News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

SPAM Management

Started by Fat_Man, December 07, 2013, 10:10:53 PM

Previous topic - Next topic

Fat_Man


When I updated my forum to version 2 software at the start of the year, the SPAM registrations dropped went from a lot to 0 over night.
Using the "questions" on registration it eliminated the robot SPAMMERs.. but now they are getting around this.

While I can stop them at the front door using the "Admin Approval" requirement, it was a whole lot better not having them there.

So what I am interested in, is how forum admins are staying ahead of this.

Obvious that the software so called SEO's are using is made to attack our forums along with the distribution of SMF listed sites. I've seen some SEO sites that list 150,000 sites using SMF software.

Is there a trick to writing better registration questions?

Spammers do not pay. Ultimately I may have to make a $1 registration.

Anyone want to pass on there ideas and thoughts/tricks?

Arantor

Changing questions periodically is always good.

Additionally, writing generic questions whose answers can be easily found on Google is a bad thing, as is writing math questions.

An idea of what questions you're using would be useful.

Fat_Man


Here is the type of questions I am asking Arantor. (3 questions to register on my forum)

Is the month "Deccemmber" spelt correctly? (yes or no)
What is the current year? (2012, 2013, or 2014)
True or False : iPhonel is a flavor of ice cream?


Illori

your questions are too easy, you need to use questions specific to your forum that can not easily be found on google.

Lautermilch


I'm getting so flooded right now with spammers that I changed one question to something that cannot be answered but they are still trying. I wish it could be based on IP address.

Kindred

Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

smartblogz

Quote from: Lautermilch on December 08, 2013, 10:43:01 AM

I'm getting so flooded right now with spammers that I changed one question to something that cannot be answered but they are still trying. I wish it could be based on IP address.
Same here. Setting difficult question(s) has not helped at all. Wish there were other means to stop those spammers.

Kindred

did you even READ the link that I posted?

There are SEVERAL ways to stop the spammers completely.

GOOD questions are the first step.
Bad Behavior + httpBL is an excellent mod that blocks about 80% of the spammers
Stop Spammer is another excellent mod that blocks the other 20% (or more) but it does have a history of false positives (blocking good users sometimes)

With those three methods, I have had *ZERO* spammers even register in the past 6 months and only about 4 in the past year and a half (and those 4 ere caught and flagged before finished registration allowing me to delete them before they were activated)

I don't use captcha at all.
I use registration activation by the user (not by the admin)
so good users can start posting right away
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

a10

Quotethey are still trying
They got a zillion of forum url's, and using a zillion of ever changing ip's to do the work, and they will try blindly to register and post, not caring about success or failure. That's the factual situation, and it will not change.

So, only way is to find the best way to cope (small, anonymous forum here, but am still getting approx 5000 registration attempts\week). Banning some particularly aggressive ip's or ip ranges (in .htaccess), different mods, verification questions (the questions works perfect here, a few forum related questions and changing them now and then).

About .htacces, had complete country ban (ru cn ua etc), worked fine for a while, but in the end the immense .htacces started choking the server, issuing random 403's + slowed everything down.
2.0.19, php 8.0.23, MariaDB 10.5.15. Mods: Contact Page, Like Posts, Responsive Curve, Search Focus Dropdown, Add Join Date to Post.

smartblogz

Quote from: Kindred on December 08, 2013, 12:14:16 PM
did you even READ the link that I posted?

There are SEVERAL ways to stop the spammers completely.

GOOD questions are the first step.
Bad Behavior + httpBL is an excellent mod that blocks about 80% of the spammers
Stop Spammer is another excellent mod that blocks the other 20% (or more) but it does have a history of false positives (blocking good users sometimes)

With those three methods, I have had *ZERO* spammers even register in the past 6 months and only about 4 in the past year and a half (and those 4 ere caught and flagged before finished registration allowing me to delete them before they were activated)

I don't use captcha at all.
I use registration activation by the user (not by the admin)
so good users can start posting right away
If the question was for me then yes, I did and I have (some of) those tools implemented.
As it is, I'm able to (knock on word) stop the spammers at the door. i.e They get to register but the majority of those created accounts are pending "activation" while some still manage to pass under the radar though with no posts.
In a day I get up to 200-500 pending activation accounts.

Arantor

200+ pending activations doesn't sound like you've implemented any of the *good* methods for stopping spammers...

smartblogz

Maybe I should invite you to have a look at my forum when it comes back up and verify for yourself?  :-\

Thanks anyway for the link.

Arantor

Maybe you could tell us what you have done thus far...

smartblogz

Cant tell you anything right now. Fixing the forum.

Fat_Man

Quote from: Arantor Beeblebrox the First on December 07, 2013, 10:15:26 PM
Changing questions periodically is always good.

I changed the questions and it seems to have stopped spammers registering in the last 24 hours.

I thought a little bit more about how to ask the questions and realised that if I start with the word "Is" that the question would more then likely be a yes/no answer. So I shot for a few words that had missing letters, thus the missing letters have to be entered.

Along the lines of "S_mpl_ Mac_in_s".


Arantor

Sounds like a plan to me :)

Though I never fail to be astounded at the people who have trouble with questions. I remember one site used to have a question of "5 - 8 = ?" and the number of people who were having trouble registering, insistent that the answer was 3... I was amazed.

Fat_Man

Yeah. Thats why I wanted to open this up as a discussion Arantor.

I can see now that doing a script to look for numbers and symbols would be easy to do. By the sounds of it, the scripts would get 5-8 right more times then the people it was trying to allow in !! Lol.

"Do" is another word that implies a yes/no response.

I wanted to make a question that had "404 Not Found", then ask if 404 was found...   ;D


Fat_Man

I had to change one of the questions I had, as for some reason SMF always said the answer was wrong.

What number is missing in the current year 2_13?
Answer was 0.

SMF didn't like it! Kept saying it was wrong.    :o

Illori

0 is not a valid answer to any of the anti-spam questions.

Fat_Man

How is "0" not a valid answer to a question Illori?
It is the answer.

Is there somewhere that it says its not valid? (Just in case there are other things that are not valid that I may use)
I just checked the online manual it says nothing about what is and is not valid.


Advertisement: