Private Messages

bjf123 · September 23, 2016, 09:41:07 PM

Is there any way for me to see how many private messages users are sending? Every so often, I'll get a bunch of new users to my forum fro Eastern Europe and Russia. They can't post any topics because I have it set for posts by new users to need approval. I'm wondering what they might be doing with the accounts. Any ideas?

br360 · September 23, 2016, 09:59:03 PM

You can't see how many private messages members are sending, but there are a few things you can do if you are concerned they are spamming your other members with pm's

Go into your anti spam settings in your admin panel. Admim>>Configuration>>Security and Moderation>>Anti-Spam

There you can set limits for various pm actions (Number of personal messages a user may send in an hour, Post count under which users must pass verification when sending personal messages, Maximum number of recipients allowed in a personal message)

You can also allow reporting of private messages where if members get spammed, they can report the pm and you as an admin would get the contents of the reported message. Admim>>Configuration>>Security and Moderation>>General then check Enable reporting of personal messages

You also can put new members in certain membergroup and set permissions so you take away their ability to send pm's until they have posted a specific amount of posts on your forum

skb · September 23, 2016, 10:20:28 PM

Quote from: br360 on September 23, 2016, 09:59:03 PM
You also can put new members in certain membergroup and set permissions so you take away their ability to send pm's until they have posted a specific amount of posts on your forum

This is what we've done. The verification is not enough to stop human spammers. We don't allow Newbies to send PMs. They can only receive PMs. Permissions are a powerful tool to manage all these kinds of things.

bjf123 · September 24, 2016, 11:39:38 AM

I've attached a screen shot of my current settings. I also have two security questions that have to be answered that I change every so often. It's not a very active forum. It's for a university club football team that actually hasn't been active for a few years. We keep hoping they'll start it back up, so I keep the forum going, even though there are only 2 or 3 of us actually posting anything.

Kindred · September 24, 2016, 12:22:08 PM

you should have a pool of at least 10 questions (20 is better), asking 2

http://wiki.simplemachines.org/smf/Spam_-_my_forum_is_flooded_with_spam,_what_can_I_do

bjf123 · September 24, 2016, 12:38:12 PM

Good idea. I'll add some questions.

a10 · September 25, 2016, 04:01:01 PM

Quote from: bjf123 on September 23, 2016, 09:41:07 PM
I'll get a bunch of new users to my forum fro Eastern Europe and Russia. I'm wondering what they might be doing with the accounts.

Including the accounts in their spambot setup, then coming back later in the hope their registration was accepted, trying to log in \ post. Am seeing large numbers of "Logging into the forum" attempts from questionable ip's, failing of course, as the account does not exist.

Siirist · September 25, 2016, 07:01:23 PM

Quote from: a10 on September 25, 2016, 04:01:01 PM
Quote from: bjf123 on September 23, 2016, 09:41:07 PM
I'll get a bunch of new users to my forum fro Eastern Europe and Russia. I'm wondering what they might be doing with the accounts.

Including the accounts in their spambot setup, then coming back later in the hope their registration was accepted, trying to log in \ post. Am seeing large numbers of "Logging into the forum" attempts from questionable ip's, failing of course, as the account does not exist.

@ a10,
It is agreed that if one has their registration requiring Admin Approval that the potential spammers can be not approved, or deleted, however, once notified of an account requiring approval, the Admin needs to go to their forum and minimum, look at the email in the applicants profile. This is a pain if you get a lot of spammers registering.

In the end, the OP wished to decrease or eliminate the registrations, and has been instructed in the best method to do so.

I applied the suggested methods, and eliminated all the average of four spam registrations per day.

Kindly,
Siirist

a10 · September 25, 2016, 09:41:13 PM

^^^ Replied only to 'what they might be doing with the accounts' part, as the reg question info was dealt with already

Questions are great, used for years (see http://www.simplemachines.org/community/index.php?topic=531660.msg3776163#msg3776163), stopping many 100.000's bot reg attempts pr. year, the rats are very active (numbers from server logs sorted\extracted\counted using notepad++),

But now and then some human spammers visits and will\can get trough questions, and if not using anything extra like stopforumspam etc, registration will succeed, may not post immediately but account info is fed to bots, with subsequent string of log in \ spam attempts. These need 'Admin Approval', or alt. vigilant monitoring by forum staff.

Sticking to Admin Approval, peace of mind and full control, moderators doing regular daily ip\email checks, legit members may have to wait a few minutes or hours before activated but it all results in 100% failure rate for the spamrats.

News:

Private Messages