homepage Welcome to WebmasterWorld Guest from 54.146.190.193
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / WebmasterWorld / Community Building and User Generated Content
Forum Library, Charter, Moderators: rogerd

Community Building and User Generated Content Forum

    
Captcha monkeys thwarted, finally!
My best anti-forum spam measure yet
nathanso

5+ Year Member



 
Msg#: 3296036 posted 6:17 am on Mar 29, 2007 (gmt 0)

Exactly a year ago I implemented a captcha test on my forum sites. Comment spam plummeted with the exception of one type that I attribute to boiler-room captcha monkeys.. people who are presented with pre-filled forum post form after pre-filled forum post form with their sole job being to type in the captcha and click the Post button (no, I don't think my captchas are being programatically hacked).

So the monkeys were succeeding in posting 5-10 link filled comment spams -- despite my site adding rel=nofollow into every anchor tag for longer than my captcha test has been in effect -- per day. Many were objectionable porn-related sites and link keywords.

My latest countermeasure: Link URL blocking. I wrote a function that pulls the link domain name from a selected post (via my admin screens) and then saves them to a table. Any subsequent post that contains that domain name is simply ignored. So far it has been amazingly effective!

 

rogerd

WebmasterWorld Administrator rogerd us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3296036 posted 2:32 pm on Mar 29, 2007 (gmt 0)

Sounds great, nathanso. Perhaps you should publish it as a hack for your forum software.

nathanso

5+ Year Member



 
Msg#: 3296036 posted 7:51 pm on Mar 29, 2007 (gmt 0)

rogerd, I don't sell forum software; I was simply trying to share a technique.

Beagle

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3296036 posted 10:27 pm on Mar 29, 2007 (gmt 0)

nathanso - I think that's what rogerd meant. The function you wrote is probably specifically geared toward the forum program you use. Most types of software have user forums where you can post [publish] techniques like that for others to use. (Unless maybe you made your forum from scratch.)

nathanso

5+ Year Member



 
Msg#: 3296036 posted 1:32 am on Mar 30, 2007 (gmt 0)

Beagle, Yup.. I made mine from scratch in IIS/ASP. Been running 10yrs now. Not the flashiest forums on the Web but they have a certain charm that my members seem to appreciate.

MThiessen

10+ Year Member



 
Msg#: 3296036 posted 5:35 pm on Apr 1, 2007 (gmt 0)

I don't think my captchas are being programatically hacked

Don't be so sure about that. Most captcha monkeys are "script" monkeys.

OCR reading is getting better, vbulletin AND phpbb captcha is routinely defeated with scripts out of the box...

Now, adding a humanizer question to the log in process (lots of hacks for boards do this) like: The sky is ____ (type the word blue)

The questions are easy and RANDOM. There is no scripting defeat for this so far.

I implemented the above when spammers were starting to filter through my captcha and it ended it stone cold dead.

I used to think like you, that these few that got through were manual entries, but they are not.

Spammers are inhertantly lazy. They will not lift a finger if a script will do the job. Your site to much hassle to script? They just forget you and move on. Their concern is to target and succeed with getting into the MAJORITY of the boards.

Blocking URLs is also a very good idea, congrats. The safest board from spammers are the boards that use multiple security measures. Combining captcha, humanizing questions and your URL hack will likely make your board spam free for many many years.

nathanso

5+ Year Member



 
Msg#: 3296036 posted 11:37 pm on Apr 13, 2007 (gmt 0)

MThiessen, Thanks very much for sharing your experience! I'll make some changes to my sites along those lines.

callivert

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3296036 posted 8:13 pm on Apr 14, 2007 (gmt 0)

how do you do a human-edited question in a php board? Do I have to actually hack the code that runs the board, or is there a nice plug-in somewhere?

PeteM

10+ Year Member



 
Msg#: 3296036 posted 10:13 pm on Apr 17, 2007 (gmt 0)

For phpBB search phpBB.com for "VIP Mod". This mod allows you to ask an additonal question on registration (the answer to which can be anywhere on your site). It took me about 10 mins to install and has eliminated all spam on my board.

Pete

[edited by: PeteM at 10:14 pm (utc) on April 17, 2007]

MThiessen

10+ Year Member



 
Msg#: 3296036 posted 2:41 pm on Apr 19, 2007 (gmt 0)

For phpBB search phpBB.com for "VIP Mod". This mod allows you to ask an additonal question on registration (the answer to which can be anywhere on your site). It took me about 10 mins to install and has eliminated all spam on my board.

There is also one for phpbb called "The Humanizer" and there is a free one too for Vbulletin called "Nospam!" they both do it.

callivert

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3296036 posted 4:47 pm on Apr 19, 2007 (gmt 0)

brilliant! Thanks for this info, people.

aspect

5+ Year Member



 
Msg#: 3296036 posted 8:42 am on May 1, 2007 (gmt 0)

I installed "The Humanizer" about a week ago, the amount of spam I got went up three-fold. It actually seemed to attract them! And they type of spam was far more sophisticated too... if my forum wasn't so new and with so few post, it would be far harder to spot.

Instead of user names like "dg749937" there are usernames like "Kathy_Sullivan".
Instead of Titles like "Buy Cheap Pills Here!", Titles like, "Hello www.my-forum-name.com, I'm new here!"

Mesage body would read something like:

"Hello, My name is Kathy and I'm a stay at home mum. I'm so glad I found www.my-forum-name.com and have had a lot of fun reading all the posts."

Individual letters within the post body link to about a dozen spam sites.

No doubt about it, spam is getting smarter.

MThiessen

10+ Year Member



 
Msg#: 3296036 posted 2:55 pm on May 1, 2007 (gmt 0)

"I installed "The Humanizer" "

Trick is use it WITH captcha, not instead of. I find it hard to believe that adding yet another road block for them "increases" their activity, it defies logic and common sense. It may be that you recently got a tremendous surge in traffic and this is just a coincidence.

MThiessen

10+ Year Member



 
Msg#: 3296036 posted 2:56 pm on May 1, 2007 (gmt 0)

one more thing, DO NOT use the humanizer questions stock out of the box, think up your own.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Community Building and User Generated Content
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved