On spam protection

[Goldengirl71]

I see your section on Mods, and I am overwhelmed with all you have to offer.  I'd like to ask what people here, find the most effective mods to add to their sites.  I am also overwhelmed in all that really, goes into a forum.  I really didn't expect it to be easy-street at all, it's just that I realize how much I don't know.  I will keep reading the info you have worked so hard to get out there for us already.  I guess in all honesty, I like the interaction with all of you that have helped me so far;)  I feel more secure talking to you here in the forums, then just reading the info.

Not that I think I can get away without reading what's been provided, I just like to stay in touch;)  So right now, the main thing, since I have done my first backup as K suggested;), now I want to get my forum as "spam proof" as possible, suggestions??  I do have the captcha goin on, as well as writing 3 question and answers for folks the first 3 times, they post.  See attached and feedback welcome on what I have checked or not, and numbers?  I wasn't sure on what to choose.

Denise at seniorsriot.com

[Kindred]

CAPTCHA is useless.   drop it.

as for anti-spam...
http://wiki.simplemachines.org/smf/Spam_-_my_forum_is_flooded_with_spam,_what_can_I_do
and
http://custom.simplemachines.org/mods/index.php?action=search;type=19;approved=1

[Goldengirl71]

Ok, I'll read the links, can't believe the captcha is useless, but I trust your direction Kindred.  I guess it's about knowing the capabilities of the bots.  Anyway, I'll go read now;) thank you so much for the reply, I can now work on that;)  Hate to start on something before I hear from someone who's been there done that;) Denise

[minico]

Well, from what you say you have already done, you should be okay for the most part.  People that want to spam are going to spam.  That being said, what I have done on my forums is use the red star (I think it is staradmin) in the new member usergroup and I have put their name in red on the Who's Online list.  I leave the new member post count at 20 until it changes to a regular member.  This makes it easy for members, admins and mods to keep an eye on all the new members.  I have also requested that members report any spam or violations of the registration agreement to a moderator or admin.  Hope this helps

[loftus]

I had a big spammer problem.  I was getting hundreds of bogus registrations and bogus postings.  As stated, CAPTCHA was useless.  What helped was re-writing the questions (no math questions) and loading a mod "stopforumspam" and requiring an email link to authorize registration.  The email link is really professionally done by SMF.

Duane

[Goldengirl71]

This helps, I appreciate learning about staradmin, although I don't fully understand how it works.  Is it in the links Kindred gave me?  I am now looking to ad "Bad Behavior" I wayyy like the sound of how that works.  I don't want to overkill with spam proofing, anything slowing my forum down, but maybe someone has feedback on exactly which mods they use for anti spam, and what is working at this point? 

I'll keep reading though, so many things sound good, but again, I don't want to download more then I really need.  Hope this makes sense;)  Thanks all, wish I could give reps on each of you that go out of your way to help.  I don't see a rep. option in the forum, maybe I missed it?? Denise;)

[Goldengirl71]

I had a big spammer problem.  I was getting hundreds of bogus registrations and bogus postings.  As stated, CAPTCHA was useless.  What helped was re-writing the questions (no math questions) and loading a mod "stopforumspam" and requiring an email link to authorize registration.  The email link is really professionally done by SMF.

Duane

Duane, thank you, this one sounds good, the "stopforumspam".  I take it that is in my mod list I'm going over now.  Here is the type of questions I have for example:

Ocean is to land, as clouds are to ____.  Answer: sky

Do you think that is a good one, or useless against bots.  I read what type to use, but hoping mine are ok;)

[Goldengirl71]

The links for the forum here are not coming up, not without me refreshing the page each time this morning?  Is that going to be the case on my forum, or does it have to do with your server?  I suspect the latter, I hope.  People get so dang cranky, especially seniors, LOLLLLLLLLLL!!

Anyway, on this for example, under Bad Behaviour Module:


Please copy the above master image to your site and adjust only the image link.  Let the bad bots come to Bad Behavior.

It doesn't tell me where to insert in the html.  I'm sorry but I just don't know coding, so I have to ask every detail. So do I enter the code under <head>, I suspect I do, just not sure;) Denise PS and thank you much!!

[Kindred]

yup, we are aware of the issue here...


As for spam protection, I use questions (feature), bad behavior + httpBL and Stop Spammer
httpBL connects to the honeypot project
stop spammer (and the other one called stop forum spam) connect to the stopforumspam database to compare usernames, emails and IP addresses against known spammers.

[Goldengirl71]

Ok, I think I'll go with those Kindred, I'm sorry I'm not clear on this forums issues, would that affect my forum, or is it my host that would cause that sort of issue?

Thank you again, Denise;)

[Kindred]

the issue with blank screens, or 500 error, is an issue with our server here.... nothing that will affect your site at all.

on the matter of SFS and honeypot, you do need to register on their sites to get an API code, which you plug in to the smf admin section for the mods...

[Goldengirl71]

Well, from what you say you have already done, you should be okay for the most part.  People that want to spam are going to spam.  That being said, what I have done on my forums is use the red star (I think it is staradmin) in the new member usergroup and I have put their name in red on the Who's Online list.  I leave the new member post count at 20 until it changes to a regular member.  This makes it easy for members, admins and mods to keep an eye on all the new members.  I have also requested that members report any spam or violations of the registration agreement to a moderator or admin.  Hope this helps

Hi Minico, is the "20 posts" for this one??

Post count under which users must pass verification to make a post (refer to attachment in post above)

One other question for you and that is, guests are only able to "read" the posts, I do want them able to do that.  I don't want them to be able to post at all until they join/register.  thanks, Denise

[Goldengirl71]

the issue with blank screens, or 500 error, is an issue with our server here.... nothing that will affect your site at all.

on the matter of SFS and honeypot, you do need to register on their sites to get an API code, which you plug in to the smf admin section for the mods...

Ok kindred, thanks for all the info.  You don't use that one though do you?  I have to go back and read more now, I didn't see the honeypot one.  I guess you know I am easily confused

[Kindred]

honeypot is httpBL (which was added as part of Bad Behavior)

[Goldengirl71]

Oh Lord, when it says "Download Mod" it means, say, both zip files if there are two, I automatically think there are two mods when there are two to download, even though it says "Download Mod".  Shall I just make a "Mod" file to keep them in, within my Site files, I must have to do that?  Maybe I am missing some directions on installing mods, bet I am.  I'll go look but any help welcome here, Denise

[Kindred]

download (to your computer)
Bad_Behavior_1.5.18.zip
from the page http://custom.simplemachines.org/mods/index.php?mod=2502

then go to your site, go to admin, go to package manager

click the download tab in the package manager
at the bottom of the screen is an option to upload a mod package.
select the mod that you saved to your local computer

it uploads and asks if you want to install it/
say yes.

[Goldengirl71]

Now that's tellin it like it is, exactly what I need.  So I can do any other mods now as well;)  Thank you thank you!  Here I go!!  First, Bad Behaviour;) Denise

[Chalky]

I recommend Misc anti-spam mod. Simple but effective. Also you should set a number of questions from which users answer a selection. I have 10 possible questions from which two must be answered. This way they get a different combination of questions each time so it's harder for spammers to learn the answers. Questions specific to your forum content and that cannot be answered with a simple Google search work best.

[Goldengirl71]

I have my timezone set to America/Los Angeles in Admin > General, so do I need to do something else besides that, with this for example?  Before installing my BB I mean (see attachment).  I looked in .htaccess, and saw where I could enter code, but I didn't find the other .ini file yet?

[Goldengirl71]

I recommend Misc anti-spam mod. Simple but effective. Also you should set a number of questions from which users answer a selection. I have 10 possible questions from which two must be answered. This way they get a different combination of questions each time so it's harder for spammers to learn the answers. Questions specific to your forum content and that cannot be answered with a simple Google search work best.

This sounds smart, make them answer at least two, then, the variety for each login.  I know some will gripe, but oh well.  How many times would you have a new member have to pass that?  I have 3 on there now, but I am thinking more is better?  Thanks so much for your help Chalky!! Denise

[Chalky]

First three posts?  That's what I have now as well. I started it higher but it got annoying, so yeah, start with three and see how it goes.   I'd also suggest setting your registration to admin approval while you find out what measures work, so you have a final net to catch any spammers that slip through before they have a chance to post, but that's personal preference and depends on your membership.  My forum has always been on admin approval but if you're expecting a lot of genuine sign-ups it becomes impractical.

My set up is just the questions plus misc anti-spam. About 4 spammers a year get through that but we catch them at admin approval 

[Goldengirl71]

Oh, glad to hear you have a good grasp on spammers, I'll have to check out your site (s)!!  Ok, will leave it on first, 3 posts.  Actually, I know a few that may join from another site we've all been on for about a year.  So those folks I don't want to overwhelm with "stuff" to pass, but yet, a few, new folks (unknowns) may catch wind of it too so on the admin approval, this could be good, I'll consider it;)

Thanks again Chalky,;) denise

[Goldengirl71]

I know you guys are gonna be sick of me, but this is confusing (see attached).  Do I just check where the red arrow is I drew?  Before hitting "install" or what?  The instruction above that say for " different themes" other than default.  I just have default.

Thanks, and appreciate your help, as always,

Denise

[Chalky]

I think you forgot the attachment 

[Goldengirl71]

Sure did, sorry Chalky!!

[Arantor]

Yes, you check the arrow.

The mod adds some stuff to the other themes you have installed (SMF comes with 2 themes as standard) so yes generally you will want to install it in both.

[Goldengirl71]

thanks Arantor,

appreciate your help, and will do:) Denise

[Goldengirl71]

Ok, just one more question for now on spam protection.  In the Mod, Stop Forum Spam, I am not sure what to do in these boxes, check or uncheck?

Please see attached, thank you much, denise;)

[Arantor]

The first one is pretty much required, the other two not so much in my opinion (but then again I don't use SFS myself)

[Goldengirl71]

I thought the first looked like "well yeah" but the part underneath it confused me.  The part that says "Enable check Email user is in www.stopforumspam.com".  Haven't a clue on that?  Thanks so much, I feel I am getting things done but such a slow go since I am a beginner, next site I build should go much smoother;) Denise

[Arantor]

Stop Forum Spam is an external database of spammers. The idea is that this mod will check out the email address against that list of spammers, which is the most basic form of test.

The others are less accurate and can yield false positives in a way email address won't.

[Goldengirl71]

Ok, so the "note" underneath is telling me that when I check the box, the Mod will check the list at the stopforumspam.com, where the database must be?

That is pretty cool, although these spammers can change their emails or have hundreds to use now that there is gmail, yahoo, all those options to have accounts.  I can see where it would still be a lot of help though;)  And the battle rages on with the spam-varmits;) lol!!

Ty for the explanation, Denise

[Arantor]

Yes, that's what it's saying.

Yes, they can change their emails - and frequently do - but the point is that everyone who uses it shares their experiences with everyone else, so if you do get a spammer that gets through the net, you can report it and share that with everyone else who uses SFS.

[Goldengirl71]

Oh that's good you told me, ok, will do!!  thank you again!