Hey,
Some of you may have noticed a growing trend in Russian bots posting an obscene amount of spam on the boards. We've had at least three previous attempts to nip this in the bud, two temporarily successful and one heinously unsuccessful.
The unsuccessful attempt revolved around enabling phpBB's visual confirmation mode for new user registrations. I notice that the phpBB team have now enabled this by default in the latest version, and I'm going to be highly amused when they discover (as we did) that there is already a pretty clever bot out there that has no problem parsing the PNG file it generates (and I remember telling Saber there would be stuff out there before too much longer that would have this capability). I know both Nate and I have a degree of respect for the spambot writer for managing to write something that is able to defeat an (albeit crap) Turing-esque test.
phpBB's defences suck, then (like we didn't know that already), so we had to come up with something ourselves. I added some forensic code to the boards so we could figure out what the bots were doing, I analysed the results following another attack, had a chat about the situation with Nate and Radix, and then I wrote an aggressive honeypot "security through obscurity" patch, which has just been installed. Security through obscurity is frowned upon by most security minded people (myself included), but unfortunately there's not much option in this case when you're using someone else's software.
So, if you encounter any weirdness regarding registration or editing your profile, please let us know, as the patch may be responsible. We've tested with all the browsers we've got and there don't appear to be any problems.
I'd also like to apologise to the mods who had to clean up the mess after the last spam attack, but it was necessary that it took place so we had some forensic data to work with.
If you're interested in what the patch does, have a look at the source code of the registration page and do a search for "honeypot". You should be able to figure it out from there.
-grenola
Some of you may have noticed a growing trend in Russian bots posting an obscene amount of spam on the boards. We've had at least three previous attempts to nip this in the bud, two temporarily successful and one heinously unsuccessful.
The unsuccessful attempt revolved around enabling phpBB's visual confirmation mode for new user registrations. I notice that the phpBB team have now enabled this by default in the latest version, and I'm going to be highly amused when they discover (as we did) that there is already a pretty clever bot out there that has no problem parsing the PNG file it generates (and I remember telling Saber there would be stuff out there before too much longer that would have this capability). I know both Nate and I have a degree of respect for the spambot writer for managing to write something that is able to defeat an (albeit crap) Turing-esque test.
phpBB's defences suck, then (like we didn't know that already), so we had to come up with something ourselves. I added some forensic code to the boards so we could figure out what the bots were doing, I analysed the results following another attack, had a chat about the situation with Nate and Radix, and then I wrote an aggressive honeypot "security through obscurity" patch, which has just been installed. Security through obscurity is frowned upon by most security minded people (myself included), but unfortunately there's not much option in this case when you're using someone else's software.
So, if you encounter any weirdness regarding registration or editing your profile, please let us know, as the patch may be responsible. We've tested with all the browsers we've got and there don't appear to be any problems.
I'd also like to apologise to the mods who had to clean up the mess after the last spam attack, but it was necessary that it took place so we had some forensic data to work with.
If you're interested in what the patch does, have a look at the source code of the registration page and do a search for "honeypot". You should be able to figure it out from there.
-grenola
Thread title: