Zeera the Space Pirate

[noemz]

Okay, somebody find me a working anti-spam mod for phpbb3 that isn't complicated.

Currently I am blitzing ALL guest posts as spam in my moderation queue (because guest posts are easier to blitz than spam user accounts).

I wish the phpbb people would give up on the crappy visual confirmation captcha. It becomes unreadable to people before it becomes unreadable to bots. All I want... is a custom field that I can validate...

[noemz]

WOO HOO!!!

I did it!!!

I successfully hacked the forum by changing a massive... four lines of code. And adding two. Now, anyone who wants to post as a guest or register an account can simply ignore the visual confirmation image and enter the 'password' supplied in order to get through.

So far, no spam bots have succeeded. This means I don't have to clean out long queues of spam posts from the moderation queue. Which none of you ever saw, so you probably won't notice any change in the running of the forum.

Anyway...

Woo hoo!!!

[noemz]

In case anybody cares, this is how I quickly and easily stopped spam bots from circumventing the visual confirmation in order to post as guests or register spam accounts on the forum.

The password is "areez" (Zeera backwards, so spam bots can't solve the question with a quick Google search). It does mean changing little things in four different files, and it's not very elegant, but it's easier than creating a new panel in the Administration Control Panel with validation etc.

Note: This is just what I did to my own forum, which is currently phpBB-3.0.0. I make no warranty that it will work for other people or that you won't possibly destroy your own forum setup, especially if you are fumble-fingered. Back up your code. Seriously.

-------------------------------------------------------------------------------------
OPEN: posting.php

FIND:

if (empty($confirm_row['code']) || strcasecmp($confirm_row['code'], $confirm_code) !== 0)

CHANGE TO:

if (empty($confirm_row['code']) || strcasecmp($hackZeera, $confirm_code) !== 0)

INSERT BEFORE:

$hackZeera = "areez";


SAVE AND CLOSE
-------------------------------------------------------------------------------------
OPEN: includes/ucp/ucp_register.php

FIND:

if (strcasecmp($row['code'], $data['confirm_code']) === 0)

CHANGE TO:

if (strcasecmp($hackZeera, $data['confirm_code']) === 0)

INSERT BEFORE:

$hackZeera = "areez";


SAVE AND CLOSE
-------------------------------------------------------------------------------------
OPEN: language/en/common.php

FIND:

'CONFIRM_CODE_EXPLAIN' => 'Enter the code exactly as it appears. All letters are case insensitive, there is no zero.',

CHANGE TO:

'CONFIRM_CODE_EXPLAIN' => '******* IGNORE THE LETTERS AND NUMBERS !!! Spell "Zeera" backwards into the space instead. Case does not matter.',

SAVE AND CLOSE
-------------------------------------------------------------------------------------
OPEN: language/en/ucp.php

FIND:

'CONFIRM_EXPLAIN' => 'To prevent automated registrations the board requires you to enter a confirmation code. The code is displayed in the image you should see below. If you are visually impaired or cannot otherwise read this code please contact the %sBoard Administrator%s.',

CHANGE TO:

'CONFIRM_EXPLAIN' => 'To prevent automated registrations the board requires you to enter a confirmation code. The image below does NOT keep out spam bots, so please ignore it altogether and spell the word ZEERA backwards into the space instead. If you are having trouble then please contact the %sBoard Administrator%s.',


SAVE AND CLOSE

-------------------------------------------------------------------------------------

[Monika]

NoemZ the überhacker \o/

[airgead]

The password is "areez" (Zeera backwards, so spam bots can't solve the question with a quick Google search).

They can now...

Unless you set this thread not to be visible to robots.

[noemz]

Meh, I can always change the password.

Actually, I wouldn't mind seeing if spam bots were able to crack the password based on searching forum threads. I think I've only encountered one bot that got through based on a web search.

Also, won't spam bots just keep trying to solve the CAPTCHA in the image?

[airgead]

Meh, I can always change the password.

Actually, I wouldn't mind seeing if spam bots were able to crack the password based on searching forum threads. I think I've only encountered one bot that got through based on a web search.

Also, won't spam bots just keep trying to solve the CAPTCHA in the image?

See, my worry is that the smarter we make anti spam systems, the faster spam bots will evolve to beat them. Eventually they will evolve into a sort of spam Skynet and we are all doomed. Hoards of vicious robots will descend on humanity firing viagra canons and smothering us in piles of cheap mortgage offers.

[Christina]

See, my worry is that the smarter we make anti spam systems, the faster spam bots will evolve to beat them. Eventually they will evolve into a sort of spam Skynet and we are all doomed. Hoards of vicious robots will descend on humanity firing viagra canons and smothering us in piles of cheap mortgage offers.

And acai berries to lose weight. And free degrees, don't forget the free degrees. Why is it that I didn't get any offers of free degrees until after I'd finished my 10 years of Uni?

[noemz]

Spam bots keep sending me greeting cards. Or so they say. But not really.

It's very upsetting, toying with my emotions all the time like that.

[Christina]

Oh, that's harsh. Not kind at all. How dare they do that!