Spring Forums Hit by Registration Spam Bot

Posted on September 25th, 2004 in General, Spring, Software, Tech.

Filed under the “I feel like screaming” category… While I was away (of course it had to happen then) for a couple of weeks in Romania and had dial-up access at best, some porn spam robot started hitting the Spring forums (which run on phpBB), and registering bogus users, at the rate of several per hour. Now the forums require email acknowledgement to activate new users, so the bogus users are not live. However their profiles are visible for anybody to see, including search engines like Google, which I guess this is really targetted at, since the bogus user profiles in their ‘web site’ field have links to porn sites.

With a few hours of searching and setup I added a confirmation number (shown as an image, or ‘CAPTCHA’) on the signup page, but I still have to manually kill a large number of user entries, and it wouldn’t surprise me if the bots gets smarter in the future to get around these confirmation images. As somebody pointed out to me, as shown here, it’s not that hard for a computer to read these CAPTCHAs.

 

5 responses

  1. Anonymous says:

    Added on September 25th, 2004 at 12:49 pm

    the best way of handling this is probably to use a mail filtering tool (eg: spam assassin) and apply it’s filtering to every entry before posting.. if the ’spamminess’ level is too high, then require a moderator’s approval.

  2. Colin Sampaleanu says:

    Added on September 25th, 2004 at 1:18 pm

    Well the spambot was not actually posting forum entries, since the user accounts never got activated. It was just creating bogus accounts, but these accounts had spam in them in the ‘web site’ field phpBB allows you to define in your profile (which anybody can view).

    The next version of phpBB will have the confirmation code capability built-in, along with a number of other features, in any case, but it’s a ways off.

  3. Gabriel Mihalache says:

    Added on September 25th, 2004 at 3:20 pm

    I remember when Jive (of JiveSoftware.com) used to be free! Those were the days! Maybe you can get a license from them, for being such a high profile open source project…

  4. Peter Veentjer says:

    Added on May 10th, 2006 at 8:14 am

    Just as annoying is spam at webblogs. I get one a day (not that much but annoying). I check all replies on my blog manually so no spam is getting through.

  5. 191576@mail.muni.cz says:

    Added on April 11th, 2007 at 12:13 pm

    confirmation code capability built-in sounds ok.

Leave a Reply