News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

Spambots are growing crazy - advice needed

Started by Pogo Stick, July 06, 2021, 07:47:21 AM

Previous topic - Next topic

Pogo Stick

It seems that forum spambots are going crazy right now.

My forum is set up with registration requiring admin approval so I can check the IP addresses against those in the Stop Forum Spam site. I've also set it so that the registrant has to answer two questions of the format:

Enter the uppercase letters in aghycTYXChuiop
Enter the last four numbers in plkmn6754098uioyty

I have 15 of these types of questions set up.

And yet the spambots are getting past this.

Any advice on how to fend them off?

efk

https://www.simplemachines.org/community/index.php?topic=571419.msg4045460#msg4045460
https://www.simplemachines.org/community/index.php?topic=575212.msg4070909#msg4070909

If you need more help or if anyhow your problem is for some reason more serious, I'm free to check settings to make system like explained in my topics and like on my forums. Make sure you have 2 or 3 security questions to answer until reaching few posts.

vbgamer45

Do you have any other ways they can login? social login? tapatalk?
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Pogo Stick

@efk - Good advice, I'll try that thanks!

@vbgamer45 - No. But will check.

efk

You could go to package manager to post what mods do you have, but that is really not relevant in your case. Ask yourself do you really need Admin approval on registration because that is really not necessary, before you do change to Immediate registration, you should first disable registration to save yourself from wasting the time on bots. Once you finish settings like I explained in my topics, go to bots accounts, if they have some serious amount of posts you should delete them + all of their content, that will save your time, if they have just a few posts, ban bot and do manual removal of his posts.
How often do you change security questions? 2 security questions to answer works flawless 99% of time, just a few bots can go through on yearly basis and when saying that they are awaiting for approval from moderators/admin.

willerby

I had this problem with a similar set up and similar questions.

Reduce the questions to random 2 from 6 - make at least two of the six relevant to your forum content rather than 'last letters' or 'fifth character' type questions eg. for this forum it might be something like What colour is the first word in the Simple Machines logo?  then just wait for them to get in. They will.

On a busy forum I find it takes them a month to 6 weeks or so - they basically solve two questions and can initially only register when those two questions come up. As time passes more questions are solved and you get more and more spam registrations.  As soon as you see a spam registration change the questions. Having 2 or 3 from 15 sounds good but in practice I found that they started to get in when they had solved just 2 or 3 questions and then slowly ramped up as they solved more. Having to change 15 questions to a completely new set was a ball ache so I reduced down and change all six as soon as they solve any. Seems to work and is lot less hassle than having to check each registration.
What type of washing machine is September?

An autumnatic. :)

wakewatcher

I've got a site for our HOA.  Finally I added a question to input the last name of the current HOA president upon registration and the spam  registrations went to 0 so far.
smf 2.0.18

Rob Lightbody

How many (real human) registrations do you get in a month?

I realised that it wasn't that many, so switched to manual registration a few years back

To register, someone has to email us to ask them to join.  Doing this completely eliminated the problem.

Advertisement: