Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

securing a phpbb forum

  • 09-06-2009 10:24am
    #1
    Registered Users, Registered Users 2 Posts: 1,073 ✭✭✭


    hey gang

    hope yer all well

    i set up a forum website there recently and it came into a spot of bother with a lot of material of a certain nature being posted on it- yes u guessed it PORN!

    unreal stuff altogether, so bad i had to disable the forum, until after my exams, so now that my exams are finished im looking at trying to resolve this issue, but i dunno where to start

    its a phpbb forum, how does one go about protecting such a site


    thanks very much
    ed


    http://freefreefree.ie/


Comments

  • Registered Users, Registered Users 2 Posts: 21,263 ✭✭✭✭Eoin


    Was it just bots posting spam links on the forum, or was the site actually hacked? If it's the latter, then set the forum so admins have to approve new memberships, and also look at using captcha in your sign-up page.


  • Registered Users, Registered Users 2 Posts: 1,073 ✭✭✭eurotrotter


    eoin wrote: »
    Was it just bots posting spam links on the forum, or was the site actually hacked? If it's the latter, then set the forum so admins have to approve new memberships, and also look at using captcha in your sign-up page.

    wats captcha?

    nice one for the advice


  • Registered Users, Registered Users 2 Posts: 21,263 ✭✭✭✭Eoin


    Captcha is when you are shown an image of numbers and/or letters and you have to enter them into a textbox. It stops a good few spambots.

    Another simple method which seems to work is to create a textarea that is invisible to the user, so they can't enter anything into it. However, spam bots tend to populate every form field. Therefore if you get a signup that has entered something there, you can assume it's a bot so you ignore it.

    I don't know PHP, but it would be the equivalent of this:
    If Request.Form("txtRandomNameHere") = "" Then
         ' probably not a bot, register user
    Else
         ' value entered, so probably a bot. Do not process registration
    End If
    


  • Closed Accounts Posts: 112 ✭✭lostprophetsie


    I had the exact same problem even after enabling captcha which is included with PHPbb, tried then setting the option of approving users which did work but its very easy to miss a genuine member when you have 30-40 spam addresses signing up each day.


  • Registered Users, Registered Users 2 Posts: 21,263 ✭✭✭✭Eoin


    Try the hidden field idea, it's supposed to be quite efficient. You'd need to be comfortable enough editing the PHP files though.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 6,441 ✭✭✭jhegarty


    Another option is to force approval of a users first post.


  • Registered Users, Registered Users 2 Posts: 507 ✭✭✭bigbadcon


    If you were to display a simple addition question on your form instead of Captcha with 2 randomly generated numbers would that stop bots?

    Eg

    random number 1 + random number 2 = User input

    Can bots tell whether your looking for a numeric value or alphanumeric??


  • Registered Users, Registered Users 2 Posts: 1,757 ✭✭✭Deliverance XXV


    On one of my forums I have no spam registrations in the last month opposed to 10+ a day.

    Changes I made were...

    Users now have to verify their email address.

    Installed advanced captcha plugin (Different & changeable backgrounds for the captcha to make it harder on bots registering). Cant remember proper name but if someone wants a link I'm sure I can rustle it up.

    Hope this helps :)


  • Closed Accounts Posts: 275 ✭✭Hydrosylator


    Captcha's are the best in my experience.
    I tried having sums and other questions, and it never made a huge difference.

    This was using phpBB2, with Anti-spam ACP.

    You can use something like Bad Behavior to stop spammers from even getting to the registration page. I had a big a problem with spammer registration as spammer posts. You'd be amazed how quickly a database can become unusable.

    From what I've seen, phpBB3 is a big step-up in anti-spam measures.
    Even with that though, you just can't rely on automated spam control.
    If you have a forum you want to be checking it five times a week, every time you get spam:
    1. block the spammers name
    2. block the spammers email
    3. block the spammers ip number
    4. delete the spam and the account, of course

    If you want to be really draconian, limit the IP ranges allowed to post on the forums. It looks like you want to have a site for people giving away free stuff in Ireland, so you could limit the IP range to allow Ireland, Britain, and a few other western EU countries. That would, based on my experience, eradicate almost all spam.

    Sadly it's not as easy as it sounds, you have to find out the ip ranges used by each country you want to allow or block, and they're not as coherent or sequential as you'd hope.

    Also you would be stinging genuine people abroad who wish to use the site. If you think your business model can handle that for now though, it might be what's right for you.

    That said, I do believe that good forum monitoring is the most important solution.


  • Registered Users, Registered Users 2 Posts: 1,073 ✭✭✭eurotrotter


    hey gang

    thanks amillion for all teh replies

    im gonna enable captcha, but dont have a clue where it is on the admin panel

    can someone plz guide me in the right direction

    thanks v much
    ed


  • Advertisement
  • Moderators, Education Moderators, Technology & Internet Moderators, Regional South East Moderators Posts: 24,056 Mod ✭✭✭✭Sully


    The phpBB captcha isnt effective from what I read, there are extensions for phpBB which improve the security of this. Id ask in a phpBB Support Forum or do some googling. Iv moved away from all the free BBs are there not great tbh and with spam bots on the rise its harder to keep them abay on a free forum.


  • Closed Accounts Posts: 112 ✭✭lostprophetsie


    From what I remember it is just in the General Board Settings under the Admin panel but as Sully was saying, it really isn't much use I had just as much spam after enabling the captcha feature.


Advertisement