I hope this is the right topic for this thread:
Basically looking for personal experiences as to what Mods or Changes people have made to their forums to combat spam? What worked for you, what didnt, and did it have a negative impact on user experience at all? I figured a thread like this may really help us all!
Thanks!
So For Me Only One at the Moment:
Re-Capatcha Mod for Registration
http://custom.simplemachines.org/mods/index.php?mod=1044
Really hasnt slowed the rate of spammers signing up, but I am seeming to weed out many of the bots, as the spam posts now are usually relavent to what ever the thread they are posting in is about.
Pros: Weeded Out Many Spam Bots
Cons: Still lots of Spam Registrations, Human Spammers Still Get Through
User Experience Change: None, real members interested in signing up are not deterred by entering a capatcha code as its fairly common practice now-a-days
I just set membership to "By approval" and I don't get any Spam, at all.
If you search for new member's usernames, at Google, or wherever, you can usually spot 'em.
As K@ plus install AntiSpam Verification questions. Few will spend time having to think about the answers when they can be spamming three other sites in the same time.
I don't have the time to manually approve registration requests several times a day, so I installed this mod a little over a year ago. - Stop Spammer. http://custom.simplemachines.org/mods/index.php?mod=1547 (http://custom.simplemachines.org/mods/index.php?mod=1547) Only 3 actual spammers have slipped past it in the last year. As of this time- The mod has stopped 8157 spammers in a little over a year. I am sure many are the same ones retrying to get in, but they were stopped nonetheless.
As an extra precaution, I have edited the permissions for new members preventing them from editing any additional profile options, which stops them from entering a website to their profile, and prevents them from adding a signature. They must reach a selected number of posts before they move to the next level membergroup and can add a sig.
I have had about a dozen or so that were not in the stop spammer database register, log in and stay only a few minutes, never to return. I presume many of them may have been potential signature spammers, but upon realizing they could not add one to their profile, they left the forum.
Like busterone I also install StopSpammer Mod and it works amazingly well, previous to that I had to manually check StopForumSpam (on the first SMF board i was on, for which I was a moderator).
I did 3 things and my spam dropped to zero.
1) I added a question to the registration process.
2) I installed the stop spammer mod
3) I locked the profiles until they make 10 posts.
I've never had much spam on my forums and I didn't any mod for it...
If it's 2.0, I can help you harden your forum from bots and even search spiders, if needed. just PM me.
Quote from: Seraphiel on October 27, 2010, 07:57:58 PM
I've never had much spam on my forums and I didn't any mod for it...
Count your blessings and bookmark this thread in case an army of guerilla spammers comes and attacks one day.
Quote from: Bookmama on October 27, 2010, 11:35:48 PM
Quote from: Seraphiel on October 27, 2010, 07:57:58 PM
I've never had much spam on my forums and I didn't any mod for it...
Count your blessings and bookmark this thread in case an army of guerilla spammers comes and attacks one day.
forum is over 1 year old, with thousands of members and thousands of post, not a single spam.
There are many things that can cause your forum to be target for spam, you should discover why.
I don't think I need this bookmarked... Will never happen to me, I am serious. If it did, I will write my own mod using anti-spam products to stop spam, but that won't happen.
Do you mind if I ask what sort of forum you run that has thousands of members but doesn't attract spammers?
Does spam still exist? Could fool me, I have not seen Spam for almost 11 months.
Quote from: busterone on October 23, 2010, 03:58:55 PM
As an extra precaution, I have edited the permissions for new members preventing them from editing any additional profile options, which stops them from entering a website to their profile, and prevents them from adding a signature. They must reach a selected number of posts before they move to the next level membergroup and can add a sig.
I tried doing this but I'm on a test account and I can still edit things. I don't know what I'm doing wrong?
I didn't nothing and I never got spam. :D A week ago I got my first spammers. :D After that, i just banned them. They never came back
The only real spamming I get these days is sig spam, but I remedied that by requiring all users to have 1 post before they can edit their profiles. You'll be amazed at how many spammers I see trying to edit their profiles. :P
Once in a while I'll get a spam post or two, I just delete it, and possibly edit the post for another use. I once converted an entire Cutenews database of posts into my SMF data manually using old deleted posts. :P
Quote from: trebul on November 18, 2010, 09:28:49 PM
Quote from: busterone on October 23, 2010, 03:58:55 PM
As an extra precaution, I have edited the permissions for new members preventing them from editing any additional profile options, which stops them from entering a website to their profile, and prevents them from adding a signature. They must reach a selected number of posts before they move to the next level membergroup and can add a sig.
I tried doing this but I'm on a test account and I can still edit things. I don't know what I'm doing wrong?
I am sure there may be another way, but what I did was activate deny permissions, then created a new post count group for 0 to 9 posts. I then denied the ability to edit additional profile info. At 10 posts, they move up to the next group that allows profile editing.
Quote from: busterone on November 20, 2010, 01:47:37 PM
I am sure there may be another way, but what I did was activate deny permissions, then created a new post count group for 0 to 9 posts. I then denied the ability to edit additional profile info. At 10 posts, they move up to the next group that allows profile editing.
Yeah. Deny permissions are far more effective than Disallow.
There's actually a difference between the two. Deny forces removal of a permission, while Disallow will only remove it if no other membergroups assigned to that member have the same permission at allow.
Indeed. There is a big difference.
I have been online at the time that a few of them got registered because they were not in the SFS database. It is funny to see them spend 15 minutes attempting to edit their profile and then log off without ever browsing the forum. Most of them never return. :)
Just wanted to bump this thread to see if there are any new recommendations from other users. I used the "disallow/deny" editing profile trick, and that helped alot! Thanks! However i am still getting quite a few daily threads posted with tons of links. Any thoughts on this, or on how to weed out/discourage the spam trash out without ruining the experience for a legitimate new user?
Well, since the last post in November, I have joined Project Honeypot and installed httpBL and the Forum Firewall. It is amazing that I haven't even had to manually reject any registration attempts getting flagged lately. I see a ton of them redirected, a bunch of bots that are stopped cold by the firewall, but no actual spammers inside the forum period. I breathe easily these days. :)
I've been struggling with this as well. We get probably 50 new registrations a day, the vast majority of them spammers. The board deals with housing issues, so most of them will post an awkwardly written question (because English is not their first language) just so they can show off their sig spam. So today I deleted then recreated the signature field in the smf_members database to get rid of existing sigs, then I removed the ability for regular users to edit their profiles. The board I run is not really a "community" - it's just a place for people to ask a question, get an answer and then move on. Regular users can't even reply in a thread they didn't create.
I need to implement some method to keep spammers from even registering.
Quote from: Gazmanafc on November 20, 2010, 11:20:18 AM
The only real spamming I get these days is sig spam, but I remedied that by requiring all users to have 1 post before they can edit their profiles. You'll be amazed at how many spammers I see trying to edit their profiles. :P
Once in a while I'll get a spam post or two, I just delete it, and possibly edit the post for another use. I once converted an entire Cutenews database of posts into my SMF data manually using old deleted posts. :P
How did you set it up so that they need to post before having a link in their signature?
Quote from: cpvr on February 09, 2011, 08:05:24 PM
How did you set it up so that they need to post before having a link in their signature?
I haven't done this, but you set up a post-count-based membergroup and give its members the ability to edit their own profiles. You then remove that ability from the regular users group, I think.
I've had great success with StopForumSpam, it's already blocked 10,000+ registrations in the past 30 days since I installed it.
You can find the mod here; http://custom.simplemachines.org/mods/index.php?mod=1519
Previous to that I was getting 2-5 SPAM bot registrations a day even with reCAPTCHA installed.
Cheers!
Quote from: Michael McNamara on February 14, 2011, 11:54:02 PM
I've had great success with StopForumSpam, it's already blocked 10,000+ registrations in the past 30 days since I installed it.
You can find the mod here; http://custom.simplemachines.org/mods/index.php?mod=1519
Previous to that I was getting 2-5 SPAM bot registrations a day even with reCAPTCHA installed.
Cheers!
I had to remove this .. it works .. but it also blocks allot of potential members that somehow their IP or username is in the SFS database, and there is no easy way for us as admins to amend the database...
I have basically eliminated 'Bots' i only get about 2-5 HUMAN spammers per week, they don't post immediately so i get to them and zap account rather quickly..
On my register page, i have some checks that for now only Humans can pass..
I recently added this and it's working well .. http://custom.simplemachines.org/mods/index.php?mod=2932
Me personally, I use my own custom CAPTCHA mod (not publicly available) and a mod I wrote to make signatures and the website option in profiles into a custom permission (also not publicly available)
My main site is pretty quiet, but in that time I've had 3 spam posts total. A number of bots did sign up but the accounts haven't been used for anything.
I tried multiple anti-spam mods over the first few years that my SMF forum has been active. Every one, including reCAPTCHA, was quickly defeated by spam bots.
The only one that really made any difference was the Anti-Spam Verification Questions for SMF (http://custom.simplemachines.org/mods/index.php?mod=1516) mod. I use SMF 1.1.13. I think that SMF 2.0 includes the verification question option as a built-in feature.
