phpBB Weekly #077
Audio clip: Adobe Flash Player (version 9 or above) is required to play this audio clip. Download the latest version here. You also need to have JavaScript enabled in your browser.
Download MP3 Episode (53.1 MB)
Episode Duration: 1:32:51
On This Episode: Douglas Bell (Fountain of Apples) and David Lewis (Highway of Life)
Sponsor: Try GotoMeeting free for 30 days! For this special offer, visit www.gotomeeting.com/techpodcasts/.
We start out this episode of phpBB Weekly first by taking a look back at last weekend’s MOD Authors Convention and briefly recapping some of it (see last week’s episode for full coverage of the event). Then, we tackle a topic that we didn’t get to last week: a discussion about CAPTCHAs in phpBB, as well as some of the difficulties of utilizing CAPTCHAs in open-source projects, along with a look at some of the other efforts at preventing spambot registration on various websites. The moral of the story: whatever you do, turn on User Activation in your phpBB Settings, because no CAPTCHA is perfect.
Then, we turn to the first part of our segment on “Building a Successful Community,” in which Douglas and David discuss the things that a user who wants to create a brand new community needs to plan out from the start, and the skills and qualities that new administrators will need for their community to be successful in the long run. Most of the content for this segment comes out of Patrick O’Keefe’s book, Managing Online Forums.
The MOD of the Week is th23 Domain by th23, and the Style of the Week is Black Pearl by Mighty Gorgon.
phpBB Weekly is a proud member of the Tech Podcast Network. Check them out for other great technology podcasts.
2 Comments
RSS feed for comments on this post.
Thanks for the mention.
A few bits of feedback from this episode…
User Activation is not effective a bot-prevention mechanism. There are plenty of bots that can create a new email account and use it to register. I’ve been running a honey-pot (bait) board for a bit over a month and have nothing but bot registrations, and I have user activation turned on. I have posted about this particular board on my blog a couple of times; the statistics for user registrations and posts are in the One Month Status Report blog post here:
http://www.phpbbdoctor.com/blog/2008/09/13/unprotected-phpbb2-board-one-month-status-report/
Bottom line: user activation is important, but it does not do anything to protect your board against sophisticated bots. It’s about as good as the standard phpBB2 visual confirmation in that regard. The primary advantage of user activation is, in fact, for legitimate users, as it helps make sure they don’t put any typos in their email address as they register. Bots don’t make typos.
The “one-click” spammer option that Highway mentioned does exist as a MOD for phpBB2, it just hasn’t been published yet.
I wrote code I call the phpBBDoctor Spammer Hammer that performs the following steps:
1. Logs the user out (removes their information from the sessions table, if present)
2. Marks their account inactive
3. Changes their activation key, so they cannot use the “resend activation” option to get active again
4. Captures all posts made by the bot / spammer into a single topic in a hidden forum. This includes topics started by the bot / spammer and any replies by regular users to those topics.
None of the information is deleted, it is simply moved to a hidden forum. That way I preserve the evidence (such that it is) in case I want to try to take any action against the spammer.