Issue of Spam registrations on my forum

[pico55]

Hello,

I have been using SMF for the last 9 years and have been consistently bombarded with spam registrations since then. Yes - the spammer is still alive! I enabled the registration and right away started getting tons of spam registrations.
I have tried everything to combat the spam by enabling the email activation, manual activation, spam captcha, anti-bot questions, updating the forum version in the last 9 years but that bot outsmarts everything. The spam bot is getting stronger with time. The only solution I could find is just to disable the registration on my forum which I did a few months after the start of the forum in 2012, and that is the reason why for 9 years my forum has not been able to become a recognised platform as no one can register and ask questions/answers.
The bot is much stronger now, so strong that it pushes my hosting server CPU usage over the limits as soon I enable the registration on the forum.
The bot users do not post much on the forum, the only thing it does it registers the user and then in its user profile, posts a link in the signature. I could have lived with that but the number of registrations is too high form my server to handle and such a high number of users cause the forum to use excessive cpu.
Please help me find a solution to this my patience is now getting out of control. The version I am currently using is SMF 2.0.17.

Thank you!

[Looking]

From my experience the only real thorough solution is the use of a firewall, .htaccess blocking and code that follows their pattern and blocks them for it. Even if you stop them from registering they still circle around your site using up bandwidth and resources. Sometimes one bot can take up hundreds of connections and then you wonder why your SMF is slow.

[pico55]

Just to add up to the above, probably might help you identify the nature of that bot, when I disable registration and post on that forum and only allow guest posts which need to be approved, I regularly get the following message from the bot/spammer in the guest post:

Hey

It is regarding advertisement.
It is urgent.
How can I contact the admin.

[Illori]

https://wiki.simplemachines.org/smf/Spam_-_my_forum_is_flooded_with_spam,_what_can_I_do

[GL700Wing]

Have you considered using questions where the answers can only be found in an image you display above the questions (Sir Osis of Liver posted this tip a few months ago).

For example:

In the first image I've attached you could ask questions about which letters or numbers are of a particular colour and require the answer to be in alphabetic or ascending/descending numeric order.

In the second image you could ask questions that relate to columns/rows of numbers and/or odd/even numbers (eg, the sum total, the multiplication value, true/false questions about sum/multiplication values, etc) and with this image you could regularly change the questions.

[bsmither]

Do the registrations have a pattern?

If so, I added some code to index.php that makes a simple test for the pattern. If the test succeeds, I then kill PHP.

The only work done was to wake up the web server and start up PHP, but the application stayed asleep.

[Steve]

Another method people have found effective can be seen here:

https://simplemachines.org/community/index.php?topic=531660.msg3776163#msg3776163

[a10]

^^^ just to tell that the system of questions still does wonders, no botnet has ever registered on my forum in 7 years or so, millions of attempts. Using 30 questions, 3 active. The only antispam system in use.

A few 'human bots', minuscule problem, maybe 5 a year here, quickly spotted and deleted. If for some reason attracting lots of human bots, use a mod like stopforumspam in addition to questions.

pico55 wrote:
"The bot is much stronger now, so strong that it pushes my hosting server CPU usage over the limits"

ddos-like situation is in another department than spam itself, htaccess'ing the worst offenders will help. Just be 110% sure to include correct ip's (ranges), block only what's really needed, monitor activity now and then and remove \ edit entries.