PDA

View Full Version : Forum registration verifiication image is broken


Milhouse
2006-12-13, 05:13
I just tried to see how easy it is to sign up to this forum with a dummy account (promoted by user mutato with 8 spams in a day) and I see that the image designed to prevent automated registrations is broken - it shows a broken image link and of course it's now impossible for legitimate users to sign up to the forum.

Quite how mutato managed to sign up today I've no idea - when was the image verification function added to the registration page? If it was added before 12 Dec 2006 (the date mutato joined) there must be an exploit in the forum software which allows automated registration.

The url for the verification image appears to be:

http://www.internettablettalk.com/forums/image.php?type=regcheck&imagehash=ea8bde62a30242359397760864cc3a96

which results in the following php error:


Fatal error: Call to undefined function: imagecreatetruecolor() in /home/tabtalk/public_html/forums/image.php on line 102

Reggie
2006-12-13, 17:17
We tried recompiling apache last night and missed installing GD. This was done after mutato registered and posted all the spam. FYI, these spammers believe it or not, go through the manual process of registration, with email verification, and have their automated posting app to do the posting. Real crazy.

It should be working now. Thanks for reporting it.

Hedgecore
2006-12-14, 15:30
What about a captcha for every post? Shouldn't be *too* much of a pain in the ***.

aflegg
2006-12-18, 10:24
What about a captcha for every post? Shouldn't be *too* much of a pain in the ***.

I think it would be. For each new *thread*, however, that seems like a good compromise.

Cheers,

ANdrew

Hedgecore
2006-12-18, 14:31
That's worth it... though consider the alternative; unable to automatically create new threads legit ones become bombarded by spam.

Is it possible to force captchas for a user's first 20 posts? (Posting 20 legitimate messages before launching a spam barrage seems like a lot of work for a spammer)

aflegg
2006-12-18, 14:38
Captchas for first 20 posts sounds perfect.

Milhouse
2006-12-18, 19:50
Captchas for first 20 posts sounds perfect.

Sounds like a reasonable compromise to me.

TA-t3
2006-12-19, 09:03
Some other forums I've visited lately use posting captchas, I felt it was no bother at all really. Go for it.

Reggie
2006-12-20, 15:55
Ok, no spammers lately. I created a new field that a new member should answer during registration:

Enter the first letter of the word "Nokia".

Spammers don't seem to know the answer. lol

Milhouse
2006-12-22, 07:51
Still getting spam, so they're learning quickly! I guess if the spammers are registering manually but automating the actual posting, there's little you can do to prevent them from signing up in the first place.

Something else to consider - can you prevent the posting of messages that include URLs until the poster has 5 posts under their belt? It will be annoying for legit users, but may confuse the bots.

Hedgecore
2006-12-22, 15:05
Lists of cell phones containing an email address don't have URLs in them. I say captcha their asses, at least make them work to spam us.

Reggie
2006-12-22, 15:10
Thanks for the suggestions. The site's customized vbulletin version does not support captcha on replies yet. It might take some time to upgrade it since it is customized to work with the blog and the content management system. I'll see if I can find hacks for it though.

Hedgecore
2006-12-22, 17:06
Since they're interested in the site, you could also forward every new post to the email they're using to hawk their goods. ;)

(Obviously that'd invite retaliation, but in principle it's drole.)