Hi all
I noticed for a few months that regularly the forum is hacked by new users (bots?) that will merely publish advertisement links for whatever Viagraish Pills or else bulls...t.
Is the registration process on the forum no longer safe or stringent enough to avoid these kind of annoyance?
PhPBB as one of the most renowned and ancient Bulletin Board software on the market has probably a kind of fix for this?
It’s been a long time since I am registered, so I don’t really remember how is the registration process working, but I guess that an authentification process with a Captcha of some sort is already in force? Is double authentification active?
Another thing (if possible) would be to see if the user that wants to register with this forum is already in the database as an AirManager user, as after all since this is a support forum, normally all the registered user of the forum are already customers.
I now this is more of a nuisance to Ralph and Corjan that have to manually remove these spammers and delete their messages
Here’s what I found about anti-spam techniques on PHPBB:
https://www.phpbb.com/customise/db/mod/ ... od/faq/548
Jacques
Forum regularly spammed
Forum regularly spammed
Last edited by JackZ on Wed May 08, 2019 10:43 am, edited 1 time in total.
My YouTube Chanel on the A320 (Real SOPs by an Airline Pilot IRL):
https://www.youtube.com/playlist?list=P ... 0Q6SBASRqJ
https://www.youtube.com/playlist?list=P ... 0Q6SBASRqJ
Re: Forum regularly hacked & spammed
In the case of this very forum, considering its relatively limited size of user Database (1066 registered users in more than three years, less than 1 user/day), I am starting to think that the double authentification process (user+admin) is probably the key to success.
For sure, it requires a manual intervention from the admin, but with less than one user registration per day, this is probably worth it when compared to the hassle to remove the spammer and its messages from the forum.
If ever needed, I volunteer to act as a backup admin or moderator (with limited rights) to help for this, Ralph. Contact me by PM if needed.
https://www.phpbb.com/customise/db/mod/ ... tion_pack/
My ten cents!
Jacques
For sure, it requires a manual intervention from the admin, but with less than one user registration per day, this is probably worth it when compared to the hassle to remove the spammer and its messages from the forum.
If ever needed, I volunteer to act as a backup admin or moderator (with limited rights) to help for this, Ralph. Contact me by PM if needed.
https://www.phpbb.com/customise/db/mod/ ... tion_pack/
My ten cents!
Jacques
My YouTube Chanel on the A320 (Real SOPs by an Airline Pilot IRL):
https://www.youtube.com/playlist?list=P ... 0Q6SBASRqJ
https://www.youtube.com/playlist?list=P ... 0Q6SBASRqJ
Re: Forum regularly hacked & spammed
More advanced Captchas are available, as it appears that the regular Captcha can now be hacked by SpamBots
https://www.phpbb.com/customise/db/exte ... s_captcha/
Jacques
https://www.phpbb.com/customise/db/exte ... s_captcha/
Jacques
My YouTube Chanel on the A320 (Real SOPs by an Airline Pilot IRL):
https://www.youtube.com/playlist?list=P ... 0Q6SBASRqJ
https://www.youtube.com/playlist?list=P ... 0Q6SBASRqJ
Re: Forum regularly hacked & spammed
A list of anti-spam modules available for PHPBb
https://www.phpbb.com/customise/db/exte ... ti-spam-41
Jacques
https://www.phpbb.com/customise/db/exte ... ti-spam-41
Jacques
My YouTube Chanel on the A320 (Real SOPs by an Airline Pilot IRL):
https://www.youtube.com/playlist?list=P ... 0Q6SBASRqJ
https://www.youtube.com/playlist?list=P ... 0Q6SBASRqJ
-
- Posts: 5346
- Joined: Thu Jul 27, 2017 12:22 am
Re: Forum regularly hacked & spammed
I concur to Jacques's advices
perhaps entities external to simulation are targetting this forum as an easier accessible way for their "business" or what they think ? Here is only simulation and I properly avoid reading not related threads
so there's probably many solutions to clean such a situation in order for us to still enjoying our sharing on our passion
Gilles
perhaps entities external to simulation are targetting this forum as an easier accessible way for their "business" or what they think ? Here is only simulation and I properly avoid reading not related threads
so there's probably many solutions to clean such a situation in order for us to still enjoying our sharing on our passion
Gilles
-
- Posts: 5346
- Joined: Thu Jul 27, 2017 12:22 am
Re: Forum regularly hacked & spammed
Seen there's currently three (3) bad thread related to anything but simulation
Gilles
Gilles
-
- Posts: 5346
- Joined: Thu Jul 27, 2017 12:22 am
Re: Forum regularly hacked & spammed
There's also the idea to force new users coming on the forums, to go through a mandatory moderating process, where they would describe their initial intentions and talk about what they're using in simulation, or what's their interest in aero in RL like being a Pilot or whatelse, before being able to post on the forums after being validated by Sim Innovations Team
not sure if such a process could be easily achieved on phpBB with not much additional work, though ?
Gilles
not sure if such a process could be easily achieved on phpBB with not much additional work, though ?
Gilles
Re: Forum regularly hacked & spammed
Yes this can be annoying and increasing security by whatever means would be a good thing. What gets me is someone seriously thinks anyone on here would want the crap they push.
I don’t think you can limit the forum to AM users only because often there is the need to ask pre purchase questions and queries.
I don’t think you can limit the forum to AM users only because often there is the need to ask pre purchase questions and queries.
Air Manager panels at https://www.experimentalsimavionics.com
Youtube Channel https://www.youtube.com/channel/UC8ZqXX ... kfZMq5BKig
Air Manager API Tutorial Video Series https://youtube.com/playlist?list=PLNr0 ... baT4gJKg5D
Youtube Channel https://www.youtube.com/channel/UC8ZqXX ... kfZMq5BKig
Air Manager API Tutorial Video Series https://youtube.com/playlist?list=PLNr0 ... baT4gJKg5D
Re: Forum regularly hacked & spammed
@Tony Good point about prospective users, almost forgot about these.
For the other point, these spammers are mainly spambots, the idea is to have some people click on the links advertised, which are probably infected URLs with some weird viruses, rather than actually trying to sell any sort of crap.
@Gilles. The dual authentication process would solve this, and there is apparently a module that allows the registering user to give a reason for its registration for the review by admin before being allowed to Post on the forum.
https://www.phpbb.com/customise/db/exte ... ification/
Also an authentication based on "non searchable" questions and answers would probably deter most of the Spambots
For Ralph and Corjan, her's a list of simple tricks that seem to be effective against Spambots, some as simple as not allowing to register with an UTC-12 timezone (which is inhabited by the way)
https://www.phpbb.com/community/viewtop ... &t=2122696
Jacques
For the other point, these spammers are mainly spambots, the idea is to have some people click on the links advertised, which are probably infected URLs with some weird viruses, rather than actually trying to sell any sort of crap.
@Gilles. The dual authentication process would solve this, and there is apparently a module that allows the registering user to give a reason for its registration for the review by admin before being allowed to Post on the forum.
https://www.phpbb.com/customise/db/exte ... ification/
Also an authentication based on "non searchable" questions and answers would probably deter most of the Spambots
For Ralph and Corjan, her's a list of simple tricks that seem to be effective against Spambots, some as simple as not allowing to register with an UTC-12 timezone (which is inhabited by the way)
https://www.phpbb.com/community/viewtop ... &t=2122696
Jacques
My YouTube Chanel on the A320 (Real SOPs by an Airline Pilot IRL):
https://www.youtube.com/playlist?list=P ... 0Q6SBASRqJ
https://www.youtube.com/playlist?list=P ... 0Q6SBASRqJ
Re: Forum regularly hacked & spammed
We're not hacked But spammed, yes. The only thing is, I don't think they're bots. Most probably poor people who get payed to spam various forums.
It would be possible to have a system where I have to approve their application first. But this will probably take more time and effort then removing the spam messages once in a while. It is pretty easy to remove them, just remove the user and their messages at once.
It would be possible to have a system where I have to approve their application first. But this will probably take more time and effort then removing the spam messages once in a while. It is pretty easy to remove them, just remove the user and their messages at once.