Home

Your premium source for custom modification services for phpBB

   logo

HomeForumsBlogMOD ManagerFAQSearchRegisterLogin

Comments June 11, 2007

Holes in the Armor…

Filed under: Anti-spam, MOD Writing, phpBB — Dave Rathbun @ 12:06 pm CommentsComments (3) 

The first chinks in the armor provided by the Checkbox Challenge MOD may have appeared a few days ago. I have a board that I maintain purely for spam “bait” as there is very little activity there. It gets tons of spam registration attempts, so it was the obvious first place to test out this MOD. It worked great. I got zero registrations for quite a long time.

Then the first successful registration occurred.

I looked it over, and it seemed legitimate. It was not an obvious spammer email domain, and the username was reasonable. So I chalked it up to a real member and moved on. A week or so later I got another registration. Again, it seemed reasonable.

So what makes these two different? First, they both came in on the same day. Second, the email addresses – while different – certainly look like the follow the same pattern, as you can see:

Username / email address
AnthonySarah / work123459@gmail.com
WyattRebecca / man654321@hotmail.com

These users both registered on the same day, but from different IP addresses and using different email accounts. Yet the similarities are enough that I am going to assume they are spammers. Notice how they are both female names as well? That’s another tactic that I have seen, given that the overwhelming majority of board owners are male I believe that spammers try using female-sounding names to try to avoid being deleted as quickly. ;-)

I have inactivated (rather than deleted) their accounts so they won’t show up on the memberlist until I have time to do more research. I plan to use the IP addresses and search the server logs to see what their page flow looked like during the registration process.

Does this mean that the Checkbox Challenge is dead? Far from it. It has blocked a huge number of spammer registrations on a variety of boards. And by blocking them before they get registered I can review the domains being used and determine whether I want to ban them or not. So I’m not ready to give up yet. :-)

I’m just curious as to what I will find when I do more investigation on the two listed above.

3 Comments »

  1. For what it is worth I combined this with an question MOD and I have not had a single successful registration since. Previous I had bbProtection which seems to have not been enough. I am hoping with your excellent MOD and a question MOD I am unique enough to be left alone.

    Comment by Esmond Poynton — June 18, 2007 @ 9:02 am

  2. So far the two members I posted about seem to be exceptions rather than a new pattern.

    For what it is worth I combined this with an question MOD and I have not had a single successful registration since.

    I hope you meant that you have not had a single successful spammer registration since. ;-)

    Comment by dave.rathbun — June 25, 2007 @ 9:19 am

  3. Yes, sorry that is what I meant!! :)

    Comment by Esmond Poynton — June 25, 2007 @ 1:49 pm

RSS feed for comments on this post.

Leave a comment

Tags allowed in comments:
<a href="" title=""> <acronym title=""> <blockquote cite=""> <code> <strong> <em> <u> <sup> <sub> <strike>

Confirm submission by clicking only the marked checkbox:

 **             

Powered by WordPress