Spambot Solutions

Talk about anything not related to Transcendence.
Post Reply
User avatar
dvlenk6
Militia Captain
Militia Captain
Posts: 519
Joined: Sun Mar 05, 2006 6:56 am
Location: Sanctuary and beyond
Contact:

I read this on another forum and thought it should be spread around:
- - - - -
Fringewood Designs wrote: I've been doing some reading on the phpBB spambots, and here are some of the more interesting bits that I've picked up.

All the spambots seem to driven from a single software title, though exactly what it is a pretty well guarded secret. It's not available for download anywhere for inspection.

But the software has a certain degree of AI to it. It monitors a site and assesses what is being done to combat it and adapts. It's a real stinker, and this is why many of the solutions are only temporary. It will find the most popular forums and post to them. It can even hide key URL's behind the smilies. It's very smart.

However, it does have some weaknesses that will allow it to be defeated. But first, let me define a few of the things that it does, to help explain why some things won't work.

Spambots operate on proxies. This allows the bots to get around IP blocking. If it can't reach a forum with a given proxy, it will attempt access with another. So forget phpBB IP blocking, it's useless.

Spambots have their own registration procedure overrides that are designed to defeat the built in and mod defined countermeasures (CAPTCHA, etc.), and if blocked, they will figure out how to override the measure and return shortly afer the blocks are installed, remembering them in the future. So forget the image reader code and other things like that.

They are pretty smart programs, and they are persistent. Until you cut off the things they need to find your forum, you've got them forever......

The key is getting rid of what they need to find you. So here is how you defeat them. It seems to be the only way to wipe them off your server.

If you are familiar with blocking open proxies using .htaccess and port blocking, then do so. (Apache servers) This doesn't stop them all, but it greatly reduces the number. This will be bypassed by the bots AI, but it buys you a little time so that you don't have to shut down the forum to perform the erradication.

The real key to defeating the spambots lies in the referral URL's. These are the links that are filled out in registration and appear in user WWW buttons and in the user list. The bots plant sleeper members, or they are done by a person who scouts the forum to plant the seeds for the bot. If you notice, every bit of spam has a URL listed for a website. The WWW button is always active on every spam post. Each bot can have a list of URL's for which to search.

The bots Google for these URL's listed to find their target forums. Once the seed URL is planted, the bot has a means for honing in on you. If you want to get rid of the spambots, you have to deny it the ability to plant these URL's in your forum.

These URL's exist in the forum pages and in the memberlist. When Google scans the forum, it records every URL that has been planted, active and sleeper. Until the next scan, the bots have your number.

So, to deny them access, you have to disable the www buttons, remove all spam posts, and kill the memberlist (except for admin access, which Google can not scan, since it doesn't have admin permissions). Then you have to keep them off so that that they don't replant the seed URL's until the next Google scan.

How do you keep them off until the next scan? Well, they have a weakness here too. Since they need the URL to plant the seed, they will overwrite a disabled URL field in the registration page. If you disable the URL field, only the bots will show a URL in their registration. Admin approval is used to axe any new members with URL's.

There are also other tests that can be custom added to registration configuration to help spot bots. Simple obvious yes or no questions like: Are you a bot? Are you your mother's child? Were you born in the city of your birth? Where did you hear about this site? and so forth, with instructions not to answer the question ("Do not answer this." etc.), will confuse the bots, and they will usually reply with the user name, location, or some other preset data.

That is the one solution that the bot's AI can not overcome. It takes a little work to disable the URL feature, and in the absence of the WWW button, it means that all members who want to post their websites will have to do so in their signatures.

The one weak point in this solution is that a human can return and plant another seed manually in a post. So for the solution to remain permanent, the URL blocking in registration must remain in effect, and admin approval or culling must remain in place to kill any URL posting registrations.

With this in mind, it is possible to use only the URL registration review, and not go through the cleansing of the site. This will allow existing members to keep their URL buttons. However, the cleansing will remove the need for constant admin attention. The clensing will allow for email registration activation, with admin checking the list daily for URL bearing registration, since the bots seldom post spam on the day they register. Without the cleaning, admin approval must remain the rule, as the registration attempts will be much more numerous.


So, that's pretty much it in a nutshell. Because so many phpBB forums have varying versions and registration configurations, I'm not posting any suggestions for the actual mechanics for carrying out these procedures. What may work for one forum might not work for another. Consult the phpBB forum or a php coder if you need specific advise for your specific forum.

I hope this helps provide a solution for the spambots. Feel free to post this article in all the spam infested forums in which you're a member.

Best of luck in the fight against the bots.
"War is hell."
-William Tecumseh Sherman
http://dvlenk6.blackraven3d.com/transgals.html
george moromisato
Developer
Developer
Posts: 2997
Joined: Thu Jul 24, 2003 9:53 pm
Contact:

Thank you! Both those posts help me. Here is another post that has helped:

http://www.phpbb.com/phpBB/viewtopic.php?t=427852
Post Reply