TFBW's Forum

Discuss
It is currently Sat Dec 16, 2017 6:42 pm

All times are UTC




Post new topic Reply to topic  [ 3 posts ] 

Allowing unregistered participation in the forum is a good idea.
Agree emphatically 0%  0%  [ 0 ]
Mostly agree 100%  100%  [ 1 ]
Ambivalent 0%  0%  [ 0 ]
Mostly disagree 0%  0%  [ 0 ]
Disagree emphatically 0%  0%  [ 0 ]
Total votes : 1
Author Message
 Post subject: Making it public
PostPosted: Sat Aug 19, 2006 2:19 pm 
Offline
Your Host

Joined: Mon Jul 10, 2006 6:57 am
Posts: 204
Location: Sydney, Australia
I haven't had any real activity in the forum yet, although I've had to weed out a few junk posts (spam) despite the need to register as a user. Given that the main point of removing anonymous posting is to eliminate spam -- and it's not working 100% -- I'm going to try making all the forums public. This means that you can post new topics or reply to existing ones without registering. There are still benefits to registration, such as the ability to edit your posts and a couple of other nicities, but the strict need to register is abolished for now.

Of course, if it gets seriously abused, I'll remove public posting, and I expect to be harsher on anonymous posts when it comes to judging whether they are on topic or junk. I have to strike a balance between facilitating public discussion and not facilitating web-spam.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Aug 21, 2006 1:46 am 
Offline
Your Host

Joined: Mon Jul 10, 2006 6:57 am
Posts: 204
Location: Sydney, Australia
Well, it's clear that making the forums public does result in an increase in spam. There are forum-spammers with automated scripts for posting their crap on any phpBB forum they can find, and I'm getting a couple such posts a day.

These are relatively easy to spot and weed out, but it means that the forum is in constant need of attention so as not to pollute the web with link-spam. I have a solution for this, but I'm not entirely happy with it. That solution is to disable BBCode, which is the means by which links can be posted in a comment. The spammer-scripts are too stupid to realise that their BBCode won't work, so I still have to weed out the spam by hand, but I've removed whatever benefit the spammers were getting from making the post. The spam is now a mutual waste of their time and mine, rather than a waste of my time to their benefit.

This isn't a pretty solution, however, because phpBB has no concept of BBCode being a security issue. I can't restrict BBCode to registered users, for example. In fact, when I disable BBCode entirely, it still includes BBCode controls in the "post a reply" page, even though it won't work as advertised. This strikes me as really daft. Maybe they have their act together for the upcoming phpBB v3.0, but I'm not counting on it.

At this rate, I'm going to feel like killing the forum before it even has a chance to get started.


Top
 Profile  
 
 Post subject: Under control?
PostPosted: Thu Sep 07, 2006 6:17 pm 
Offline
Your Host

Joined: Mon Jul 10, 2006 6:57 am
Posts: 204
Location: Sydney, Australia
A little more research into the matter of forum spam has been modestly educational. I'm pretty unhappy with phpBB's complete lack of relevant features when it comes to spam combat, but I have been able to perform a couple of hacks at the Apache level which seems to have deflected most of the crap. So far.

There are two major forms of abuse going on here. One is not visible, and is the result of a worm that has been going around, exploiting an old phpBB vulnerability. I get dozens of attempts per day -- from compromised sites running phpBB -- trying to assimilate my forum into the zombie collective. This particular forum has never been vulnerable (it's too new), but I've also worked out an Apache ".htaccess" hack which denies these cretins access. It's not a great hack, but it works, and it's a wonderful thing to not be wasting any CPU time on abusive crap.

The other form of abuse -- the visible one -- is the result of spammers with dedicated software for plastering their junk in every forum they can find. Judging by my Apache logs, these slimebags use botnets -- collections of compromised end-user PCs -- to do their dirty work. This makes banning them piecemeal a useless task. I have still managed to block the most prominent of the activity, however, because the special software they are using has some very conspicuous bugs. I refer to such poorly written junk as "ratware", and this ratware creates a very distinctive spoor in the Apache logs. I have another ugly-but-working hack in place to deny access to this ratware.

It's somewhat satisfying to see the "403 Forbidden" responses roll by in the Apache access log. Now all I need is some actual discussion here.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group