When CAPTCHAs fail - phpBB Drug Spam
As many forum owners quickly discover, there is a reason that most popular forum software allows CAPTCHAs as a requirement for user creation. The image above shows what appears to be an automated tool seeing heavier use recently that posts to phpBB forums. A quick Google search for coreod offers examples of the spam - but the gotcha here is that at least some of the forums that these were posted to use CAPTCHAs, and that many usernames are used.
There are a number of tricks that can help:
- Ask the bot additional questions: "Are you a bot?" or "How did you find out about this forum?" often net responses using the userID that the bot fills forms in with.
- You might also add a hidden form field in the new user form - bots will fill it, users won't.
- Delete users who do not respond to verification email within a reasonable timeframe.
- Use an RBL (Realtime Block List)
- Use user limitation plugins - Russel John's blog has an older post with some good starting ideas. The phpBB support site requires registration, but has a number of posts on the same topic.
2 comments:
How to add an hidden form? thx
About has a good post on the hidden attribute - http://webdesign.about.com/od/htmltags/p/bltags_inputhid.htm
Post a Comment