发新话题
打印

[转载]Modifications for Stopping phpBB Forum Spambots

[转载]Modifications for Stopping phpBB Forum Spambots

文章作者:Bob Allen
原始出处:http://www.net-security.org/article.php?id=988&p=1

phpBB is one of the most popular software products for running online forums. As spammers found forums as a fantastic breeding ground for sending their commercial messages, phpBB admins have a lot of troubles to keep the integrity of their forums. I have been administering a couple of phpBB boards and this is the list of top anti-spambot mods.

I am listing the modifications in an alphabetical order, but I will especially note the ones that offer some value added functionality, as well as those I have more experience with. Because of obvious reasons related to the mods getting updated, I will not link directly to the files, but will use the official pages instead.

Block Open Proxy Registrants

Its main function is to blocks those attempting to register from open proxies. The mod was updated in December of 2005 but some people still use it. Personally I wouldn't use this kind of solution, as relying on predefined lists of proxy addresses is not my game.

Configure Member Profile Required Fields

This mod allow admin to configure which information in member profile is required inside admin control panel. The required field will need to be filled in during registration and upon profile update.

I used this MOD and it worked as a charm, but I should note that the configuration steps could be a bit complicated for an average user. As you are playing with fields, some interaction with the database will be needed.

Disable spambots

This mod uses cryptographic signing techniques to ensure that any comment submissions have occurred from an appropriate comment form (which should stop simple random submission bots), that the form was actually generated for the user who is submitting (stopping clusters of page-scraping spiders), and that at least 5 seconds have passed between the form generation and the submission (stopping bots which fully scrape the page and then immediately submit).

If one of these conditions is not met, the submit operation is turned into a preview, giving human posters another chance to submit.

Textual Confirmation

Textual Confirmation (TC) asks newly registering user a question. If the answer is wrong, TC rejects the registration. Also, TC notifies the forum admin and the community spam database. The administrator can edit the questions and answers in the Administration Panel.

There are two editions of Textual Confirmation: community and business. In the community edition, each time spam registration is rejected, Textual Confirmation sends a notification to the forum administrator and to the community spam notification database. If you don't want to send them copies of the notifications, you must buy a business license.

Registration disable website signature

When a user registers to the forum, the signature sections are hidden. If they enter in anything in the hidden fields they are denied from registration and if you turned the IP ban on, their IP Address is automatically banned.

I might say that his kind of an automatic spambot prevention really works flawlessly. With this kind of a mechanism I am getting just 2-3 spambots per week, which is at least 30 times less than the usual rate. Majority of spambots are filling in the URL and signature fields as this is their purpose, but on this way that will get banned.

Stop Spambot Registration

This mod stops spambots that provide Profile Information during registration in spite of a message saying "leave the Profile Information blank". An e-mail notification will be send every time there was a spambot registration attempt. The e-mail notification can easily be left out if you wish.

This is the actual mod I have been using on 2 of my forums and I can really recommend it. It does the same thing as the previous modification I mentioned, but it gives the admin an opportunity of adding extra text in the registration process to alert its real potential registrants. Besides this, it contains more fields (the whole profile information section) which is much better.
曾几何时,有人对我说:装B遭雷劈。我说:去你妈的。于是,这个人又对我说:如果再说脏话,上帝会惩罚你的。我说:我操上帝。结论:彪悍的人生不需要上帝。

TOP

译文:

标题:阻止phpBB论坛spambots(垃圾软件攻击)的修改方案

phpbb是当今开办网上论坛最流行的软件产品. 当spammers(垃圾工具)把论坛作为一个奇妙的温床,来散布他们的商业讯息, phpbb管理要保持论坛的完整性就会出现很多麻烦. 我曾管理过一些phpBB模板,这是反垃圾攻击的前几名的列表。

我按字母顺序列出了修改方法,但我会特别注意那些提供一些增值功能的以及那些我用过的.由于明显的原因都涉及到了更新的函数,我不会直接连接到文件里,而会使用官方页面代替.

给委托注册加锁

其主要功能是加锁那些企图从公开授权书注册的人。2005年12月函数得到更新,但仍有一些人使用它. 我本人不会用这种办法,因为以预定义名单取代地址,不是我的想法.

配置会员概况必填项

这个函数允许管理者配置会员控制面板中的必填项的信息. 这些需要在注册时和档案更新时填满。

我用过这个MOD函数,很迷人。但是我需要指出的是,配置单个平均用户时步骤可能有点复杂。如同你在其他地方一样,需要和一些数据库相连。

禁用的spambots

这个mod利用加密签字技术,以确保评论意见以一个适当的评论形式(即阻止简单随机提交的机器人)出现,这种形式实际上是为那些提交的用户(停止翻页)产生的,形式产生至少需要5秒钟然后提交(阻止机器人翻页,提交)。

如果这些条件中任何一个不能满足,提交操作变为预览,给人一次机会来提交帖子。

文字确认

文字确认(TC)问新注册用户一个问题. 如果答案是错误的,TC拒绝注册. 同时,TC通知论坛管理者和社区垃圾邮件数据库. 管理员可以在管理事务处编辑问题和答案.

有两个版本的文字确认:社区和商业.在社区版中,每次垃圾软件登记被驳回, 文字确认就对论坛管理员及社区邮件通知数据库发出通知.如果你不想发给他们通知副本,你必须购买一个营业执照.

注册网址禁用签名

当用户注册了论坛,签名路段就被隐藏起来. 如果他们进入隐藏领域,他们就会被剥夺注册了的权利,如果你禁止他们的IP,其IP地址就自动禁用了.

我可以说,他的这种自动防止垃圾工作是非常完美的.有了这种机制,我每星期只有2-3个垃圾软件,至少是低于一般概率的30倍.多数垃圾软件填写URL和签字部分作为他们的目的,但用这种方式就会得到禁止.

停止垃圾注册

本函数阻止垃圾软件在注册时提供档案信息,尽管有消息说,"概况资料空白". 但如果你愿意的话,每次有垃圾工具试图注册时都有一封电子邮件通知将发送给你。

这就是我一直使用在我的2个论坛的函数,真的值得推荐. 它运作我以上提到的修改,但是它也给管理者一个增加额外文字的机会,在注册过程中提醒真正的注册者。除此之外,它包含了更多的领域(整个个人信息部分)就更好了.

TOP

发新话题