Wow...what's with all the spam lately?

Are these spam posts from real people registering? Or is their some automated program that does this?

This is ridiculous!

Steve

I have no doubt that there exist programs that scan the web, looking for phpBB sites, and register themselves and post spammage.

David

Wow, ok, thanks David. That is unreal!

It’s not enough we have to get these stupid emails in our accounts, now you have to view them in forums you visit!

Steve

Dave,

There is a CAPTCHA system built-in to the registration process, so I would guess that it’s probably real people creating the account, then attaching the spam-bot to the created account.

So perhaps it’d be enough to ban the accounts? Would that be possible? If it’s a manpower issue, I’d gladly volunteer to play spam-cop. :wink:

Take care,
Mark

Since we don’t impose any limitations on account creation, other than the CAPTCHA system, banning a spammer’s account wouldn’t seem to be terribly effective–why wouldn’t the spammer just immediately create another account? He did it the first time, so he can do it again the same way.

Though I wonder if there aren’t spambots that make an attempt to read the CAPTCHA text. Even if it only got it right 1% of the time, that would mean it would only take 100 guesses to get an approved spamming account. And again, banning that account wouldn’t help much, since the spambot program would be able to make another account in another 100 guesses or so.

In fact, the wikipedia entry for CAPTCHA finishes with several links suggesting effective ways for bots to defeat the system.

David

I checked the captcha asked by the panda forum on registration. With such an easy generator, the spam-bots are far better then 1% in getting it right. Think more like 80%.

You can make it harder by rotating letters, using more then 1 font, let letters touch eachother, colours, extra ‘dirty spots’…

But don’t make it to hard, ofcourse :slight_smile:

Maybe it’s time to use a better generator?

Its known that the captcha-mechanism of the phpbb board can be decoded by bots lately. As long as this board does not change to an unique mechanism to prevent bots from scanning the captcha-code, you will never get rid of them.

Its always a run between spammers and the administration :frowning:

Only way to be safe is (and will be) either disabling new accounts completely or write an unique version of captcha… but that will require some skill in a programming language such as python or php or perl. Maybe one can write a small tool that creates a image with a combination of letters and digits in several fonts and in a “mixed” manner. It shouldn’t be that hard for people programming whole computer games XD.

If you need a webserver running this particular tool, lemme know… running a part of a user control center in python too…

Regards, Bigfoot29

I might be willing to give it a try. What exactly do we need? A tool that takes a string as imput and spits out a human-only readable picture of it?

Id be more than happy to ‘help’ monitor the boards and remove spam when they occur, at least in the interim.

cheers
neighborlee()

what about ASCII art? would avoid an image or a link to it so programms scanning the actual image wont find a link to look for a image =). or use an image AND ascii art … where the real image shows a different and wrong combination. or animated GIF files? several lines of codes and just one row of it… just ideas…
volunteering for helping out,too

edit:fast soultion for a programm like this. use panda, set up a offscreen renderer, create 3d fonts, let them change every new frame, render a new frame everytime a code is requested, well save as texture… random lighting and additional half transparent object in front and below the letters should do great 8) dont miss the sweet panda in the image.

It sounds like a bit of work, but I personally find the idea of using Panda3D to generate the CAPTCHA for the Panda3D bboard absolutely delicious.

Blast… if only I had more time to play around with the system right now; I could probably cook up a quick-and-dirty prototype in about a day.

One downside to this strategy: in Panda3D’s current incarnation, the main window always wants to generate itself. This makes it unfriendly to many server-backend systems, where one can’t even guarantee that there is a window manager running to draw onscreen graphics. So if the Panda3D.org system is running without a monitor (or as a user without access to the X11 process, if it’s Linux-backed), this tactic would fail.

Idle musings on a slow Tuesday morning :wink:

Take care,
Mark

Nahh. We use Panda to generate offline images for our Toontown web server every day. (Ever seen the pictures of the “Top toons” on the website?)

The trick is to put the following in your Config.prc:

window-type offscreen

which tells Panda you want to open an offscreen type window, presumably for the purpose of saving out “screenshots”. Incidentally, you can also put:

window-type none

which tells Panda not to open any default window; you’ll do it yourself when you’re ready.

David

Ha, every time someone questions the capability of Panda3D, drwr is there to give you a more then complete (and mostly positive) answer!
It amazes me time and time again.

I am trying to get a version of Panda3D that can be installed on Debian “Sarge” :open_mouth: - as soon as thats done, it shall be possible to generate websites with Panda3D “content” ((fast-)cgi mode) - just for messing around. If thats going to work, all we need is the code itself. :smiley:

Regards, Bigfoot29

I just deleted a bunch of hidden hyperlinks to disreputable sites in the main page of the manual. :imp: The linkes were added by “Boomer” on September 14th.

If the spammers have gotten into the manual, then who knows what else they might have hidden?

As long as someone wants to play spamcop for the forums, they might as well check the “recent changes” page in the manual.

We are probably going to need use the new CAPTCHA system on the manual too.

The manual is a WIKI - and normally its wanted that ppl can edit it. However, seeing the manual misused is a new dimension. :frowning:

Thanks for keepting that one clean… :slight_smile:

Regards, Bigfoot29

Boomer persists in spamdexing the manual. I’ve reverted five times now. (If you don’t belive me, just check the history.) The links were not even hidden last time! This has got to stop.

If anyone has the authority to ban/block Boomer from editing the WIKI, now would be a good time.

drwr? Can you do that?

Not I. I’ll drop an email to Josh.

David

:open_mouth: Something just occured to me. All the spams I’ve seen in the Panda3D forums were in “General Discussion” forum, and never in the other seven.

If the spams are mostly the work of automated programs, then how does it know where to post? My guess is that most web forums have a “General Discussion” forum.

Now, I know very little about phpBB, but couldn’t it be as simple as changing the name of this forum from “General Discussion” to something the spambots won’t recognize like “Panda3D Talk” ?

They spam everywhere. All they do is starting in default folders its common that most ppl read there first…

Regards, Bigfoot29

Edit: Another Idea for the preventing of spammers is Admin approval - but that would mean wait times for new posters - so propably not a GOOD idea :frowning: