Require captcha for users under specified post count

[dxyy]

Using 1.1.16 with many mods.

Forum being overwhelmed by spammers and I need to fight back. I've already installed some mods that help with this and have also taken some steps on the registration side.

I believe this problem will be easily mitigated with the imposition of captchas for members below a certain post count. I believe this is easily achieved in 2.0.2, but for the life of me have been unable to find a way to do this on 1.1.16.

Help?

[Robert.]

Captcha was broken a long time ago, so it does not work anymore. The only thing captcha does is annoy your users, so it's not needed. Use verification questions instead.

[dxyy]

Thanks for the reply, but it doesn't say how to achieve this.

I'm convinced the spammers have already successfully registered hundreds of accounts that are lying dormant, but will eventually be used to spam the forum like there is no tomorrow. If not captchas then I'd like to use verification questions for users below a certain post count. Point is that I want to have some added security for members below a certain post count.

Thanks.

[a10]

have already successfully registered hundreds of accounts that are lying dormant

What I'd do: complete spring cleaning, even if it takes hours or nights. Kill the captcha, get the verification question mod up and running asap with a few good questions, delete all 'members' with 0 posts (maybe leave the most recent ones and check their ip's).

I'd say a member is someone who participates, 0 posts = 0 membership, if you've got heaps of zero posters just trash them. Forget about getting some impressive forum membership statistics or whatever reason one may have to keep them, security is far more important. BTW, 1st step: a complete phpmyadmin + ftp backup.

[MrPhil]

There are a number of CAPTCHA mods for 1.1, but they seem to all be for the registration phase. One, http://custom.simplemachines.org/mods/index.php?mod=907 , says it can be used for guest posting. Perhaps you could modify the code to check whether the poster is a guest and/or has fewer than N posts? Be sure to search for captcha in the mods section.

CAPTCHA is losing its effectiveness, as spammers employ either sophisticated image analysis or farms of humans. There are some CAPTCHA mods that use pictures of objects or entail reading analog clock faces -- those might work for a while. If you suspect that you already have a bunch of spammers registered and lying in wait to strike, I would take the earlier advice and purge all 0-post members who have been registered for more than a day or two.

[dxyy]

Thanks a lot for your advice. I'm currently deleting all members with zero posts even though I'm sure that will mean deleting some legitimate members.

Any ideas how to tweak this mod (http://custom.simplemachines.org/mods/index.php?mod=907) for users below a certain post count? I would really like to force users with fewer than 5 posts to use verification questions. I'm considering updating to 2.0.2 since the built-in anti-spam tools seem to be much more effective, but what's mainly holding me back is that some of the mods I use don't seem to have been updated for RC2.

On a side note, how easy is it to update to RC2?

[a10]

that will mean deleting some legitimate members.

Much better than waking up one morning finding 15000 spam posts! And I'd think anyone legitimate who is really interested (and worth having as a member) will register again. About the questions mod, it does wonders. For new registrations, use email activation, and evaluate over time if adm approval (or a mod with spam database lookup) is needed. Good luck.

[MrPhil]

I'm currently deleting all members with zero posts even though I'm sure that will mean deleting some legitimate members.

If someone registers, but doesn't post almost immediately, they're usually a spammer lying in wait. If not, how much effort is it to (re)register when they finally have something to say?

On a side note, how easy is it to update to RC2?

Don't update to anything less than 2.0.2, if you're moving to the SMF 2 track. There are many security vulnerabilities in the RC levels that have been fixed in the current release. RC levels are a dead end and you will have trouble maintaining your site in the future. Some of the coding directions they went off in have been radically changed for the final release.

If a mod was last updated for  (SMF 2.0) RC2, ask on its support topic if it works for 2.0.2. Just because the last update was for RC2 doesn't necessarily mean it won't work at the current release. It might, or it might be a minor fix to apply to 2.0.2, or it might not be worth the effort. If the mod is really worth having, someone should be updating it (if necessary) to work on current levels. You won't know until you ask (or try installing it).