Dungeon Master Forum

You may also check IP addresses (if you have it in log files), especially the first two numbers and then if they are the same you could ban all IP range.

ok we need a new user system that invokes those bitmap images with numbers and letters in them.. anyone know of those for PHPbb hack? this way we don't keep getting these new users each day with spam?

moo

Well the new versions of phpBB are supposed to have this "visual confirmation" thing included, starting at version 2.0.13 (I think) which I believe is the one Gambit upgraded to. Try registering a new account and it should be doing it.

I just tried and didn't see one on the reg page.. so I don't think it's there.. unless it's a confirmation at the end?

It is 2.0.13 Gambit upgraded to though - it's already complaining it should be upgraded to 20.0.15 though!

It's even earlier according to the changelog, v 2.0.10 :

l.v. Changes since 2.0.10

* Fixed vulnerability in highlighting code (very high severity, please update your installation as soon as possible)
* Fixed unsetting global vars - Matt Kavanagh
* Fixed XSS vulnerability in username handling - AnthraX101
* Fixed not confirmed sql injection in username handling - warmth
* Added check for empty topic id in topic_review function
* Added visual confirmation mod to code base

You're right, tried it on my board and it wasn't here. It probably has to be activated somewhere in the admin.

Where are you finding a changelog? The current version we're using is 2.0.13, I'll update it soon.

The changelog is in the phpBB package (docs\changelog.html). I actually made a mistake, Changelog says "changes since 2.0.10", so the visual confirmation mod is included since version 2.0.11.

It is installed but deactivated by default. Take a look in the admin control panel, Configuration page, and turn it on.

See this thread : http://www.phpbb.com/phpBB/viewtopic.php?t=290422

Weird -- something mst have gone wrong when I upgraded then because the option is not on our Admin page.... I must look in to this very soon!

Anyway, back to the original subject: I have deleted all users who matched any of the following criteria

* Users who have a Russian email address or website that points to a spam site and who registered in the last 6 months (all these users had 0 posts)
* Users who aren't necessarily russian but who's profile pointed to an inappropriate website
* Users who have 0 post count and registered longer than six months ago

I apologise to any genuine lurkers, Russian or otherwise, if I deleted your account. Due to the amount of spam sign-ups we've been receiving this was a step I had to take. Please feel free to register again, but please make sure that you post at least ONE message on the day you register or your account will be automatically deleted.

This step has taken our user count from 701 back down to 540!

I must have missed a step somewhere in the last upgrade. I've now implemented the visual confirmation stuff.

I'll do the full update soon.

Maybe you could forbid make impossible (for NEW users, that have-let`s say-below 5 posts), to GIVE THEIR OWN WEB SITES ADRESSES, that are showed in membership list? I noticed, that 90% of these new www adresses leads to spam or XXX-sites. That would solve a problem of spammers, I think- the spammers should give up, when they couldn`t show their emails on memberlist.

oh, and could you memorize (to new and old users), to write their location in the info?

Well, there's been no new spammers register in over a week. It seems as if the measures I took certainly helped. Cool.