Tidal wave of spambots attacks SMF 1.1.x - How to protect your forum

[Midnight Caller]

@vertese, Have you install the Mod Anti-Spam Verification Questions ?

[vertese]

thank you for the reply. I did look at that before I posted but it said SMF 1.1.7
Will it be ok with ours?

[Midnight Caller]

Yes it will work, I have SMF 1.1.13 with it and it has stopt the Comment Spammers

[vertese]

Midnight caller, help and thank you
it says this
3. Execute Modification ./Themes/default/Register.template.php Test failed

[Midnight Caller]

@vertese, My friend Gordo installed it for me so I am not going to be much help with installing Anti-Spam Verification Questions Mod, But with that said here gos:

Go to:
Packages
>Options   
Cleanup Permissions
>All files are writable - selekt

Then Click "Change file permissions"

Hope that helps

If not try making a folder in "Packages" called "temp" set file permissions to 777

If that does not work I am sorry but I can not help you!

But some one will be along to help you!

[Illori]

if you have other mods you may need to do a manual install of the mod Manual Installation of Mods you are best to post in the support thread for that mod.

[MrMike]

A good spam catcher that works with SMF 1.1.13 is what we need, please.

I recommend 2 things:

1) The Avatar Verification mod.
2) Add time-gating to your registration page.

Those two things will knock out a vast majority of the spambots. As for humans, there's not much you can do except insist they email you upon registration and request that their account be activated.

[Aleksi "Lex" Kilpinen]

The verification questions can often help a lot.

[vertese]

Midnight Caller and others
thank you so much, it has worked, and we have done it.
I am very, pleased. thank you.

[JeeK]

A good spam catcher that works with SMF 1.1.13 is what we need, please.

I recommend 2 things:

1) The Avatar Verification mod.
2) Add time-gating to your registration page.

Those two things will knock out a vast majority of the spambots. As for humans, there's not much you can do except insist they email you upon registration and request that their account be activated.

On my list I have some kind of browser gating too.
I seems that human-based mass breaking of forums is not done from
an browser context. So far, some differences how posts are done exists.
Maybe it is worth to work on this (because its very simple).

The answering farms set all checks to "on", but other than browsers they choose "1" instead
of "on" (like browsers do).
Since I changed in Register.php as follows

Code Select Expand

-       if (!empty($modSettings['coppaAge']) && empty($modSettings['coppaType']) && !isset($_POST['skip_coppa']))
+       if (!empty($modSettings['coppaAge']) && empty($modSettings['coppaType']) && (!isset($_POST['skip_coppa']) || $_POST['skip_coppa'] !== 'on'))


no bot or "farmer" had ever passed the registration ...
The same can be done for the "hide e-mail" check (if the over 18 check is
not used at all).

A variation of the above:
Maybe one let a check preselected in checked state and demanding to "uncheck"
it, to finish the registration.

Sure, if this countermeasures would widely adopted, the bot farms may adjust
their "software" to this.

But in general, the right way should be a mixture of several techniques which
altogether build some kind of a fuzzy rule set, to separate real and interested people
from spammers and "farmers".
Time-gating mentioned above is a fundemental thing for doing this.