Control Spam in SMF 2.0

Started by shubha, April 19, 2012, 02:45:15 AM

Previous topic - Next topic

shubha

Hello,
I will be totally strange when my website in Xrumer 2012.



Follow these methods-

1) Install the Forum Firewall ,Bad Behaviour Mod,httpbl,stop forum spam,bot scouster.

2) Do not use the cloudflare. Cloudflare security is easy to break. You can not banned the hostname of cloudflare.All the members will get banned include the admin.

3) Spammers are come for the links only. Install these three mod also-

Prevent Adding Signature and Links Mod
Permission for Website Url Of Users
Hide Links

4) Remove the permission of "view other profile" from Guest Area.Spammers always try to make the profile backlinks.

5) Add the question from the Anti SPAM ( Configuration->Security and Moderation -> Anti Spam ). Change the Anti Spam question every 10 days.

6) Do not allow the guest posting.

7) Use this in Anti Spam (HelpPost count under which users must pass verification to make a post) .Minimum four post require for the members.

8) Try to avoid create backlinks in Russia(.ru) and China (.cn). Both are the famous for spamming.

You may purchase and use the additional feature "block script" which is not available here.

SPAMMER CHOICE IP ADDRESS

.........SPAM WILL BE UNDER CONTROL........




damoncloudflare

"2) Do not use the cloudflare. Cloudflare security is easy to break. You can not banned the hostname of cloudflare.All the members will get banned include the admin."
Not sure what the issue is here. We actually help cut down spam a great deal as well. Are you having issues because the IPs show as CloudFlare's?

NanoSector

Moved to "Tips and Tricks" since that's probably the best home for this topic :)
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

shubha

Quote from: damoncloudflare on April 19, 2012, 03:22:54 PM
"2) Do not use the cloudflare. Cloudflare security is easy to break. You can not banned the hostname of cloudflare.All the members will get banned include the admin."
Not sure what the issue is here. We actually help cut down spam a great deal as well. Are you having issues because the IPs show as CloudFlare's?

Captcha is easy to break. And cloudflare use the Project Honey Pot same as Forum Firewall mod or Bad Behaviour mod are used.


butchs

Forum Firewall mod and Bad Behaviour are designed to work with Cloudflare.  I use all three.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

shubha

Great Job has been already done by you. But if i will use cloudflare only. Spammer break easily.And when i have block the hostname of cloudflare.Include admin and members all got block.


butchs

To use cloudflare in SMF you can use this this mod.  Which is listed in the CF wiki.  The mod allows your real visitors IP addresses to show in the Users list.

For Forum Firewall make the following settings:
Visitor IP call to Proxy -->  HTTP_CF_CONNECTING_IP
HelpProxy Header ID -->  Cf-Connecting-Ip

For Bad Behavior:
Enable Reverse Proxy -->  checked
IP call to Reverse Proxy --> Cf-Connecting-Ip

;)
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

shubha

#7
ok.I have find out one more thing . Spammers attack on the IP address. It is easy to break.A shared IP address contain more websites and it is easy to spam. Have you look at "Block script".


Robert.

I've had many issues with Cloudflare. The administrator eventually removed Cloudflare after a few days. And I agree, Captcha is easy to break and it has been done before so many times. The best way to use Captcha: just don't! :D

damoncloudflare

"I've had many issues with Cloudflare"

What kind of issues?

"It is easy to break.A shared IP address contain more websites and it is easy to spam"
Not if they are getting trapped in a honeypot.

shubha

Quote from: damoncloudflare on April 26, 2012, 08:22:46 PM
"I've had many issues with Cloudflare"

What kind of issues?

"It is easy to break.A shared IP address contain more websites and it is easy to spam"
Not if they are getting trapped in a honeypot.

Captcha is easy to break, everybody knows.

As i already said , can not ban the cloudflare ip address or hostname . Admin and all members get block.

And if the spammer start from new ip address , project honey pot fails.


butchs

Quote from: shubha on April 26, 2012, 10:47:13 PM
As i already said , can not ban the cloudflare ip address or hostname . Admin and all members get block.

And if the spammer start from new ip address , project honey pot fails.

IP is no issue when you use this mod.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

ssullivan

Preventing all those things will only make them create accounts uselessly. That's an advantage.
But they don't care if the links stick or not. They want to blast as many as possible, in as little time as possible.

