows you to set guest posting and no guest will be able to post a link or email address if they do an email is sent to the forum admin with details of what was trying to be posted.

Anti-spam ACP hides the website box and signature box etc from sign up profile any autosubbmission bots that try to add info to one of the missing boxes an email is sent to admin with details etc - you can also set post limits as to when they will appear for a user

TextualConfirmation adds a question box so everyone who signs up has to answer a question these are set in the ACP

All these mods send you the spammers ip address etc so ban that
the TextualConfirmation and Links Rejector are by the same person you can stop the email being sent by changing th email address in side the .php files you upload. by installing these mods ive unbanned the world via htacess
now its been a little while since ive installed these mods and not one bit of spam has got through

but a human spammer could get through providing the could read english and work out the question :0)

so if you want to stop auto spam install the above and laugh at them spammers

so if you want to try it out for your selfs a forum is www. thephoneforum .co.uk feel free to try and spam but if you try and guest spam atleast type something in the message box like
OI ITCHY IM TRYING IT OUT SO DONT BAN ME PLEASE MISTER I ANIT NO SPAMMER!!
and use a user name like
stopforumspam
and then i should pick you out

List of all IP the above mods have picked up as spam from 2 forums im running no doubt some if not all will be on your list

Current IP addresses being blocked
72.90.73.3
124.217.253.6
74.200.80.101
89.106.23.15
124.217.252.193
217.11.233.207
90.156.169.224
80.236.31.49
84.19.178.147
66.199.231.218
64.28.183.180
64.28.185.77
64.28.185.78
64.28.185.
64.28.176.0/20
81.0.195.237
64.28.181.28
64.28.181.29
64.28.181.
64.28.185.76
64.28.
89.156.156.245
125.242.37.101
80.154.39.102
218.56.97.177
85.114.130.205
89.0.23.225
91.122.152.76
87.118.70.8
85.140.39.12
66.45.233.77
85.114.133.77
85.114.
195.2.114.31
192.116.45.29
91.199.112.8
124.161.4.35
78.37.150.99
4.156.150.151
77.91.227.179
72.36.132.226
59.52.254.223
62.96.106.202
61.61.132.129
81.88.112.0/21
87.99.64.0/19
195.2.114.0/27
91.139.151.132
67.86.236.146
66.54.0.0/18
85.29.204.193
87.118.98.122
62.50.162.154
89.0.170.123
84.19.188.30
222.221.6.144
90.231.145.122
71.85.207.69
24.184.222.48
24.21.211.181
91.77.92.10
80.154.33.240
76.90.237.252
190.225.8.22
216.80.124.225
72.232.204.218
202.84.17.42
220.160.127.221
69.177.95.240
89.149.254.13
211.142.116.205
85.255.118.12
85.255.120.202
72.178.155.242
69.217.73.52
69.115.242.83
70.161.245.253
66.230.230.230
212.142.143.116
82.115.76.37
24.205.59.248
87.118.118.254
165.194.114.99
194.204.24.64
82.207.115.117
69.124.141.141
72.9.109.250
84.25.24.252
87.118.116.175
64.15.129.25
38.100.41.105
201.248.88.130
123.232.108.98
216.32.70.162
75.125.0.130

Last edited by Itchy (2008-02-13 9:54 pm)

johnnaasdotcom · 2008-02-17 3:48 pm

Textual confirmation is where its at. I installed it on my forum and over 200 spambot attempts later, not one has gotten through! Its changed the way I manage my forum for sure.....

Itchy · 2008-02-23 1:31 pm

johnnaasdotcom wrote:

Textual confirmation is where its at. I installed it on my forum and over 200 spambot attempts later, not one has gotten through! Its changed the way I manage my forum for sure.....

add this and you wont even see a auto spammer

http://www.stopforumspam.com/forum/t58- … hash_0.1.0

running 2 forums both have Textual confirmation one has unique_registration_hash_0.1.0 the one with hasnt had one auto spammer get through to the sign up page let along submitting it where as the other still getting sign ups but their not being allowed in as they didnt answer the question. Depending on what version of Textual confirmation you got you can stop the emails from being sent by removing the email address in the .php file ;0) although i dont know why he still whats the emails as hes not doing anything with them.

Since my last posting added these ip's to my spammers list all ips list are either failed Textual confirmation spammers or guest spammers (check out link guard i think its called that by the writer of Textual confirmation) allows guest posting to be on but any spam contact info doesnt get added but allows you to black list em ;0).
Another thing ive learnt in my battle against spam is to look at your web logs when you get an email telling you of a spammers ip address look for this address in your logs take note of the Agent then look at the agent entry that was before the ip you just looked up most of the time im finding another 2 or 3 IP address that they have used to check if the register page is available if it is they swap IP's then try to join up so they get banned as well, you will then start to see a pattern where as your get lots of 403 errors(access denied) and you its genrally the same person going through thier list of ip address untill they get one that returns the 200 code and then they change IP address again and try to sign up which is good because you can then add those new IP's to ya list and it starts all over again but its taking them a long time to try and find an ip thats not on the list .. id also recommend adding the ban list from this site and then they really have got problems trying to get through all that spam prevention.

193.238.213.70
200.27.116.188
72.232.162.34
69.140.101.144
71.83.208.76
202.176.209.69
60.213.44.108
24.47.182.13
68.48.135.51
222.173.183.150
222.161.2.70
58.238.11.29
74.53.244.130
83.3.45.77
66.114.226.44
68.61.185.77
83.237.197.65
24.78.183.83
80.154.39.154
67.188.101.155
218.57.11.112
221.233.194.61
210.124.122.136
70.245.66.35
211.116.254.203
207.112.57.134
212.12.176.202
89.28.3.241
60.190.79.24
87.116.173.219
72.9.109.251
66.225.230.57
212.175.105.8
77.232.68.17
83.213.206.165
84.108.126.49
217.65.12.4
211.202.2.64
67.84.122.201
87.174.48.20
67.160.28.115
82.127.58.180
79.120.192.211
69.80.227.79
65.78.79.71
211.99.222.19
66.125.60.156
89.18.176.98
125.47.41.166
200.242.95.121
89.0.11.69
85.140.248.148
67.164.39.84
61.240.128.88
61.136.63.125
87.17.180.188
69.145.161.136
221.226.124.171
68.38.120.8
76.103.249.0
85.140.248.84
219.175.12.92
70.120.235.190
210.49.128.179
87.118.122.24
65.191.126.97
75.143.184.121
68.49.109.97
81.88.121.30
194.176.118.41
90.156.169.229
87.7.126.16
221.12.147.80
219.148.206.3
195.132.196.180
149.67.177.157
67.185.154.32
193.238.213.69
71.16.119.214
69.149.75.153
222.161.2.80
24.21.160.103
82.224.211.76
85.255.121.202
85.140.183.53
75.53.1.246
76.193.177.245
89.0.41.16
68.191.242.67
24.129.196.68
70.255.201.241
64.148.189.237
76.110.131.6
89.0.20.177
69.212.33.148
195.229.242.154
212.76.228.191
88.76.33.196
62.117.142.68
58.56.87.2
195.250.155.54
195.250.155.53
192.35.30.0/23
192.35.32.0/22
192.35.36.0/24
200.249.65.130
210.99.208.40
89.0.62.248
98.212.52.159
91.168.16.89
85.140.182.93
85.68.249.189
77.41.109.216
75.109.99.127
90.156.169.227
202.218.144.1
189.47.141.3
221.206.91.189
212.20.96.24
81.65.248.244
74.53.244.133
85.179.21.71
71.241.179.229
61.243.163.247
222.77.84.6
202.115.130.23
221.1.217.91
89.0.207.184
89.0.0.0/15
82.224.147.88
222.170.150.18
211.117.62.81
69.145.241.221
76.169.139.121
212.27.48.0/24
87.118.116.147
201.236.8.200
201.243.73.149
24.214.183.83
69.92.61.119
70.124.19.132
81.202.15.247
69.242.34.56
72.225.17.111
213.89.42.141
78.107.197.113
66.55.128.0/19
74.76.221.64
61.35.100.131
219.131.187.22
200.171.139.199
189.4.242.131
208.75.88.34
211.144.214.130
83.237.197.210
219.136.230.60
92.113.131.178
69.19.14.33
189.5.37.190
69.253.225.241
203.29.67.73
71.80.223.201

saintsteven · 2008-03-06 6:25 am

Two other excellent phpBB mods are:

Anti-Spam ACP by EXreaction

and

http:BL distributed by Project Honey Pot

the123king · 2008-03-23 9:24 pm

saintsteven wrote:

Two other excellent phpBB mods are:
Anti-Spam ACP by EXreaction
and
http:BL distributed by Project Honey Pot

I do ahve to admit that Anti-Spam control panel is one of the best MODs i've seen for getting rid of spam. I'm going to install the anti-bot question MOD to catch those (plentiful...) bot's that have got through the anti-spam ACP.

Russ · 2008-03-30 3:29 am

Speaking of mods for phpBB, I'd love to create on that modifies the registration to check detail against the list here via the API. I don't know how to create one though.

the123king · 2008-04-07 7:10 pm

Russ wrote:

Speaking of mods for phpBB, I'd love to create on that modifies the registration to check detail against the list here via the API. I don't know how to create one though.

Seeing as i've taken over development of the Anti-Spam ACP, i'm going to attempt to combine the API (Or the MySql queries) with a new panel which would add an internal spammers database, updateable from here

#1 2008-01-30 1:05 am

PHPBB-The humanizer

#2 2008-01-31 4:24 am

Re: PHPBB-The humanizer

#3 2008-01-31 1:33 pm

Re: PHPBB-The humanizer

#4 2008-01-31 4:36 pm

Re: PHPBB-The humanizer

#5 2008-01-31 8:18 pm

Re: PHPBB-The humanizer

#6 2008-02-01 10:04 am

Re: PHPBB-The humanizer

#7 2008-02-01 2:36 pm

Re: PHPBB-The humanizer

#8 2008-02-03 1:32 am

Re: PHPBB-The humanizer

#9 2008-02-13 9:33 pm

Re: PHPBB-The humanizer

#10 2008-02-17 3:48 pm

Re: PHPBB-The humanizer

#11 2008-02-23 1:31 pm

Re: PHPBB-The humanizer

#12 2008-03-06 6:25 am

Re: PHPBB-The humanizer

#13 2008-03-23 9:24 pm

Re: PHPBB-The humanizer

#14 2008-03-30 3:29 am

Re: PHPBB-The humanizer

#15 2008-04-07 7:10 pm

Re: PHPBB-The humanizer

Board footer