Increased SPAM BOTS on SMF boards (ALL .RU E-MAILS BANNED).

[DZComposer]

Apologies for the spam bots. It seems that the spam software writers have cracked SMF's captcha and have the ability to e-mail activate.

SMF is receiving floods of reports of spambots on SMF forums all across the internet.

Sadly, this means that I will need to make some changes to the registration process. For now, admin activation will be required. I am evaluating some anti-spam solutions, but I need to make an informed choice, so it will be a few days before I can turn off admin activation. When that happens, there will be some new features in addition to the captcha. Sadly, they will require additional user input either through a second captcha or a short puzzle.

Mr. Krystal and XG, please help with approving members.

ALL .RU E-MAIL ADDRESSES ARE BANNED. Please sign up with another mail service, like gmail or something. So far every single registration from a .ru address has been a spam bot.

[Guest RedPhoenix32]

May you please elaborate on what spambots are? And how will it efect current members.

[DZComposer]

Look at this thread: http://forums.starfox-online.net/index.php?topic=3482.0 (DO NOT click on the links. I forced them to 404, but I do not know what their servers do in a 404 case and you could still get something.)

The thread was created by a piece of software that managed to register for an account. At least two known spambots are known to have the ability to check e-mail addresses for activation mails.

After registering, they create links to sites in order to boost their search engine rankings, as the more links to a site the higher it gets ranked. The sites are usually questionable porn sites or questionable online pharmacies.

They effect current members by cluttering the boards with crap.

[Guest RedPhoenix32]

Ah. I see. So now you have to go through a legit process to register. Good idea. Is there some way I can help? I'm on pretty much every day and constantly in the know right now. (I had a lot of spare time on my hands)

[DZComposer]

Ah. I see. So now you have to go through a legit process to register. Good idea. Is there some way I can help? I'm on pretty much every day and constantly in the know right now. (I had a lot of spare time on my hands)

If you see a spam post that hasn't been locked or deleted, report it and a mod or admin will take care of it.

[Guest RedPhoenix32]

Well, that, and the new members in the ways of accept or decline e-mails.

[DZComposer]

That is not a permission that I can grant you. Only admins are allowed to approve registrations.

To be an admin, first there has to be an opening for one (which there is not), secondly, you need to have been an active full moderator for at least six months.

To become a full mod, you need to have been an active member for six months with no major rule violation, and there also needs to be an opening (which there is not).

[Guest RedPhoenix32]

Darn. Oh well. There has to be an opening eventually. Thanks for the info.

[Sideways]

Spambots are a pain. I've dealt with these before. Delete post and ban/delete user.

[Mr. Krystal]

I received an email from the forum about a new user registration: Unentolonieft

He has a gmail email address, but a .ru hostname. What should I do?

[DZComposer]

Look at the e-mail address and username and see if it looks like they were created by a bot. Also, check the IP address to see if other registrations came from it. If they did, it is likely a bot.

If you're still unsure, send the user an e-mail and base accepting it on the reply.

I've been looking through the unactivated list, and there are a lot of obvious bots in there.

After reading through some of the pages at SMF, I think I will be installing reCAPTCHA. ( http://recaptcha.net/ )

It will replace SMF's captcha. I may add additional measures if need be.

SMF 2 is not affected, but I am hesitant to use beta software.

[Sideways]

Try to find a script for registration that asks a question that only a human would know. Maybe randomize the question and or answer to trick the software writers?

[DZComposer]

Easier said than done. Nothing is perfect. Even the "pick the cat" captchas are starting to get cracked.

ReCAPTCHA hasn't been cracked yet. Plus, it helps archive.org digitize books. It uses images generated on their servers and passed to the client and SFO server using publick and private key encryption. Another genius is the words picked. It takes a word that is known, and then one that OCR software did not recognize properly. All words come from scanned books, and the use of two words defeats dictionary attacks.

[Mr. Krystal]

Try to find a script for registration that asks a question that only a human would know. Maybe randomize the question and or answer to trick the software writers?

That doesn't always work. Spam writers pay 3rd-world country citizens 5 cents an hour to fill those kinds of questions out as part of the bot program.

[XG Fox]

Ah, so that's why I suddenly started getting emails about approving a couple members... was beginning to wonder.

Yeah, I'll look at those when they come in.  :3

[DZComposer]

ReCaptcha seems to have stopped the Spambots from being able to complete the reg form, so I have returned the setting to e-mail activation.