When I updated my forum to version 2 software at the start of the year, the SPAM registrations dropped went from a lot to 0 over night.
Using the "questions" on registration it eliminated the robot SPAMMERs.. but now they are getting around this.
While I can stop them at the front door using the "Admin Approval" requirement, it was a whole lot better not having them there.
So what I am interested in, is how forum admins are staying ahead of this.
Obvious that the software so called SEO's are using is made to attack our forums along with the distribution of SMF listed sites. I've seen some SEO sites that list 150,000 sites using SMF software.
Is there a trick to writing better registration questions?
Spammers do not pay. Ultimately I may have to make a $1 registration.
Anyone want to pass on there ideas and thoughts/tricks?
Changing questions periodically is always good.
Additionally, writing generic questions whose answers can be easily found on Google is a bad thing, as is writing math questions.
An idea of what questions you're using would be useful.
Here is the type of questions I am asking Arantor. (3 questions to register on my forum)
Is the month "Deccemmber" spelt correctly? (yes or no)
What is the current year? (2012, 2013, or 2014)
True or False : iPhonel is a flavor of ice cream?
your questions are too easy, you need to use questions specific to your forum that can not easily be found on google.
I'm getting so flooded right now with spammers that I changed one question to something that cannot be answered but they are still trying. I wish it could be based on IP address.
http://wiki.simplemachines.org/smf/Spam_-_my_forum_is_flooded_with_spam,_what_can_I_do
Quote from: Lautermilch on December 08, 2013, 10:43:01 AM
I'm getting so flooded right now with spammers that I changed one question to something that cannot be answered but they are still trying. I wish it could be based on IP address.
Same here. Setting difficult question(s) has not helped at all. Wish there were other means to stop those spammers.
did you even READ the link that I posted?
There are SEVERAL ways to stop the spammers completely.
GOOD questions are the first step.
Bad Behavior + httpBL is an excellent mod that blocks about 80% of the spammers
Stop Spammer is another excellent mod that blocks the other 20% (or more) but it does have a history of false positives (blocking good users sometimes)
With those three methods, I have had *ZERO* spammers even register in the past 6 months and only about 4 in the past year and a half (and those 4 ere caught and flagged before finished registration allowing me to delete them before they were activated)
I don't use captcha at all.
I use registration activation by the user (not by the admin)
so good users can start posting right away
Quotethey are still trying
They got a zillion of forum url's, and using a zillion of ever changing ip's to do the work, and they will try blindly to register and post, not caring about success or failure. That's the factual situation, and it will not change.
So, only way is to find the best way to cope (small, anonymous forum here, but am still getting approx 5000 registration attempts\week). Banning
some particularly aggressive ip's or ip ranges (in .htaccess), different mods, verification questions (the questions works perfect here, a few forum related questions and changing them now and then).
About .htacces, had complete country ban (ru cn ua etc), worked fine for a while, but in the end the immense .htacces started choking the server, issuing random 403's + slowed everything down.
Quote from: Kindred on December 08, 2013, 12:14:16 PM
did you even READ the link that I posted?
There are SEVERAL ways to stop the spammers completely.
GOOD questions are the first step.
Bad Behavior + httpBL is an excellent mod that blocks about 80% of the spammers
Stop Spammer is another excellent mod that blocks the other 20% (or more) but it does have a history of false positives (blocking good users sometimes)
With those three methods, I have had *ZERO* spammers even register in the past 6 months and only about 4 in the past year and a half (and those 4 ere caught and flagged before finished registration allowing me to delete them before they were activated)
I don't use captcha at all.
I use registration activation by the user (not by the admin)
so good users can start posting right away
If the question was for me then yes, I did and I have (some of) those tools implemented.
As it is, I'm able to (knock on word) stop the spammers at the door. i.e They get to register but the majority of those created accounts are pending "activation" while some still manage to pass under the radar though with no posts.
In a day I get up to 200-500 pending activation accounts.
200+ pending activations doesn't sound like you've implemented any of the *good* methods for stopping spammers...
Maybe I should invite you to have a look at my forum when it comes back up and verify for yourself? :-\
Thanks anyway for the link.
Maybe you could tell us what you have done thus far...
Cant tell you anything right now. Fixing the forum.
Quote from: Arantor Beeblebrox the First on December 07, 2013, 10:15:26 PM
Changing questions periodically is always good.
I changed the questions and it seems to have stopped spammers registering in the last 24 hours.
I thought a little bit more about how to ask the questions and realised that if I start with the word "Is" that the question would more then likely be a yes/no answer. So I shot for a few words that had missing letters, thus the missing letters have to be entered.
Along the lines of "S_mpl_ Mac_in_s".
Sounds like a plan to me :)
Though I never fail to be astounded at the people who have trouble with questions. I remember one site used to have a question of "5 - 8 = ?" and the number of people who were having trouble registering, insistent that the answer was 3... I was amazed.
Yeah. Thats why I wanted to open this up as a discussion Arantor.
I can see now that doing a script to look for numbers and symbols would be easy to do. By the sounds of it, the scripts would get 5-8 right more times then the people it was trying to allow in !! Lol.
"Do" is another word that implies a yes/no response.
I wanted to make a question that had "404 Not Found", then ask if 404 was found... ;D
I had to change one of the questions I had, as for some reason SMF always said the answer was wrong.
What number is missing in the current year 2_13?
Answer was 0.
SMF didn't like it! Kept saying it was wrong. :o
0 is not a valid answer to any of the anti-spam questions.
How is "0" not a valid answer to a question Illori?
It is the answer.
Is there somewhere that it says its not valid? (Just in case there are other things that are not valid that I may use)
I just checked the online manual it says nothing about what is and is not valid.
The explanation is somewhere in those forums ;-) Just believe that it isn't...
Because of the way the anti spam code is written, and it's sort of the way PHP works.
Basically, the test in the bowels of that code, there is a test using the function empty() to check that there is a value there. Except because of the way PHP works, a string of the character 0 will be silently converted to the number 0 which matches the definition of empty. (Amongst other things, 0, '0', an empty string, an empty array, the value false and the internal value null are all matched as empty with the empty() function)
I have a feeling I changed this in 2.1 but I can't remember. But a 0 is not considered valid under any circumstances as an answer to a Q&A question in 2.0.
EDIT: I've also updated the wiki to mention it.
Thanks for the explanation and Wiki update.
I will mark this solved now.
When I switched to SMF I had a large number of spambots logging on to my forum and i found a way that stops them. The numbers have dropped down from about 100 a day to about 3-5 attempting to register. My "Who's Online" list was long at any given time. I installed a MOD named BotScout and it seems to have deterred the spambots from gaining access and the counts are down to under 5 now in a weeks time. The MOD has foiled the registration attempts and I suggest for you to use it. It has helped immensely!
Or you could follow the advice given which works even without adding mods (and in fact should be lighter on the server)