Unprotected phpBB2 Board: One Month Status Report
Before I get into the statistics I think a disclaimer should be made. About a month ago I set up an “unprotected” phpBB2 board on a domain that had formerly had a phpBB2 board. (Technically it’s on a subdomain but the point remains valid.) I was a bit surprised by how quickly this domain was found and overrun by spammers so I set up another unprotected board a few weeks later on a domain that had never had a forum. That second domain – at least so far – remains undiscovered and untouched.
But the first domain… it’s really in bad shape.
Spam User Registrations
User registrations are on the rise, meaning I’m getting more users registering every day. The average users per day (as reported by the Admin panel) is just under 15 right now. The first chart below shows the daily count of new users, and the following chart shows the cumulative count. They both look bad, don’t they?
First, the daily user registration count. I got a bump about a week ago and have seen more than double-digit user registrations for most of September.
The total user count has a disturbing upward trend.
Spam Post Statistics
The posting activity looks just as bad. For some reason, there was a major dip yesterday, but the total number of posts is climbing quite nicely.
First, the posting activity per day. The high point was on September 6 when I got 970 posts in one 24 hour period. The last data point was for September 12 when the posting activity dropped to “only” 187 spam posts for the day.
There is a slight dip in the cumulative chart shown below due to the relative slow day yesterday, but the overall trend is not good. Remember that so far each and every one of these posts is a spammer. There are even a few spammers that have replied to other spammer topics in the last few days. Given that I have a cron job that moves every topic into a hidden forum every ten minutes, a spammer has to work fairly quickly to reply to a topic before it’s moved out of public view.
Conclusion
Back to the disclaimer from the first paragraph. I think it’s important to reiterate that I set up this “bait” board (also known as a honey pot) on a domain that had previously been discovered by spammers. The length of time it took the spammers to find it (two days) was probably a direct result of that action. The other honey pot I set up two weeks ago has yet to receive a single registration, spammer or otherwise.
But once a board gets discovered, it can obviously be overrun quite quickly. I don’t think that’s news. Fortunately there are some easy steps that can be taken (the RAC MOD for one, my own Checkbox Challenge is another) to protect boards from spammer registrations. And hopefully soon we’ll see the return of the bbProtection service. That service will make use of patterns on boards across the web, so the data I’m collecting right now should prove to be useful. I am going to post a few observations on that in my next post.