How to protect the forum on the phpBB engine from automatic registrations
The phpBB forum engine has a lot of advantages, it is convenient both for users and moderators and, as a result, is very popular. But it is precisely the popularity that gives rise to its main drawback - it is being spammed, and it is being spammed automatically. After some time, the constant flow of registrations of new fake users and spam messages from them may in some way wipe out the nerves of the site administration.
PhpBB version 3. * in the base delivery contains as many as 4 captcha options that can be offered to users when registering on the forum. There is even a recaptcha , but for autosabmitters, as practice shows, this is not an obstacle.
These programs know how typical entry points to the registration pages of various forum engines look like. This knowledge is based on the recognition of DOM-models of web pages that contain forms for registering new users, posting messages and so on. That is, for example, in the case of phpBB, the robot knows that the entry point for registration is located at /ucp.php?mode=register and that there is a button on this page:
')
Without going into technical details, I’ll note that you can already find and click this button in an html document at least by id or by name.
As soon as the robot reaches the page with captcha, he receives a captcha picture and tries to recognize it. Different technologies can be applied here, depending on the sophistication of the program, from OCR-algorithms to simple recognition of a captcha by a living person. That is why the protection does not work. Banning IP addresses on the forum is also absolutely useless, since robots spam through numerous proxy servers. In this sense, there is no difference in banning addresses or clearing new autoregistrations, everything somehow reduces to a loss of time.
It turns out that the only way to cut off autosubmitters is to slightly modify the layout of the entry point to the forum in a unique way. Another two or three years ago for phpBB2 I did this trick and it worked - the automatic registrations stopped. The same thing was recently confirmed on another site, already on the engine on phpBB3.
Next, I will give a specific proven example of modifying the phpBB registration page. However, I would like to make a reservation that this post offers the concept of protection against automatic registrations on forums, and not specific methods. It all depends on the hands and head of the forum administrator. It is desirable to have basic knowledge of html and css. If readers start copying this method en masse, the spammers will program this “heuristic” into their software and the automatic registrations will continue.
So, choose the settings of the phpBB forum the most simple captcha "CAPTHA without GD".
It looks like this in the browser (FF3):
If you look at the layout of the registration page in the area of ​​the captcha image, it looks like this:
The src attribute itself is in the img tag and contains a captcha image. Open the folder with the current topic installed on the forum. In my case, this is prosilver: / forum / styles / prosilver / template. In it we find the file captcha_default.html. If you look at this template, you can see the place where the above mentioned markup is formed:
Light body movements complicate life autos:
Now it will look like this in the browser:
I agree, not very nice, but the admin nerves will now be fine. Regular users can still register. Of course, when upgrading the engine to a newer version, you will need to remember to make this fix again. I hope that brave-phpbb-users will not get hung up on this example, and come up with other ways to change the entry point according to the proposed concept of protection.
PhpBB version 3. * in the base delivery contains as many as 4 captcha options that can be offered to users when registering on the forum. There is even a recaptcha , but for autosabmitters, as practice shows, this is not an obstacle.
These programs know how typical entry points to the registration pages of various forum engines look like. This knowledge is based on the recognition of DOM-models of web pages that contain forms for registering new users, posting messages and so on. That is, for example, in the case of phpBB, the robot knows that the entry point for registration is located at /ucp.php?mode=register and that there is a button on this page:
')
<input type="submit" class="button1" value="..." id="agreed" name="agreed"> Without going into technical details, I’ll note that you can already find and click this button in an html document at least by id or by name.
As soon as the robot reaches the page with captcha, he receives a captcha picture and tries to recognize it. Different technologies can be applied here, depending on the sophistication of the program, from OCR-algorithms to simple recognition of a captcha by a living person. That is why the protection does not work. Banning IP addresses on the forum is also absolutely useless, since robots spam through numerous proxy servers. In this sense, there is no difference in banning addresses or clearing new autoregistrations, everything somehow reduces to a loss of time.
It turns out that the only way to cut off autosubmitters is to slightly modify the layout of the entry point to the forum in a unique way. Another two or three years ago for phpBB2 I did this trick and it worked - the automatic registrations stopped. The same thing was recently confirmed on another site, already on the engine on phpBB3.
Next, I will give a specific proven example of modifying the phpBB registration page. However, I would like to make a reservation that this post offers the concept of protection against automatic registrations on forums, and not specific methods. It all depends on the hands and head of the forum administrator. It is desirable to have basic knowledge of html and css. If readers start copying this method en masse, the spammers will program this “heuristic” into their software and the automatic registrations will continue.
So, choose the settings of the phpBB forum the most simple captcha "CAPTHA without GD".
It looks like this in the browser (FF3):
If you look at the layout of the registration page in the area of ​​the captcha image, it looks like this:
<dt><label for="confirm_code"> :</label></dt> <dd><img src="./ucp.php?mode=confirm&confirm_id=6c5577092e91ccaeb04032537f70ab65&type=1" alt=" " /></dd> The src attribute itself is in the img tag and contains a captcha image. Open the folder with the current topic installed on the forum. In my case, this is prosilver: / forum / styles / prosilver / template. In it we find the file captcha_default.html. If you look at this template, you can see the place where the above mentioned markup is formed:
<dt><label for="confirm_code">{L_CONFIRM_CODE}:</label></dt> <dd><img src="{CONFIRM_IMAGE_LINK}" alt="{L_CONFIRM_CODE}" /></dd> <dd><input type="text" name="confirm_code" id="confirm_code" size="8" maxlength="8" tabindex="{$CAPTCHA_TAB_INDEX}" class="inputbox narrow" title="{L_CONFIRM_CODE}" /> Light body movements complicate life autos:
<dt><label for="confirm_code"> :</label></dt> <dd><iframe src="./ucp.php?mode=confirm&confirm_id=6c5577092e91ccaeb04032537f70ab65&type=1"></iframe></dd> Now it will look like this in the browser:
I agree, not very nice, but the admin nerves will now be fine. Regular users can still register. Of course, when upgrading the engine to a newer version, you will need to remember to make this fix again. I hope that brave-phpbb-users will not get hung up on this example, and come up with other ways to change the entry point according to the proposed concept of protection.
Source: https://habr.com/ru/post/113405/
All Articles