How do you kill a robot?

I've sent a PM to Sarah Conner. She should have some advice.

Funny...

How to kill a Robot
As far as I see it, you have a couple of options available to you:

● block by IP address, but I assume that the spammer will be using variable IP addresses
● introduce an image element in the sign-up form

The second option will prevent any further bots from encroaching on your forum, and this is probably your best solution.
You can pick one of these up from many places, or build one yourself, it's fairly simple in PHP with the GD capabilities.

Hope this helps?!

Ash

The real problem is simply that the web site allows bots to access the profile.php and posting.php, which should never be allowed on any site.
It is easy to rectify with 15 very simple lines added to the http.conf file. What amazes me is that no one has ever mentioned it before, and I really cannot believe that any real webmaster or hosted site manager would not know exactly how to go about it. Instead, you are left to inconvenience your potential new users with deciphering an image, which many will simply not be bothered with.
This particular board is so paranoid about bot posts and their subsequent spam links that they have disallowed posting of external links, and they also have filters that prevent me from actually posting the 15 http.conf lines that would essentially stop all bot activity if they were used universally on every site and hosting service. Does not say good things about their own confidence in the ability of image verification systems to prevent bot registration now, does it?
The sad thing is that their paranoia prevents me from listing the lines required here, so if you desire this information you will just have to find a way to contact me other than this board.

Good idea GMPCM, but I'm not using PHPBB anymore. I'm using a forum that I wrote my self now and have eliminated this problem with a graphical pass key that users have to read and type pefore they can get to any place where they can post. Works great. Dealing with bots is a little beyond my skill, but I have the problem licked for now. Thanks for the reply.

By the way, you could always eMail that code to me. My website link is on the www button on this post, and it's admin before the @, and my website name after the @.

Don't think we can post email addresses, so you can figure it out.

Sure, I would be happy to. Should be in your inbox now if my assumptions for your email address were correct.

What really concerns me is all the phpbb boards I have seen where the owner has simply given up on spam post removal. I guess they do not realize that if this becomes the norm, our search engines will be about as useful as a ranking page for porn sites. IOW, if a board has gotten so out of hand that the owner does not have time to either manage it or implement the simple configuration changes I mention, they really need to take it off line, as the presence of these forgotten boards will effect the usefulness of the internet for all of us sooner or later.

Sarcasm does not become you, my friend.

Sure it does But that was so long ago that I don't recall what my mood was. Probably frustrated by a robot.

try to find more people and make your forum community bigger so there will be moderators on-line 24 hours a day!

it's the only solution to protect yourself 100%

It hasn't appeared a safety automated system yet!

I use an automated system I developed that prevents spam posts from real users, and the lines of conf file additions I mentioned previously for the spam bots. Its 100% effective, never had even one spam post make it in as the registrations are deleted instantly even if they were to ever get lucky. Although the monitoring module will likely never make it into a distributed form, it uses an artificial intelligence engine that we also develop, which happens to be available to the public. The anti-spam aspects of the monitoring module are really insignificant compared to its other capabilities such as real-time access log display, AI predictive analysis, etc.

The simple conf file changes make bot registration and posts impossible and spam posts from a real user are extremely rare, so monitoring software is really not much of an issue.
I think the only real problem here is with those that use website hosting rather than operation of their own web server, where direct control of the apache configuration file is not possible. In those circumstances one could easily request that those additions be made to the hosting providers server config file.

Preventing bots from accessing sensitive areas of a site is quite an elementary task for any proficient web site operator. The fact is that if you are having bot registrations issues and you are running your own server, it is a direct indication that you have little or no security measures in place and probably lack sufficient understanding of site security implementation in general.
In such a case it's likely just a matter of time before a sql injection or other exploit manages to cross your path, so your site is pretty much temporary anyway. Just something to think about.

try the robot.txt in the website root

ooo yea that should help a whole lot.

Captcha is the biggest key to all such problems.

But you can also employ askimet heuristics for an even more comprehensive solution (but mod your app to queue matches for review in case of false-positives).