The hardest part about using verification questions is coming up with a question that is difficult for spammers to solve, yet easy for someone signing up for your forum. I suggest that you avoid math questions. Much of the spam on my site comes from Russia and/or China, so having a math question just makes it easier for someone who may not speak English.
On SMF forum on my site, tankadin.com, I use the following question...
"Answer this question... Tank + Paladin = ?"
...which I think is sufficiently obscure, yet most visitors to my site should know the answer.
I've installed the following:
- CrawlProtect
- http:BL
- Stop Forum Spam
- Forum Firewall
I can highly recommend CrawlProtect, http:BL, and Stop Forum Spam. CrawlProtect creates a .htaccess that monitors incoming traffic for suspicious activity, and denies access when requests like referral attacks, injections and more are caught and denied access. http:BL is one of my favorites because it queries the Project Honey Pot anti-spam database, and compares the IP address requesting access to the db of known spammers. An initial problem with http:BL that I encountered was an issue where I have a trusted member in South Africa who is dynamically issued IP addresses by SAIX (South Africa Internet Exchange) that have been listed in the Honey Pot database. Fortunately, the mod author of http:BL was wise enough to create a check box to allow specific member groups within the forum to be excluded from the normal http:BL tests, so all was good - still protected from the bad IP addresses, yet my trusted members are still able to access the forum.
Stop Forum Spam is another potentially excellent mod, but their database is created by user submission, which unfortunately allows disgruntled people to abuse the system (or so I understand). I'm still on the fence with this one, but I see many registration attempts that I check against the Honey Pot, SFS, and Botscout before I add the IP to the .htaccess file, so SFS is still in my favored list.
I initially thought Forum Firewall would be the solution to most of my problems, and in many instances it performed as I hoped - except for one. Unfortunately during the testing period, some of my trusted senior members were accused of DOS attacks, but because I could adjust settings, I was able to allow those trusted users to pass through the firewall. Even more unfortunate for me (because I otherwise really liked the Forum Firewall mod) was the fact that one of my global moderators was presented with the "403 - access denied" page because Forum Firewall had flagged (and denied) his corporate proxy IP address. I am 100% confident that his IP address is good, but because there is no option in Forum Firewall to allow trusted members through, I cannot use the mod, but instead, just occasionally look at the activity logs and compare it to the effectiveness of my other security mods - so far, everything has been intercepted by the other mods.
What should be concerning to those using the Forum Firewall is the access denial of valid proxy IP members with no option to allow them through. To those that have seen the attacks significantly, or reduced to zero thinking that it is the effectiveness of Forum Firewall, please be aware that you might be denying access to far more than the spammers - yes Forum Firewall is presenting hackers with "403", but it is also possibly presenting the same "403" to some of your trusted members.
IMHO, the Forum Firewall has outstanding potential, and could potentially be a complement for many sites, it is not acceptable that there is no option to account for your trusted members behind a corporate firewall.
Quote from: owg on February 19, 2011, 01:49:09 AM
What should be concerning to those using the Forum Firewall is the access denial of valid proxy IP members with no option to allow them through.
You are killing me. Yesterday, I asked you to provide me the ip address of the mod and you were unsure. You should at least give the mod author enough time before you go off the deep end and bash his work. I am very busy and only can program Saturday mornings.
For the past week I was working on a "Review Proxy List" check box that should solve the problem if he is using a proxy. Finished it this morning.
Honestly, the problem is the proxy not the mod.
I have developed an unhealthy fascination with going to "Who's Online" to see what the scummies are up to. I'd really love to find a way to block guests who are trying to hack into the forum by using other registered users' usernames as passwords. I guess the bots/hackers figure some users will have their username and password the same. (Of course, in SMF that's not allowed.)
Since they can't get in that way, I should just relax, I guess. It's annoying, though.
@ Jerri Blank
You may want to read through this topic to get some ideas.
http://www.simplemachines.org/community/index.php?topic=416928.0 (http://www.simplemachines.org/community/index.php?topic=416928.0)
Quote from: Jerri Blank on February 19, 2011, 11:33:28 AM
I have developed an unhealthy fascination with going to "Who's Online" to see what the scummies are up to. I'd really love to find a way to block guests who are trying to hack into the forum by using other registered users' usernames as passwords.
Actually, they haven't been. They've been stepping through a very large list, if you see a run of users being hit, then the same users being hit again (same users, same order, but in 'waves'), it means they tried the same password for each user the first time, then another password for each of the users the second time around and so on. As it happens, the list of passwords they're using is basically the most common 50+ or so passwords.
You might want to read http://www.simplemachines.org/community/index.php?topic=416928.msg2960115#msg2960115 where I posted a patch that has successfully kept out hundreds of such requests because of the very specific methodology of the attack.
