On Sun, Oct 08, 2006 at 10:22:20PM +0800, Gavin Rogers wrote: > Package: phpbb2 > Version: 2.0.21-4 > Severity: wishlist > > > I run a 400 user PHPBB2 board and have constant battles with spam > bots registering accounts automatically. Phpbb2 requires more > effective armour against bots registering accounts on phpbb2 boards > to spam advertise their URL on the phpbb2 memberlist. > > As noted in [1] the phpbb2 "captcha" is an ineffective method to deal > with fake registrations. Phpbb2 needs a confirmation image that is > more difficult to apply automated character recognition to. > > Phpbb2 should not show a member's web page URL on the memberlist > until their registration is confirmed (if the board owner has enabled > confirmation), or as suggested in [2] it should attempt to "confuse" > automated registration bots. > > If configured for email confirmation, phpbb2 sends email to the email > address the user specifies in their registration information for > confirmation. Phpbb2 should provide a bounced email handler (such as > the way the mailman mailing list manager handles bounced addresses) > that disables or otherwise flags new accounts with invalid > registration email addresses.
I happen to also run forums.debian.net, and I know what you're talking about... Currently anti-spam is reasonable effective, so eh, I should upload our current approach (which involves a much better captcha). About the accounts being listed before they are confirmed, eh, yes. More importantly, those accounts never disappear. Totally different issue though. --Jeroen -- Jeroen van Wolffelaar [EMAIL PROTECTED] (also for Jabber & MSN; ICQ: 33944357) http://Jeroen.A-Eskwadraat.nl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
