Customizing SMF > Building Your Community and other Forum Advice

A Guide to Combating Spam on a Simple Machines Forum

<< < (2/12) > >>

Augster:

--- Quote from: Shawn Gossman on September 17, 2011, 04:23:20 AM ---Combating Spam on a Simple Machines Forum (Version 2.0)
By: Shawn J. Gossman (www.AnotherAdminForum.com [nofollow])

I suggest Email Activation and what this means is that a user will join and then be sent a link in their email (the one they used to join with) and it will require them to activate their account. Many times, spam bots and such use fake emails that don’t work when attempting to join forums. If the email doesn’t work, how will they activate the account!? You could also choose Admin Approval which will require you and/or other Administrators to manually approve new members when they join.
--- End quote ---

This feature is no longer truly protective as my forum is now being successfully registered via bots even with e-mail activation.  They definitely have successfully defeated the CAPTCHA and reCAPTCHA verification system as neither has stopped the bots, even at the most extreme setting.

Perusing the various user names, IP's and e-mails utilized to successfully register, there isn't any one readily identifiable method to easily distinguish the spam bots utilizing the built-in tools of SMF 2.0.



--- Quote from: Shawn Gossman on September 17, 2011, 04:23:20 AM ---I would enable the Questions Verification as this feature is often one of the best lines of defense on an SMF community.
--- End quote ---

Yes I wholeheartedly concur with this recommendation.  What I determined so far as of today (September 22, 2011), enabling this registration requirement has completely eliminated spam bots from registering.  I do have 3 questions required, although they are rather simple ones for humans to understand and answer.  I have now switched back to e-mail activation versus Admin approval but enabled notification of new registrations so I can finally once again step back from having to micro-manage my forums.

Account Abandoned:
Although it isn't fully protective, it still does protect your better than having it instant activation, there are still some spam bots that cannot get through it :)

oversee:
I know there are employers in India that hire data entry people to decode captcha. I am assuming they are doing it realtime - the bot tries to register and sends the captcha to the people who enter it and then the bot continues the registration process. I would imagine eventually they will do the same with the question, but I haven't seen any evidence of this yet. Do you have any ideas what we can do when they get to this point?
I have also seen an advertisement asking for a program that would generate new valid email addresses at 15 minute intervals. They could use the same email address to join hundreds of forums but there would not be any way for the individual forum owner to know this.
I know that some forums require an introductory post before the member can post anywhere else. I saw one forum that took new members to a topic called spam, and the new members had to post three times there before they could make a post in the real forum. The spam topic wasn't visible to members. What do you think of this idea?
This has probably been asked before, but I am worried. I have had hundreds of bots join in the last few days. Is there any other damage these bots can do besides posting spam and clogging my server? I have my forum set up so the member can't post any links until they have made 10 posts. Is there another threat from these bots I should be aware of?
I have a friend who doesn't delete the bots because he says having more members increases his advertising revenue. Is this a valid approach, or is he asking for trouble?
I have also seen job listings asking for email addresses scraped from forums. In my opinion, I don't think there is any reason to allow email addresses to be shown. If a member wants to contact another member, they can send a private message.

captaingeek:
good guide. thanks!

can someone disable post verification on my account here??

sambling:
You shouldn't allow members with under 3 posts to edit there own profiles.... That stops profile spam.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version