EDIT: Ninja'd
For years there have been dictionaries created of common passwords and methods to break them. Software of this nature is called crack. Get a list of encrypted passwords, run it on your computer overnight and wala. Not that I know anything about it...
I watch my cpanel last 100 visitor log every now and then to see if there is a new trend. My problem is that I have sooo effective in stopping spam they do not visit my site that often. I may need ot branch out. :o
Quote from: butchs on February 18, 2011, 08:20:10 PM
Quote from: owg on February 18, 2011, 12:58:01 AM
Hi butchs, great mod!
I've been running FF for a few days in log mode, and just now turned it to block mode. The log was full of mostly invalid IPs, and a few DOS reports (that were actually members). Almost immediately one of my global moderators reported that he received the 403 error page - I asked his IP and it was not in the log, but there were lots of IPs in the 10.*.*.* ranges. I assume that one of his is one of those, but if he is using a proxy, it is a legitimate corporate proxy. I know very little about security, most of this is new to me. Is there a way I can find the identity of the proxy, or is there a way to pass certain invalid IPs through?
One other thing - I see an invalid IP 127.0.0.1 in the log - sorry for my ignorance - do I need to worry about the localhost IP?
Thanks!
If you do not know his ip or when he was there how could I help you? As I stated in earlier posts proxys can be compromised.
Well... The mod only inspects traffic to your site so localhost should never be seen unless you have your server in your bed room. Traffic between SMF and the DB is not watched with this mod.
If you want invalid ips to pass then turn off the ip check.
My apologies butchs - I am not intending to diminish the quality nor benefit of your work, but was genuinely concerned that forum admins might be excluding valid members, ergo, my post in this topic. While it is possible that I failed to interpret your response to my question correctly, I honestly did not get a sense that you were working on a solution when you replied that I should "turn off the IP check". I applaud the fact that you have created a method to exclude the proxy IPs, however to be completely honest, I wish that you had communicated the fact that you were working on a solution rather than reply with the flippant response. I realize that you and hundreds of other mod authors work selflessly, often without reward, and for our failure to communicate properly, I am sorry.
Communicate? I should not have to. We do this for because it is supposed to be fun. Take our time and enjoy the challenge. Why else would some fool like me spend over a year creating a mod and then let others use it? Making demands takes away the reason for people like me to author mods.
QuoteWhat Changes You Have Made to Prevent Spam?
Still none :P
-Installed Anti-Spam Verification Questions mod
-Installed the Stop Spammer one too
-Required 1 post to edit your member profile (so bots that don't post stop putting ads in their sig)
-Required 5 posts to send PMs (in case a bot signed up to mass-PM-advertise)
-I run a stop spammer scan every month or so, in case bot accounts slipped in before their IP/e-mail got added to the database.
I rarely ever get bots anymore. I would say one every 6 week will sneak in and post spam, but that's all. I even have CAPTCHA and e-mail/admin validation disabled completely.
Quote from: DJ Omnimaga on February 21, 2011, 04:46:37 AM
-Required 1 post to edit your member profile (so bots that don't post stop putting ads in their sig)
-Required 5 posts to send PMs (in case a bot signed up to mass-PM-advertise)
What version of SMF are you running?
Where/how do you configure the options above?
That can all be done with making post count groups and going to Admin > Permissions > Settings to enable permissions for post count groups.
My forum is kind of new (less than a year old) and small (less than 80 members) but in the beginning i was getting about 10 spam accounts on average per week (some weeks none, some weeks fifty!) and they were obviously bots.
I use the CAPTCHA mod and the Anti-spam questions mod. Both still allowed the occasional spammer through.
A few months ago I read a tip somewhere and added a question to the anti-spam questions mod. "If you're human, leave this box blank". The answer being, obviously, nothing.
Bots seem to want to fill something into these fields, so it's worked thus far - I can see when someone has tried to register and not gotten through those questions. Two months and zero spammers. My life is complete :D
I expect bots will become smarter over time but this seems to work for me.
I administer three boards. Two very small boards, and one moderate sized one.
I had the following installed on all three boards, and was still being forced to contend with spammers getting through:
Stop Spammer
Are You Human?
Recaptcha
I also have a post-count based membergroup to prevent brand new, high-risk members from accessing profiles and e-mails, just in case they turn out to be e-mail harvesters.
Despite all those preventive layers, we were still getting spammers at the forums. I finally decided that I could either chase them after they get in, or deal with it before they got in. I set registration so it requires Admin Approval. Overall, it has turned out to be less work than chasing the varmints after they manage to get in.
We turned on image verification on registration and made it your first 3 posts you've gotta enter image verification. This curbed the spam accounts, and all accounts now are legit.