News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

What is best way to prevent multiple accounts?

Started by DarkflameQ, August 11, 2015, 06:36:59 AM

Previous topic - Next topic

DarkflameQ

Oh no doubt, captchas has never been fun but fake accounts and spam is way less fun, i've always found key captcha to be the most pain free and effective captcha until Googles one tick box came along (although i doubt the effectiveness of Google's, need to try it some day).

margarett

#21
It's all about scale ;)

Recaptcha (the previous version) was broken because it was used everywhere. The same is expected to happen to the new version too, because it's everywhere, even if it might (or not, don't know) be extremely difficult: for spammers it's worth "investing" in it.
The same with SMF's own captcha (as well as other forums): it was broken because every forum uses it.
Still, our "very hard" captcha is still very effective on bots, and this forum is proof: given how "popular" it is, we actually have a low incidence of spammy posts ;) (it helps that low-post users can't post links too)
The problem is that it's actually even more effective on users :P That thing is impossible :o (I usually use the "hear the letters" option)

Key captcha is actually easy for users. Really is :) But if it reaches a sufficiently high utilization, it will become "worthy" of spammers investment.

That's why we insist on Q&A: it's there, it's free and it's supper effective against automated spammers. Because there's nothing you can do about human ones...
Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair


Deprecated

Quote from: DarkflameQ on September 03, 2015, 11:57:22 AM
In regards to stopping bots, in my experience only allowing users to post url links after a set amount of posts seems to stop 99.9% of them from posting.

Not sure if the key captcha and questions stops them from actually signing up though.

Don't let them add "my website" info or a signature/avatar until 10 posts, then put them on post moderation for 2-3 posts before they can post without a mod approving it.

A large pool of verification questions and a small number presented at a time works well for me as I stated above.

I agree that fancy CAPTCHAs just frustrate prospective members. reCAPTCHA is a good example. There was a time when they must have "amped" it up a bit, and I was getting a pass rate of about 10% when trying to download files from various file hosting sites.

We have to face the fact that by the time you make a CAPTCHA so difficult a bot can't pass it, you're in the area where humans have trouble passing it.

I'll share my own experience with CAPTCHAs. The more popular any particular CAPTCHA is the more incentive spammer gangs have to crack them. I designed my own CAPTCHA, use it on only 2 sites, and I haven't seen it cracked. :) --- The harsh reality is that MY own CAPTCHA isn't worth cracking just to spam 2 forums, out of all the millions of forums on the Internet.

And here's a hint if you want to design your own CAPTCHA. Did you ever see a bot with a mouse? :D Many CAPTCHAs rely on recognizing characters and entering them. Artificial visual analysis is getting pretty good at pulling characters out of noise. But even a simple CAPTCHA that requires mouse action can be a formidable challenge for bots.

miscbyproduct

#24
Just my thinking
and I got no training or experience at ll anything
much less coding bilties.

Idea like DarkFlame showed would work well.
Could even be simplified and further "fool proofed".
use less pictures
less complicated manuvering
and not a single example of the "answer".
just 1 ultra simple txt instruction that gives no automatable clue.

Think I see a way to even beat basic recognition systems at it.

Maybe not be feasible because of the backend coding.
But I THINK it wouldn't be all that much more.
Perhaps even lesser because so many graphics wouldn't even be needed.
(?as few as 6?) really minor graphics, giving 16 possiblilties with only 1 correct
add 1 more really minor graphics, adds & changes 16 more possibilties, with only 1 being correct.
on and on

If someone would be willing to seriously consider building it, I'd share my thinking over a phone call.
But no sense in bothering if person is just curious.



Deprecated

Quote from: miscbyproduct on September 28, 2015, 09:09:53 PM
just 1 ultra simple txt instruction that gives no automatable clue.
Uh... Huh??? Do you care to give or describe an example?

If you have just one simple text instruction (clue or not) the first spambot master who comes along will program the correct answer into his bot script.

Where's the clue in this?

"What is result when you subtract two from six? (spell it out)"

miscbyproduct

You won't build it.
If you did, you wouldn't support it.

so per my last line....no point bothering with someone that's only curious.


Deprecated

Mr. Newbie, you have rather large .... for a newbie with only 5 posts.

I'm "not only curious." I like to help SMF forum members when I have some insight into the problems they are facing and I used to be a top 10 SMF modification author, so I think I might have a little expertise here on how to write stuff for SMF.

But if you want to hide your candle under your hat all the rest of us can conclude is that there is no flame.

Please go consider and ponder contributing something useful to SMF instead of I would'a, should'a, could'a....

Otherwise it makes the rest of us think you're full'a...

miscbyproduct

is there where i am suppose to say "ohh, aww, ouch"?



margarett

I'm sorry, is there something we can help you with or...?
Because if there is, we'd love to help you. But if there isn't, then I think we all got your message and I would appreciate that this useless argument could just stop...
Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

ziycon

I have to say that with one challenge question and a post based group where you need 1 post or more to post freely so your first ever post has to be approved has pretty much removed any spam from any forum I've run, the odd one or two get through but you can just increase the post based group to 2,3,4 etc. to suit your forum, most human spammers give up if they know they have to post x amount and get them approved, it's not worth it to them to wait around.

Deprecated

Quote from: ziycon on September 30, 2015, 05:24:25 AM
I have to say that with one challenge question and a post based group where you need 1 post or more to post freely so your first ever post has to be approved has pretty much removed any spam from any forum I've run, the odd one or two get through but you can just increase the post based group to 2,3,4 etc. to suit your forum, most human spammers give up if they know they have to post x amount and get them approved, it's not worth it to them to wait around.

Post moderation for the first 2-3 posts is one of the very best strategies. I had to laugh though, I tried to set it up following the instructions of a well known SMF personality and who I am semi-friends with, and I got so tangled up that I finally gave up, deciding to do it later, but that was some months ago and later never came.

My best advice would be to turn down the visual part to fairly simple, add about 30 questions and present 3-4 at a time, and set your forum so a mod has to approve the first 2-3 posts before the public can see them.

I'm pretty sure that strategy would almost totally eliminate spam. It makes spamming your forum too much effort to be worth the trouble. They move on to one of the zillion other SMF forums that don't have that setup.

Raths Rants

I have the same problem. I was considering making a new default user group with guest permissions. From what I read on the wiki it doesn't look like this is possible.

My idea was new person registers. Goes through the basics. Once registered, they have an additional step of requesting to join the Regular Member Group.

The problem I have with is a lot the people who visit my little site are not forum savvy.
The DDC Network
a lot of hard work goes into easy

Kindred

why even bother?   Seriously?

If your issue is SPAMMERS... the prevent them from registering in the first place.   See the FAQ on how to deal with SPAM.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Raths Rants

Quote from: Kindred on October 06, 2015, 09:42:57 AM
why even bother?   Seriously?

If your issue is SPAMMERS... the prevent them from registering in the first place.   See the FAQ on how to deal with SPAM.

My site had no issues for a long time. I am actually looking into the expanded question base. This appears to be the best option along with a few of the ip checkers.

Besides, what's wrong with crazy over complicating the issue  ;D

The DDC Network
a lot of hard work goes into easy

Deprecated

I have a popular Firefox add-on website that I inherited and the spammers come on like seasons. Some days or weeks there are a few odd registrations, and then the day comes and I have several hundred registration attempts.

It's just crazy. If spammers put as much effort into something less destructive they could probably have much greater financial success.

To us they seem like insect swarms, infestations.

suga

I have spammers but they cannot register even though they keep trying because I turned on email activation, captcha and you must answer a question although, they are getting on the waiting for activation.

Look at their email addresses.  They are the same, add that as a ban trigger.

Illori

Quote from: suga on December 24, 2015, 05:24:44 PM
They are the same, add that as a ban trigger.

it is not possible in SMF to register more then 1 account with the exact same email address. you really should not use the ban feature for spammers, find other ways to stop them rather then banning them as they will keep coming back.

suga

Quote from: Illori on December 24, 2015, 06:43:10 PM
Quote from: suga on December 24, 2015, 05:24:44 PM
They are the same, add that as a ban trigger.

it is not possible in SMF to register more then 1 account with the exact same email address. you really should not use the ban feature for spammers, find other ways to stop them rather then banning them as they will keep coming back.
not the full email but the @fakemail  @mymailmymailmymail  are generally the same pattern. 

Advertisement: