Spammers bypassed my reCAPTCHA easilly

superthin · 05-30-2010, 09:50 AM

Hello All,

I have a phpBB 3 forum. In the pass, my board was flooded by many spammers (about 500 posts every night). So I was enable reCAPTCHA to prevent. Everything seemed to OK to recently days.

Yesterday and today, I am socked because of many spams. I am doubting reCAPTCHA's solid in the battle of violent spammers.

When trying to play with reCAPTCHA, I realize that we don't need type all of characters of two words to valid. We can type first word (easy to read) and the first letter of second word is enough to reCAPTCHA accepts me.

First word in reCAPTCHA is not complicated, I think, some crazy spammers could crack by writing an OCR utility to read and auto-fill form.

Please give me some advices.

Thank & best regards,
SuperThin.

delayedinsanity · 05-30-2010, 05:25 PM

Do you allow guests to post? Your first line of defense should be to turn that feature off and never even consider it again if you are currently allowing it. There's no need for it, especially on a forum.

If you already have this disabled, enable user account activation next. Some spammers are sophisticated enough to activate accounts, but this will reduce your load considerably.

The last and ultimate line of defense against spammers is disable your forums. Other than that, you should employ a respectable group of moderators to help you eliminate bots that slip through the cracks, because no matter how many layers of defense you implement, some will always get through. As a forum administrator you need to be proactive, and utilize as much preventative maintenance as you can without becoming a hassle to your legit members.

superthin · 05-30-2010, 06:50 PM

@delayedinsanity: Yes, I allow guest to post, but one category which guests can post, and twice in a week.

I think the spammers are smart. When I enable guest post to the category, 30 minutes later, spams will appear.

I turn off user registration and modify some code lines to prevent spammers type URL as GET / submit registration form from and offline HTML file(s).

I am very tired of struggle against spammers. Does Mollom support phpBB?

delayedinsanity · 05-30-2010, 08:02 PM

Spammers aren't really that smart, they're just extremely persistent. I hardly update my various blogs and while they hold decent page ranks I don't really care if they get indexed or not, but they still get pounded on a regular basis.

You might want to try the phpBB3 forums and see what other forum administrators are doing there. We could help you write a PHP script to catalog all your spam hits and pillage the occupants of the servers they bounced off of (and occasionally the spammer themselves when they don't do a good job of forging their headers) but for phpBB specific topics like this you're more likely to get specialized help from their own forums.