News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

100s of members waiting for approval, but they all seem fake?!

Started by nomij, August 01, 2014, 07:29:14 AM

Previous topic - Next topic

nomij

Hi!  I have a newbie question!
I didn't realize my "alert me when new registration" button was turned off, but the registration settings did say that I (Admin) needed to approve.  I just realized this, when I came to a list of 100's of registrations waiting for approval, but, they all look fake!  Unintelligible names, foreign email extensions...  I don't want to delete them all and miss any legit requests, so I'm trying to weed through them all.  But, I wondered if anyone could give me some info on this... if I do email link verification, instead of Admin approval, does this still happen?  It seems strange that there are so many fake looking accounts when you have to type the fuzzy verification word when registering.
Thanks for any help!
Nomi >^,,^<

Arantor

Spam bots are getting better and better at getting around such things. I was seeing them answer email validation as far back as 2007 so that's no defence.

Spam - my forum is flooded with spam, what can I do might help you though.

Mstcool

I use:

http://custom.simplemachines.org/mods/index.php?mod=2839

and

http://custom.simplemachines.org/mods/index.php?mod=1519

Those are really good to stop future spam bots from registering. However, I'm not sure if they will help you with the accounts that already registered but its good to stop future spammers. :)

JBlaze

A good example is my test site that I have neglected, and honestly keep around for stress testing, which has almost 150,000 spam posts and over 20,000 spam users. The forum is set to the highest CAPTCHA setting, and the user must answer 1 verification question, yet still they get by it.

http://jasonclemons.me/smf-mobile
Jason Clemons
Former Team Member 2009 - 2012

Arantor

Half your problem is your question. The bots can now put the questions into Google and get answers - including the word blue in bold.

JBlaze

Quote from: ‽ on August 01, 2014, 06:39:34 PM
Half your problem is your question. The bots can now put the questions into Google and get answers - including the word blue in bold.
Indeed, but that's the point I'm trying to make. Spam bots have been getting very smart. And a good portion of them are now even human spammers.
Jason Clemons
Former Team Member 2009 - 2012

a10

Have been doing well with a bunch of questions in this style, and changing them now and then:

Write the last four letters seen in 3784hjgdhr8785
Write the first 5 numbers seen in sdjkd67489488dfkhjf
etc

Won't stop human spammers (only seen very few of those), but the bots don't get it and real members have no problems.
2.0.19, php 8.0.23, MariaDB 10.5.15. Mods: Contact Page, Like Posts, Responsive Curve, Search Focus Dropdown, Add Join Date to Post.


butchs

I have noticed little improvement in spam inelegance since 2010.  Back in May-June I had well over 7,000 bots a week go after me and 99.9% were stopped by the same measures I have been using for at least four(4) years:

1.  Cloudflare.
2.  Crawlprotect.
3.  Stop forum spam.
4.  Avatar Verification (some bugs fixes that that the author let me do for my site) with 100 pictures.
5.  Bad Behavior w/ HTTPbl (my stuff).
6.  Forum Firewall (my stuff - lots of improvements).  * Do not use this mod unless you are experienced *.

The worst I saw was a few spam bot attacks driven by forum spam software with predictable habits that I knew about for some time and finally updated my code to block.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

nomij

Oh my gosh, I love forums!  You guys are so helpful, thanks!  I didn't "search" for the correct term, so I missed that spam post, thanks for sharing.  I've set up some questions, including "What are the last four digits in..."  Between the link, and the ideas, and the feedback, I've learned a lot. Thanks everyone!
>^,,^<

Red Badger

hxxp:traditionalmuzzleloadingcheap.com [nonactive] was getting hit with over 1,000 new member requests a day right after we upgraded to SMF 2.X WE added the mods suggested and also created a web email address on gmail for the admins to use in sending out a "we have been hit by spam attacks" email asking our prospective members to reply to the email.  It is a bit bulky but the three admins can send emails out to the 4-5 people who find our site each day and request membership. 

One word of caution - we do not use our primary emails but a seperate web email that was created and we all can access. 

Advertisement: