Unfortunately as with many things like this time has got the better of most of us on the team meaning that we aren’t able to contribute as much as we would like to getting an initial product out of the door.

However, the project is certainly alive and ongoing. Both myself and Dave still have our honey pots online, and the data stored in those should hopefully make the spammers end up in a sticky situation (pun very much intended ). Of course, we are still out looking for people with large boards to join into our discussions about stopping spam on all forum platforms. We are especially looking for people who run Invision and vBulletin style boards for their thoughts and suggestions.

Equally, we’d be very interested in hearing from people who have the power to get more than 24 hours out of a day; I know personally I’d be very much interested in this .

Until next time, take care of yourself and your boards .

For the same amount of emissions you could drive an average car around the Earth 1.6 million times; while spam filtering saves 135 terawatt hours of electricity per year, equivalent to taking 2.3 million cars off the road.

When McColo was taken offline in November 2008 spam volume dropped by around 70%. The report estimates this drop in traffic equated to taking 2.2 million cars off the road, a staggering amount for what could be classed as a trivial problem.

Of course, this report doesn’t detail the type of spam we are interested in; however it does show that by attempting to stop the spammers we can in turn go some way to reducing our emissions into the atmosphere.

If you have the time I can recommend reading the report fully; you will need to register to get the download but it is well worth having a read through to realise how huge the spam problem is we currently face.

It appears that YUNiTi, a social networking site, has been working on a new style of CAPTCHA based on 3D images. Three 3D images are shown and the user has to pick the correct option from a list provided (see the screenshot below for more information or try it out yourself on the registration page)

Of course, this seems like a great idea for us humans who are required to sort through the often complex and hard to read CAPTCHAs, and I’m sure it will keep the bots out for a while until they develop the technology to get through this new style.

However, Dog Cow raised an interesting point that I hadn’t addressed in my previous blog about CAPTCHAs; What about those that are hard of sight and aren’t able to read or even see the CAPTCHA? This new style doesn’t solve that fundamental issue, and it won’t be solved until we have a situation where we no longer need CAPTCHAs.

An interesting debate, as always let us know what you think by commenting below.

What is a CAPTCHA and how does it work?

CAPTCHAs provide a challenge for spambot writers by offering a “confirmation code” in the form of an image which the user is required to enter to proceed with submission of the form. The image is distinguishable by humans however generally automated bots have problems reading the letters until considerable time is spent cracking the CAPTCHA; generating a script that is able to decipher the image and pull the letters out with a high level of accuracy.

The recent spam facing phpBB3 owners is because the CAPTCHA has been cracked and thus spambots are now able to proceed with registrations and posts that six months ago wouldn’t have been possible.

What are the benefits of using a CAPTCHA?

CAPTCHAs are able to stop basic spambots who don’t have the ability to distinguish the particular letters that make up an image. If you had a completely unique CAPTCHA that you had designed the chances are spammers wouldn’t spend the time writing code to try and crack it. However, with large software projects like phpBB the return for cracking the CAPTCHA can be immense; suddenly the spammer has access to a vast number of boards that they wouldn’t have had before.

Any drawbacks of using a CAPTCHA?

A fairly simple rule of thumb is the more the CAPTCHA is used the more spammers will attempt to crack it. So, if you are using the default CAPTCHA in a piece of popular software chances are the spammers have or are attempting to crack it. Once they have your spam defences have shrunk rapidly.

What does this all mean for bbProtection?

We would hope that with bbProtection any CAPTCHA would be redundant. While spammers are able to work at cracking CAPTCHAs and other style of spammer defence they can’t get away from what they are actually trying to post. As we have covered many times previously; by checking the actual registration and post data we are able to sort the spam from genuine users and posts.

We are currently looking to build up a team of board owners who are happy to share their views, experiences and possibly a bit of spammer data with us so that we can make bbProtection the best service that it can be.

You’ll have access to a forum where you will be able to communicate with other board owners selected and generally talk about the spam problem. The bbProtection team will also be available and joining in with discussions.

The requirements for this are simple; if you have a forum that currently has a spam problem then we want to hear from you. Equally, if you are also running a honey pot style system that is gaining a lot of attention we also want to hear from you as well.

If you are interested in joining us send an email to relaunch@bbprotection.net with a link to your board and a little bit of background information about yourself. If you have any questions then feel free shout them out via email and we’ll do our best to answer them.

Of course, by helping us you are also in turn helping out bulletin board owners across the world when we launch the service .

Hopefully the New Year will bring a new method of protecting your bulletin boards from spammers .

This entry has been cross-posted from my own personal blog. Those of you who are following the bbProtection project may also find this piece of news useful. I personally like the work that Dave is doing to ensure the continued success of phpBB2 and thus we will more than likely be releasing a bbProtection client for it when the beta period rolls around .

It’s been a grand old 8 years to the day since phpBB1 hit the software shelves of the Internet and started to gain the interest of users and developers alike. Since then we’ve had many changes; phpBB2 was launched, phpBB 2.2 became 3.0 “Olympus” before finally being sent out of the door last year.

Shortly after the joyous celebrations of Olympus going Gold came the announcement of the retirement of the Grandfather of bulletin board software, phpBB2. It’s been around for many years and the phpBB Group are slowly phasing out support and development time to concentrate on phpBB3 as well as phpBB 3.2 “Ascraeus”.

However, there is plenty of life left in the old dog yet! Therefore Dave, a hardcore phpBB2 advocate, has set up phpBB2Refugees.com; a place where phpBB2 users can congregate after phpBB.com closes its doors on phpBB2. The site is designed to be a continuation of what was typical over at phpBB.com; great support as well as MODs and styles available to download. It may be hard to believe but the site is based on phpBB2; Dave has used a number of modifications to illustrate the point that phpBB2 can and is still used as a fully functional forum system for many sites across the web today.

Although there may be a strong presence of current phpBB.com team members and other phpBB supporters the site is in no way officially endorsed by the phpBB Group, nor is it official in any sense. With that little caveat sorted, get over there and join the launch party.

Advertising Losses

If you are lucky enough to be able to find dedicated advertisers for your board then you probably need to ensure that your board content is held up to certain standards. Unless you’re trying to capture spammer data (a process Mark described quite well in a recent blog post) having spammers run rampant over your board is a problem. Advertisers are not likely to look favorably on a site that doesn’t look like it’s being managed well. I own a board that is earning over $200 monthly from various sources. Clearly I do not want to run the risk of losing that income, so I take measures to prevent spam. But to be honest, the monetary cost is secondary.

Boards Shutting Down

In my opinion, the bigger loss to the Internet as a global community is when board owners simply give up and shut down. I have seen more than one board owner take this approach because they simply can’t deal with the problems presented by spammers. Our family adopted a dog from a local “no kill” shelter a few years ago. Imagine my surprise (and pleasure) to learn that the shelter organization was running a phpBB2 board for adoptive dog owners. Granted this is a board that falls more into the “Local Interest” category than the “Global” concept I mentioned earlier. But the board was still providing a service that was valued by the members.

The board eventually shut down because the administrators felt like the time required to clean the board up every day (and it was literally getting spammed every day) was better spent elsewhere. I wish that I had been able to get involved but at the time I had not yet really started developing any techniques to combat spam, so I probably would not have had much to offer. Now I think I could restart the board with proper protection measures in place, but the site management won’t even consider it.

How Many Boards Have We Lost?

This is just one simple example that I have personal experience with. How many other boards out there have been shut down due to lack of knowledge, lack of time, or sheer frustration? People often run boards for their hobbies or special interests. They do it for the love of their subject and the desire to give something back to the community.

Spammers can suck all of the pleasure out of running a board. When they do that, we all lose.

So just what is a honeypot?

Wikipedia can explain this one better than I can:

In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.

In our terms; we have phpBB installations that are stock, normal installs that you would find across the internet. They haven’t been modified to try and stop spammers, and they are open to attack.

So why run these honeypots then?

Put simply it is beneficial for us to collect as much data as we can get our hands on regarding spammers and their behaviour. This includes the raw registration and post data that we can use later on to refine and make the service better and more able to detect spam.

It also shows really interesting trends that we can compare between honeypots. For example, a massive increase in spam offering degrees and other educational qualifications around the start of September shows that spammers are using targeted dates such as the start of the academic year to attempt to promote their “services”.

How much have you caught?

My honeypot has caught around 10,000 spam posts and around 900 spam user accounts. Dave’s statistics are considerably higher at around 35,000 spam posts and 5,400 users at the time of writing.

Both boards are purely designed to collect data and make it clear that they are doing so, therefore I don’t expect many if any of these posts or registrations to be from anything else than automated bots who just target every forum they find across their warpath.

What have you caught?

Mainly generic spam; medicine, pills, general obscene content and suchlike. More interesting examples include spam hidden in jokes and funny anecdotes as well as the classic fake signature trick that Dave noticed a while back.

Can I run a honeypot?

Of course, providing you have basic web hosting and are able to install a bulletin board. However, be prepared for a serious amount of spam that isn’t necessarily pretty or nice (a lot of spam relates to X rated content). This especially holds true for domains that are more popular than others, for example Dave’s honeypot recieves more spam than mine does; probably related to the fact that his domain has been around a lot longer than mine has and is therefore on more spammer’s lists.

If you do decide to set one up let us know if you spot any interesting trends or patterns appearing

I noticed a post by him citing a new type of comment spam that he and others had started to see happening on blogs that they own and manage. This new style is working to try and hide the links that spammers are attempting to push onto sites, mostly by linking them via a single character on the comment, so that it isn’t obvious when just browsing through the comment itself. Todd’s post also goes into some detail about how spammers try and gain a sense of trust before starting to put links into their posts. I’d recommend reading the article, it’s certainly interesting to hear his thoughts on the spam issue and new trends that he and others are seeing.

Bots are relative easy to beat but if spammers are using real people to leave relevant comments linking to their spam sites this will be a bigger challenge.

This quote was of interest to me because it goes a long way in summing up what bbProtection is and just why it works. When checking and filtering spam you need to actually check what is being submitted rather than who is submitting it. Of course, certain checks on a particular spammers IP range or other details relating to the submission can prove useful when checking if a post is spam or not but if a system is checking the actual content of the post then spammers are going to find it increasingly difficult to get their posts and registrations through the system.

bbProtection is designed with the bulletin board in mind but we would of course welcome anyone to use our open API to design a system that works for different blog packages as well. However, more about that in a later post .