So unless you stop them (actually) on signup, they already made harm to you (database pollution with useless data / users, and extra work).

shubha

Quote from: ssullivan on May 23, 2012, 04:28:00 PM
Preventing all those things will only make them create accounts uselessly. That's an advantage.
But they don't care if the links stick or not. They want to blast as many as possible, in as little time as possible.

So unless you stop them (actually) on signup, they already made harm to you (database pollution with useless data / users, and extra work).
They did not attack on the google product such as blogger . A small demo, in the wordpress websites generate the 100 k comments as backlinks but in blogger whereas not a single software offer on the net about blogger.They know very well ,don't want de-indexed and other......Google will give a big big...........


Robert lee

I've had many concerns with Cloudflare. The manager gradually eliminated Cloudflare after a few periods. And I acknowledge, Captcha is simple to separate and it has been done before so many periods.

BinkyM

Quote from: shubha on April 19, 2012, 02:45:15 AM
1) Install the Forum Firewall ,Bad Behaviour Mod,httpbl,stop forum spam,bot scouster.

Hi, shubha:

I give up; what'd you mean to type when you typed "bot scouster"? I've made several stabs at "scouster" (because "bot" is most likely right), and I'm not finding that mod. Gimme a clue, please, Mr Fat Fingers? Thanks!

Binky

BinkyM

Hi again, shubha:

You refer to the mod "Permission for Website Url Of Users," but there isn't one. Perhaps you mean "Permission for Website url in Profile"? That seems the most likely.

(You're right! I'm methodically going through your message installing things you recommend, as someone came into my test forum and posted a message about phentermine, and I'm trying to make sure it doesn't happen often when my forum goes live.)

Binky

Arantor

Quote1) Install the Forum Firewall ,Bad Behaviour Mod,httpbl,stop forum spam,bot scouster.

Bad Behaviour includes httpBL support. You do not need both Bad Behaviour+httpBL and SFS and in any case it is still not really desirable to use SFS as too many false positives are there. The last mod referred to is BotScouter, not scouster.

Quote2) Do not use the cloudflare. Cloudflare security is easy to break. You can not banned the hostname of cloudflare.All the members will get banned include the admin.

Not issues if you use the CF mod available, but I've heard too many stories of people having trouble to be convinced of its reliability. Any method that makes it harder for legitimate members to use the site is counter-productive.

Quote3) Spammers are come for the links only. Install these three mod also-

Prevent Adding Signature and Links Mod
Permission for Website Url Of Users
Hide Links

You could just use Anti Spam Links which would reduce the issues with the others too.

Quote4) Remove the permission of "view other profile" from Guest Area.Spammers always try to make the profile backlinks.

That's just good practice. I still have no idea why SMF turns that on by default.

Quote5) Add the question from the Anti SPAM ( Configuration->Security and Moderation -> Anti Spam ). Change the Anti Spam question every 10 days.

THIS is the single most important measure in my opinion. You get to avoid a lot of spam just by writing a single good question. You don't have to change it every 10 days, I find that I can set a question and months later I'm still not seeing spam.

Quote6) Do not allow the guest posting.

It's not enabled by default and seems to be just good sense to me.

Quote7) Use this in Anti Spam (HelpPost count under which users must pass verification to make a post) .Minimum four post require for the members.

As already indicated this one would certainly help. And probably help more than the other suggestions there - it isn't about preventing them from having signatures, it's about preventing them from misusing them.

Quote8) Try to avoid create backlinks in Russia(.ru) and China (.cn). Both are the famous for spamming.

Huh? I don't think it makes any real difference actually...

butchs

Quote from: Arantor on June 10, 2012, 10:09:12 AM
Not issues if you use the CF mod available, but I've heard too many stories of people having trouble to be convinced of its reliability. Any method that makes it harder for legitimate members to use the site is counter-productive.

I like cloudflare (CF).  I have used it since it's conception.  You can tame it down by adjusting the settings.  One feature I love it that it has the ability to detect countries.  Without having to worry about my server admin forgetting up update GeoIP when they update the server software.  I can remember at least three (3) times my site went down due to htaccess calls to GeoIP when the site software was updated.

This is no longer a problem...  I use the free CF country detection feature with my Forum Firewall mod to block undesirable countries like russia, china and many other non-USA friendlies...  With zero downtime...

:-X
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Arantor

Oh, I have no doubt that you've got it working well, since I know how enthusiastic you are about it. All I know is how many people I've heard that have had troubles - though I wouldn't be surprised if a decent percentage of those were configuration type issues.

Advertisement: