A Guide to Combating Spam on a Simple Machines Forum

Started by Account Abandoned, September 17, 2011, 04:23:20 AM

Previous topic - Next topic

Rust

I didn't notice a huge drop in spam after implementing Project Honeypot.  Bad Behavior Mod helped.  Installing a StopForumSpam plugin, however, was decisive in preventing spammers.

Just passing it along, in case it helps someone else out. :)

Bob La Londe

Blocking registration by partial user name - I like the ability to do that, but I would like to not show exactly why a registration was blocked. 

Lately I have been getting a lot of spam registrations from user names ending in the numeric digits twenty three.  If they immediately get a message saying twenty three is a restricted user name then they will just start using twenty four. 


Arantor

You're giving spam bots way too much intelligence.

Kindred

Also... not telling a REAL user why the registration was blocked would just piss people off...

What if I wanted to register on your forum with the name "23-days"
If it just got bumped without telling me WHY, I would leave your forum and assume that it was buggy and was not allowing any registrations
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

firemun

I thought of a fun way to use security questions the other day while also helping to block even more spammers.

We all like our niches right? We also like quizzes! So require 3-X (or something like that) questions to be answered upon registration, first posts and so on and make the theme of the questions not only related to the direct niche of your forum but also in a quiz-like theme. The more questions you have (but don't have too many), the better you will block that bad robots and quizzes might be fun at least to a "majority" of new members signing up.

Just a thought though to ease the registration process... Who knows, maybe the idea can be used to make an advanced security question feature or mod, add some additional security questions options like radio checking, multi-checking, drop downs, etc.

Thoughts on this idea? Good? Bad?

Kindred

personally, I think that may be overkill...
(and with checkboes or radio buttons, the spammer could actually have a rnadom chance to choose correctly...)

The new 2.1 multi-answer and multi-language capability would seem to handle most situations...
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Arantor

Yup, reducing it to a dropdown or radio button means you change it from an arbitrary collection of choices to a few which could be beaten totally at random without significant effort.

firemun

Well I can't argue that!

But how about the general idea of making it like a quiz with just regular fill in the blanks?

My main thing is that I don't want to annoy people trying to join. Most people are not going to think like we do, we know we are trying to prevent spam because its way more annoying but they just think we are trying to make things difficult.

Arantor

Go for it - that's one of the ways to outsmart the spam bots.

Mikelund

Hi Everyone. I'm a new member with a rude awakening. I got 100 adult-spam posts within 12 hours even though people had to register.

My question, can I assume spam these days is often by real people rather than just bots?

Arantor


Mikelund

Quote from: ‽ on June 15, 2014, 05:42:00 PM
Not at all. The vast amount of it is by bots.
I don't understand how I'm getting lots of spam registrations even with captcha and a question and admin approval.  Are these likely to be human spammers rather than bots?

margarett

Admin approval is the "ultimate" way of preventing bots. If you approve them and then they spam you all over the place, that means that you are not doing your job properly :P
If you choose to have members approved "by hand", you have to be careful enough to manually check their IP and email address in known spammers databases. If you approve without checking, well, then just skip the admin approval and save yourself the hassle ;D

Furthermore:
* Captcha is useless (spammers crack it way easier than humans understand it :P )
* A question: What question are you using?
* As always: check this --> http://wiki.simplemachines.org/smf/Spam_-_my_forum_is_flooded_with_spam,_what_can_I_do
Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

firemun

Quote from: Mikelund on June 16, 2014, 03:41:03 AM
Quote from: ‽ on June 15, 2014, 05:42:00 PM
Not at all. The vast amount of it is by bots.
I don't understand how I'm getting lots of spam registrations even with captcha and a question and admin approval.  Are these likely to be human spammers rather than bots?

Are you using challenging questions at all? Also, where are you promoting your forum at?

11 phenomenon

It seems about the best way to prevent spammers from taking hold would be to provide an option to approve of the first post(s). Other forums do this. Not sure why SMF does  not.

Arantor

Actually, it really doesn't work that well. SMF can do it, but in reality it just puts up more barriers to participation and drives people away.

Kindred

As stated, you can do that if you want... With a standard installation, even...
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

11 phenomenon

Quote from: Kindred on July 13, 2014, 08:20:18 PM
As stated, you can do that if you want... With a standard installation, even...

How would this be done? It seems that it would be preferable to make a person wait for the first post than to make them wait while someone pours through ip addresses to see if they are a spammer. Generally it would take longer to approve the registration than the post.

Arantor

You can configure post approval with permissions in 2.0, and have been able to do so for years.

As far as IP lookups go, it's not like Stop Forum Spam etc. can't be automated (because they can), necessitating not having to do manual lookups. And of course, good Q&A at the door has a knack of keeping them at bay anyway.

projectnaija

enabling verification image and question can help. I wrote a small guide on how I fixed mine here

Advertisement: