[TriLUG] phpBB and spam FW: Activate user account

[Peter Neilson]

Jason Watts wrote:
> A friend of mine uses phpBB.  I know one of his methods was to validate each
> user individually... He eventually switched to another board type...  He got
> hacked and was being used as a spam email generator several times.

With my tech-writer hat on, I was looking for free-lance TW jobs, and 
came across some that involved "writing" to get past captcha and other 
filters. Particularly obvious were the ones asking, "Help us post on 
Craig List. Must have xx identities or more." Neither my hourly rate nor 
my ethics were low enough for those jobs to captcha my interest.

I think that there are existing hacks to unravel captcha presentations 
automatically, although I've not looked for them.

I've heard that the best filters are the ones you build yourself, such 
as asking, "Please enter the sum of 15, three and 22." Your program of 
course selects the numbers at random each time.

Another method, precisely matched to the religious nature of the website 
(although perhaps overly daunting), would be to use Scripture or 
tradition: "Add Lent to the Days in the Wilderness. What is the result?" 
"Fill in the blank: Matthew, Mark, ____." If those prove insufficient, 
you can go a bit deeper: "Explain the Book of Job." "Did Adam have a 
navel? Discuss from at least three perspectives." "Salvation through 
works or through faith? Discuss both perspectives in 500 words or 
fewer." "Millerite religions: Your personal view, please, refraining 
from invective."