Mark's Blog

Another milestone clocked up for spammers across the world as the phpBB3 GD CAPTCHA has been officially cracked, causing an explosion of extra spam registrations and posts that most phpBB3 owners haven’t seen thus far. Unfortunately it was only a matter of time before the spammers’ automated tools were tailored to be able to read the phpBB3 CAPTCHA; however if you are keeping up with phpBB development you would have seen some interesting improvements going into trunk for 3.0.5 that hopefully will help with this spammer plague that we all seem to have come down with.

In another spammer experiment I’ve added another phpBB3 board with the GD CAPTCHA enabled on its default setting to the rotation script that governs which honeypot the spammers get sent to. The CAPTCHA settings are the same ones that are distributed with the phpBB (3.0.4) download package (GD set to on, foreground noise set to off, and X and Y noise set to 25).

Of course, I’d love nothing more than to present all of you with the opportunity to use bbProtection however we aren’t quite at that stage yet. However, now would be a great time to lend us a hand by contributing to our ongoing “bbProtection Needs You” campaign; more information available on that over at the bbProtection Blog .

While most of us are feeling well and truly stuffed from the mammoth amount of turkey and trimmings we’ve consumed over the afternoon spammers continue to unleash their rubbish on unsuspecting boards across the Internet.

Thanks to the invention of automated posting bots the spam barrage continues, 24 hours a day, 7 days a week for 365 (366 if we’re making the leap ) days a year. Let’s take a look at a couple of statistics from my honeypots over the festive 24 hour period:

• 40 spam accounts registered for the boards
• The spammers posted 35 posts over the 24 hour period in 30 topics

However most spam posted seems to be pretty automated, so maybe the head honchos of spam give the human spammers the day off; we can at least hope they do .

Well, it’s taken them a fair old while in spammer terms but they have finally arrived at blog.markbarnes.org . The delay may have been due to the fact that I don’t believe I’ve hosted a blog on this particular subdomain before; if the blog was launched on the traditional markbarnes.org domain I suspect that they would have reached us a lot quicker (the old blog had some 10,000 spam messages pass through its doors at the time of closing).

Regardless, they are here and I fear they may be staying around as well . Let’s hope Akismet is as good at catching spam as they make out .

As some of you may already know, I’ve been running a honeypot for quite a while now to collect data for the bbProtection service as well as using it to monitor interesting spam patterns.

The pot is a basic install of phpBB3 without any modifications, and with user registration set to no authentication. There is currently one forum that spammers are able to leave messages in and a link to another pot run by Dave “drathbun” Rathbun. Dave’s pot currently has around 30,000 posts, an absolute mammoth amount of spam in the relatively short time that it has been set up.

So, it is with a little twinge of sadness that I report that the pot has reached 10,000 spam posts inside it. I suppose I am currently fortunate in the fact that I currently don’t have any boards of my own to run and so don’t really see the spam problem on a day-to-day basis. But for someone like Dave or any other board owner out there this is clearly a real problem.

Hopefully bbProtection will go a long way to solving this problem and allowing board owners to concentrate on running their communities rather than sorting out spam, but for now I’ll keep running the pot and see what flies in .