What is best way to prevent multiple accounts?

Started by DarkflameQ, August 11, 2015, 06:36:59 AM

Previous topic - Next topic

DarkflameQ

Hello,

I have an issue with real users coming to my forum to intentionally spam and make the place generally horrible (troubled teenagers i assume), these users are all on dynamic ips and thus banning IP's does very little other than cause issues for potential future users who get allocated those IP's.

Registration has a good captcha (no bot issues) and registration requires an valid e-mail address however we all know how easy they are to get.

I was looking in the mods section to see if someone has made a mod to help with this sort of issue but there doesn't appear to be any.

I long for the days of biometric logins but we are at least a decade away from one becoming mainstream so in the mean time, what's the best solution people have come up with / implemented?

I was thinking phone number verification instead of e-mail but not only is this intrusive but i assume there's a few sites that give out temporary phone numbers that make this option just as pointless as e-mail verification.

I'm at my wits end, running a forum is a nightmare sometimes due to the odd few trolls who just want to ruin it for everybody.

Deaks

~~~~
Former SMF Project Manager
Former SMF Customizer

"For as lang as hunner o us is in life, in nae wey
will we thole the Soothron tae owergang us. In truth it isna for glory, or wealth, or
honours that we fecht, but for freedom alane, that nae honest cheil gies up but wi life
itsel."

Kindred

just as a note...    CAPTCHA is basically useless these days.  Not only are there human spammers, but the spambots can actually solve captcha easier than the humans.

Your best defense is actually the built in feature (in 2.0.x) call "questions" (which is listed in the spam link that Runic gave you, above)

BTW: Banning IPs is a bad process, even aside from accidentally catching real users...   because the more bans you have, the slower your system will eventually run.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Deaks

Quote from: Kindred on August 11, 2015, 07:46:21 AM

BTW: Banning IPs is a bad process, even aside from accidentally catching real users...   because the more bans you have, the slower your system will eventually run.

On this you would need to ban ALOT of IP's for any noticeable difference and I mean ALOT!
~~~~
Former SMF Project Manager
Former SMF Customizer

"For as lang as hunner o us is in life, in nae wey
will we thole the Soothron tae owergang us. In truth it isna for glory, or wealth, or
honours that we fecht, but for freedom alane, that nae honest cheil gies up but wi life
itsel."

Kindred

depends on the server, actually....   but, most people don't keep track of how many bans they make.... and they don't prune them, which means that the ban list can quickly add up without you even realizing it.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

DarkflameQ

Thanks for the advice guys but just to clarify; these are not bots, nor are they hackers, just kids with nothing better to do during term time.

Deaks

Dark the principal is the same.

Kindred unless the user on something like godaddy then I'll agree otherwise let's agree to disagree :-P
~~~~
Former SMF Project Manager
Former SMF Customizer

"For as lang as hunner o us is in life, in nae wey
will we thole the Soothron tae owergang us. In truth it isna for glory, or wealth, or
honours that we fecht, but for freedom alane, that nae honest cheil gies up but wi life
itsel."


DarkflameQ

hey guys, can you tell me which file the banned message is located?

JBlaze

Quote from: DarkflameQ on August 11, 2015, 03:55:30 PM
hey guys, can you tell me which file the banned message is located?

/languages/index.{language}.php

$txt['your_ban'] = 'Sorry %1$s, you are banned from using this forum!';
$txt['your_ban_expires'] = 'This ban is set to expire %1$s.';
$txt['your_ban_expires_never'] = 'This ban is not set to expire.';
$txt['ban_continue_browse'] = 'You may continue to browse the forum as a guest.';
Jason Clemons
Former Team Member 2009 - 2012


shagimuratov

Quote from: DarkflameQ on August 11, 2015, 07:51:18 AM
Thanks for the advice guys but just to clarify; these are not bots, nor are they hackers, just kids with nothing better to do during term time.

If they post URLs in texts you should try this one MOD,

http://custom.simplemachines.org/mods/index.php?mod=3851

CleanTalk scans text for URLs and validates each URL via blacklists database, for example,

https://cleantalk.org/blacklists?record=www.estudiostecnicos.com [nofollow]

So, if spammers promote any websites, that posts will be probably blocked.

Kindred

Meh...   bad behavior, stop forum spam, stop spammers also block spammers from registering
anti-spam links is a free mod that blocks links from users based on post-count....

questions are your BEST option -- they don't depend on any third party site...

and they don't cost ANY MONEY
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

shagimuratov

Quote from: Kindred on September 02, 2015, 08:53:26 AM
questions are your BEST option -- they don't depend on any third party site...
Questions don't block spam from real visitors.

Quoteanti-spam links is a free mod that blocks links from users based on post-count....
This one is a good choice. But CleanTalk doesn't block a new members with link to "good" and trusted websites, like youtube.com [nofollow], facebook.com [nofollow] and etc. So, it has low false/positive rate against any other MODs that block posts with links just by posts count.

Kindred

I beg to differ.

GOOD questions actually DO block spammers - even human ones
(acknowledged, they won't block SMART human spammers or users hwo decided to act spam-like)

GOOD questions are the best part of the arsenal against spam.

And, I disagree.... any brand new user who is posting links, even to youtube is likely to actually be a spammer...


Plus...  you missed the BIGGEST POINT -- all of those other mods are *FREE*

I have bad behvaior+httpBL, stopspammer and questions...
I have active sites and have not had an actual spammer register in close to 3 years now (with the exception of the brief time when the spambot questions database came online and we had to all update our questions)
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Deprecated

It's important to understand the statistics of verification questions. If you have 5 questions and ask all of them every time, some bot runner will inevitably create an account and program his bot registration script to answer them all correctly. He gets all the answers at one swoop.

Instead, have maybe 2 dozen or 3 dozen registration questions, and present 3-4 of them for each registration. I could probably calculate how many attempts it would take to see every one of your registration questions and write down the correct answers, but I'm sure it's an awful big number.

This places a big hurdle in the way of a bot runner who wants to program his bot registration script with your correct answers. Humans have little problem answering your questions but it's difficult for any one person to get a list of all the questions and the correct answers.

Then finally, change them every few months.

DarkflameQ

In regards to stopping bots, in my experience only allowing users to post url links after a set amount of posts seems to stop 99.9% of them from posting.

Not sure if the key captcha and questions stops them from actually signing up though.

Kindred

Captcha - no.

GOOD questions from a large "pool" - yes
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

DarkflameQ

Ok but could someone please explain how a bot could possibly get past something like this?


Kindred

probably not...  maybe (some of the bots are fairly impressive)

however, in general, I think that captcha just pisses off real users, at this point. :)
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Advertisement: