FAQ  |  Search  |  Register  |  Profile  |  Log in to check your private messages  |  Log in
YaBB, PHPBB, Spam and Best Practices

 
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions
View previous topic :: View next topic  
Author Message
Axis
-


Joined: 29 Sep 2003
Posts: 336
PostPosted: Sat Nov 25, 2006 11:33 pm    Post subject: YaBB, PHPBB, Spam and Best Practices Reply with quote
Hello Abyss People--

I am seeking intelligent input from all those people who are using BB systems, especially phpbb and yabb.

I am using both on several sites but here is my concern. Let's suppose you have the highest level security set on either bb, i.e., you have visual confirmation and email verification for new registrations.

Along comes a spammer who is a real person and they go through registering and posting a spam. You, as administrator, can delete the spam post but you'll probably want to ban their username and ip as well. However, on phpbb I don't think you will remove them from the memberlist unless you also delete them as a user. So you might as well skip the ban username part and just delete them from membership? On phpbb memberlists are exposed to robots because you do not need to be logged-in to see them. And spammers love any chance they can get to have their url published.

If you delete them as a member, they will be removed from the memberlist but now they have the option of using the same email address and re-registering. :-(

On the latest YaBB, the memberlist is not exposed unless you are registered and logged-in, which is nice. But again, if you are spammed you can delete message and ban member. So is there any point in deleting them as a member after banning. By not removing their membership you freeze at least one email address from posting again.

Or is it smarter to just delete and remove and let them go through the whole process again.

On my phpbb, I just hacked it so there is no memberlist.

I am just wondering what other people think is wise here, especially if you have had alot troubles with spammers and bb's.


Kind Regards,
Axis
Back to top View user's profile Send private message
AbyssUnderground
-


Joined: 31 Dec 2004
Posts: 3855
PostPosted: Sun Nov 26, 2006 12:17 am    Post subject: Reply with quote
I see your point and I agree with what you are saying. This forum especially is spammed that way. The only way to prevent it is to disable profiles until you have signed up and verified the e-mail, and also to disable the member list and forum browsing until verfied also.
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk
Back to top View user's profile Send private message Visit poster's website
erskie
-


Joined: 16 Jan 2004
Posts: 31
Location: ALL over
PostPosted: Sun Nov 26, 2006 1:01 am    Post subject: Reply with quote
Agreed. However, PHPBB has a very popular hack which forces login before anything else is available - I use this myself, and it means you do not have to hide the memberlist.

My own site is for a closed group, which means that even the login page is not available unless the user can get through the Abyss login. The only reason I do this is uneducated paranoia about being visible on the web.

I would be interested in what sort of experience people have had when exposing their sites to the wild and woolley web, and if any one forum is more robust than others?
_________________
'Smile', he said, 'things could get worse...'

So I smiled, and things got worse...
Back to top View user's profile Send private message
Axis
-


Joined: 29 Sep 2003
Posts: 336
PostPosted: Sun Nov 26, 2006 2:02 am    Post subject: Reply with quote
Hi erskie and Andy--

I guess that the problem is that people generally *want* browsing people and search engines to be able to read the material whether they want to log-in and register or not. In many tech and software related sites you want to see if the answer is already there before feeling the need to register, log-in and post a question.

I think phpbb's see-able by anyone memberlists is one of it's drawbacks and YaBB has this covered. YaBB also allows an administrator (or any registered user) to get global email notifications to a whole board at a time and not just threads, although if it was used on a very active bb it would just be not what you need. If your bb is less busy it can be very valuable.

Still, in both of YaBB and PHP BB one question is do I ban the member or remove them. Banning the member will not allow the email address used to be re-used. But they leave the scar on the memberlist. Getting them off the memberlist (by deleting the user) lets them use the address again.

And on and on it goes. It seems worse every year. And in the U.S. on Thanksgiving Day the spam people were very much at work.

Thanks for both your responses. And any more to follow.

Regards,
Axis
Back to top View user's profile Send private message
hc2995
-


Joined: 07 Aug 2006
Posts: 644
Location: Maryland, USA
PostPosted: Sun Nov 26, 2006 2:26 am    Post subject: Reply with quote
Hello everyone, this can help ;)


http://www.phpbb.com/phpBB/viewtopic.php?t=427852
_________________
Where have i been? School got heck-tick, had to move half way around the state, then back... and then i had to change jobs, so iv been away for a while :P
Back to top View user's profile Send private message AIM Address
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group