Spamming of PHP forums
 

I am experiencing a sudden spate of 'spam' attempts at registration on two PHPBB3 forums I run, one 'private' and one 'public'. The support forums indicate this is an increasing phenomenen. Most of the registrations seem to originate on Russian servers.

Obvious steps have been taken to 'repel boarders' but this is a heads up for anyone else using the system. A normal graphic 'captcha' does not seem to be stopping it and currently a mathematical one is - I guess we are looking at 'humans' with poor mathematical skills?:D

I can say from experience that there seems to be a small army of real people based somewhere in China who seem to spend all day trying to register logons with the express intent of spamming.

Tell me about it!

Captcha doesn't work in its "normal" form. What did work for a couple of years was a non-standard polkadot "type what you see" - a bit like the Ishihara plates. They've now sussed that.

What I've done now is to add a couple of non-standard fields to the registration screen (easy to do via the ACP) and made them mandatory. That seems to slow down the rate of spam registration. If the entries in those fields aren't valid, I know to delete the account forthwith. I still have to look at them, though.

I also ban any IP range that offends - initially the first two blocks (eg 92.138.*.*) but eventually just the first block if it continues. I seem to have banned Russia and China pretty much in total, but that technique doesn't work well with botnets.

There's mounds of stuff about this on the phpBB Forum.

I'm also getting far more spam into the Spamcop junkbox these past few weeks - it's up to 12 an hour during the Russian daytime now. The daft thing is that it's the same half dozen spams most of the time. That plonker advertising for west-europe-consulting must write to his victims every half hour.

This week (well, from Thursday last week) there's been a big rise in spam. I suspect a new botnet's gone live.

Incidentally, that west europe consulting is more like every half millisecond.

My Hotmail address which I use for when I do not want to use my relatively clean main address has seen a massive rise in the spam I usually get. Like close to ten new spam e-mails an hour. All the links in the e-mails end in .ru

I thought it was just me. Spam is the scourge of the internet.

My "private" e-mail address gets two or three e-mails a day from friends and the like.

If the numbers I noted on my pad are right, in the last 23 days I've received 3,779 spams. That's 165 a day or 98% of all incoming e-mail. I would guess that ratio isn't far different from the general population of non-spamming internet users.

Disconnecting Russia, China and Nigeria from the internet would probably reduce that dramatically.

Those figures rather put hotmail misidentifying spam into perspective.

Don't they ever! They show how much of a problem it is when one good e-mail is misdirected in among several hundred spams. Spamcop gets about one wrong in three months despite those ^ numbers.

It's not people and it's not just China. It's just one of the botnets.

Here's the figures from my Barracuda spam appliance, protecting 516 users so far. Sorry about the formatting, there are 3 columns of numbers. That should put things more into perspective about the fight against spam (the "total" figure is the total of emails kept in the rolling logs):

Email Statistics [inbound]

Total Day Hour
Blocked 41,430,639 5,925 329
Blocked: Virus 29,524 2 0
Rate Controlled 2,106,738 5,682 9
Quarantined 1,050 0 0
Allowed: Tagged 161,514 47 3
Allowed 4,042,383 2,078 213
Total Received 47,771,848 13,734 554

An update on spamming of PHP forums (ie the thread!..................)

Since implementing a 'simple maths registration captcha' mod on 19/2 I have not had a single 'spam' registration. (Yet...)

They do help ... but have you checked (by trying to register in a new name) if it's blocking everything, even legit attempts to register?

No - it's working just fine, but a good thought! (What else from a 'rev'?:))