Is someone E-mail spamming through my phpBB forum?

Forum Moderators: rogerd

Message Too Old, No Replies

Is someone E-mail spamming through my phpBB forum?

Or are they just spoofing the E-mail address

androidtech

11:02 am on Jun 26, 2007 (gmt 0)

About once or twice a year I get a batch of "spam rejected" E-mails from the E-mail server of a particular domain. The domain changes every time but the rejection E-mails are always sent to the forum administrator's E-mail address on my main phpBB2 forum. Attached to the rejection E-mail is the rejected E-mail which is always some standard spam junk like pharmacy or some other annoying topic.

My concern is that some spammer or another has found a way to jack in to the mail server on my host and is actually sending out E-mail through there. Or, are they simply spoofing their own E-mail address by substituting it with my forum administrator's E-mail?

Can anyone share some information they may have on this topic or offer a solution? It only happens on one of the forums I maintain and on only one domain. The other forums I maintain are all on different domains. Sadly it's the most popular one which has also been the hardest hit by member profile link spammers.

Thanks.

Kurgano

6:51 pm on Jun 27, 2007 (gmt 0)

It sounds like a bot is scraping the email addresses from member posts and/or profiles and altering the header info to match your forums. Worst part is that if members block the spam they block your forum too.

If you're up to date (2.0.22) I highly doubt someone has hacked your board and is using your mass email straight out of the admin area.

There is an easy fix. In your admin panel, turn the "email through this board" option to "yes". That sounds backwards I know but what happens is that when switched to yes the member email addresses become hidden to members and bots. In its place you will see some php code and a member number which is useless to bots.

androidtech

3:18 pm on Jun 28, 2007 (gmt 0)

Kurgano,

Thanks! It's amazing that no one has done a big report or news piece on how spammers are bitterly affecting forums and their administrators. This includes users too. On more than one occasion, I've run into CAPTCHA checks so hard to read it's taken me more than 3 times to enter the verification string in correctly, and sometimes with a good bit of swearing. On the administrator side, I used to run a few more forums than I do now, but dealing with the spammers just made it impossible to sustain them.

thecoalman

7:24 am on Jul 1, 2007 (gmt 0)

You can't sit back, you have to fight back and image captchas aren't the answer IMO. I seen some examples if I remember correctly which were posted on Stanford's site where they had a bot that was having a 30% success rate on images that were so convoluted that I doubt humans would have that much success.

Look up the anti bot question mod in phpbb's mod section. 0 bot registrations in something like 8 months. Simple, accessible and very affective.

Another mod I have doesn't allow new registrants to add a website or signature until 10 posts which I'm guessing has kept the human spammers away since I haven't had any of them either. This particular mod also bans the IP of any registrant that submits the website field, it's no longer visible to humans and since bots have the forms pre-filled they always have the website field filled.

Layers of protection is the key and since there is so many mods available for phpbb for combating this each site can actually prevent unique challenges to a bot which stops them cold. The question though is all you need, I've even disabled the captcha because it's useless anyway.