Attacked by spam bots

[Ron.]

My forum has come under attack by spam bots, all from Russians IP addresses. We had more than 100 registration attempts within 12 hours.

To register, users have to pass two "human" checks: 1, answer a set of simple questions; 2, read letters in a scrambled image. Obviously the bots are getting passed this. The new accounts then have to be admin-approved, so that is stopping them from running amok.

I have had to disable new registrations to give us some peace. I figured if I leave them turned off for a week or two the bots will get tired and go away.

Has anyone else experienced this sort of things and what advice can you give to help prevent this from happening again?

[Arantor]

The scrambled image has not been an adequate defence in years. It's only left in since it would be absolutely negligent to provide SMF totally unprotected.

Yes, others have experienced this of late. We've found that the bot owners are sharing the answers to Q&A so once a human beats the questions, the answers are shared.

There are a variety of mods on offer, Spam - my forum is flooded with spam, what can I do has some useful pointers.

[tjbalon]

KeyCAPTCHA Mod


The mod I linked has solved this problem for us. Almost all of the bots have stopped coming to our forums since. If this doesn't work there is another that asks "Are you a bot?" / "Are you a human?" - I've kept the question on "random" to switch back and forth between the two, and randomly ordering the drop down menu to answer.

[Steve]

Installation

    Register on and log-in to our site https://www.keycaptcha.com
    Add your site URL to a Site list
    Follow the CAPTCHA installation instructions in our Wizard

I'll pass and stick with the suggestions in Arantor's link.

[Arantor]

I've certainly heard good things about Misc Anti Spam, it seems to have had better effects at dealing with the current crapstorm than I could have expected.

[QuickOne]

My forum has come under attack by spam bots

I registered just to leave a comment here about this... I think there is some big spambot invasion going on now across many different forums. Starting about a day or two ago my forum started getting dozens of spam registrations. I did all the same things as you (extra human verification (HV) questions, admin approval before they can post, etc).

It finally stopped (~6 hours ago) when I switched one of my HV questions over to a Google ReCaptcha. I'm running vBulletin instead of SMF, but if you have the ReCaptcha option I would recommending giving it a try.

Simultaneously I re-worded a different HV question so that it didn't have the answer inside the question. Previously I asked "What color is a red car?" Now I ask something like "What color is a fire truck? (Blue, Green, Purple, Pink or Red?)". So that might have helped a bit also.

Best of luck,

QO

[Bruce the Shark]

In reply to your answer has this happened to anyone else.
Well, yes this has happened to me.
http://www.simplemachines.org/community/index.php?topic=523040.msg3700633#msg3700633
They seem to get you when you guard is down, as this was the case for me, when i was in the process of setting up my forum.
I think this happens to quiet a few people.
Welcome to the club, sorry to say.
Again as mentioned above the advice is well given, i would follow there rule.

[debiwebi]

This just happened to me too. I just went live with my forum 3 days ago, setting registration to Email Activation. This morning I had almost 200 new member notices in my inbox, plus about 10 spam posts. Turning Admin Approval didn't help, I just got more emails. So for now I haven registration turned off. I've read other posts about this issue and looked the mods listed on the Wiki page ( http://wiki.simplemachines.org/smf/Spam_-_my_forum_is_flooded_with_spam,_what_can_I_do ) and will try adding step 3 to the membership process. The Mods at the bottom of the page sounded promising until I took a look at the spam mod page -- only of them shows compatibility with 2.0.9, and it's a Captcha mod. Last update dates on most mods are ancient.

I've used SMF once before, many years ago, and the spamming began. It wasn't as fast and furious and these days, but the most effective way I prevented spammers was to turn Registration off & put a graphic on the home page telling people to email me if they wanted to register because of the spam issue. I did not include an actual email link, it was an image (jpg) of my notation.

I'll try adding some questions and if that doesn't work, will go back to my old method. I'll update this post at some point to let you know how it went.

[debiwebi]

I was just thinking-- I have two blogs plus this one SMF forum. I occasionally have spam comments on my blogs, not very often. One of them has been active for three years now. I wonder why the blogs seem relatively spam free, while my forum was hit hard within 3 days of going live. It is something unique to forum software, or is SMF particularly easy to hit?

[Arantor]

Check again on that Misc Anti Spam mod.

Also, all the forum software got hit hard of late, not just SMF.

[debiwebi]

Ah-hah! I was wondering why you sent me back. I found it and will get started right away. Thanks!

[ms_ukyankee]

I noticed last night we had a couple hundred accounts created over a few days that were caught in the StopSpammer approval queue. We had one spammer get through which posted what appeared to be a possible malware link.

I changed up the questions and answers on the registration verifications and increased the number needed by one, my thinking being that bots had the answers scripted to our site, so hoping changing the Q & A verification might break their registration scripts. After 24 hours, it still appears to have stopped, fingers crossed.

We also use the httpBL mod and between both of those blacklist checks, not much gets through.

Over two years, on one big board I admin:

StopSpammer: 325832 Spammers blocked up until today
Spammers stopped by MOD httpBL: 292532

[AZMazda3]

Our forum as of this week also, has been increased with new members awaiting approval, annoying. I updated everything. I am now going to go switch up the questions and see if that helps. 

[Ron.]

An update: I simply shut off accepting any new membership requests for about three weeks.

I then increased the number of questions, but made the required number less so that the system offered the questions in random order. Within a day of re-enabling new registrations I received three requests all from "outlook.com" email addresses with Russian IP addresses. I banned outlook.com. Today I got a request from rtrshhhhRTThkjhl which I rejected out of hand.

When we first started I would not accept registrations from gmail, aol, or msn as they seemed to be favoured by spammers. However, a lot of legitimate people use those providers so I had to back down.

I will consider all the suggestions made in response to this post and try some if the problem persists.

[GZ06]

Ron,

mostly this are live bots from Russia. They answering on questions and reading captcha well. I think this is Russian "links" illegal advertisement system. Let them register. This is not problem. Just check profiles. I think they are including live links in "web site" field and in signatures. In admin panel close web site field. Then use mod (Prevent Adding Signature Images And Links) or other for to remove links in new signatures. Old signatures you can remove by using sql script you can find here http://www.simplemachines.org/community/index.php?topic=531914.msg3778616#msg3778616

[Kindred]

GZ06,

ummm.... no.

do not let them register. Stop them at the gates.

Most of them are NOT "live" as in a person...   they are bots - and the recent upswing is because the spammers recently added a new database with the answers to thousands of site "questions" in it.  Change up your questions, add more and make a random set of those appear and you will stop 90% of them.
Stop Spammer and Bad Behavior will stop the other 10%.

Trying to control things AFTER they register is a losing proposition in the end...   which doesn't mean that some protections like anti-spam links or limiting access to the profile for new users is a bad idea...   those are still good ideas... but "let them register" is **NEVER** good advice.

[GZ06]

May be. But the method which I mentioned in my post above, stopped new registering at 99%, immediately. If it was may be 100 and more fake spam registers in a day, now I have 1 or two new bot in a couple days. Last two days -nothing. Reason to bot register gone, forever. They or new clients can put links now after 100 posts and it easier to control now.. To change the questions and answers in spam filter -temporary give small time out.

[Arantor]

On the contrary, I've had great success with Q&A where I've been spam free for years on forums

[cpf]

KeyCAPTCHA Mod


The mod I linked has solved this problem for us. Almost all of the bots have stopped coming to our forums since. If this doesn't work there is another that asks "Are you a bot?" / "Are you a human?" - I've kept the question on "random" to switch back and forth between the two, and randomly ordering the drop down menu to answer.

That looks like it would work, but I got an error on install.

[Bruce the Shark]

On the contrary, I've had great success with Q&A where I've been spam free for years on forums

They are not spamming you Captain because they fear you, otherwise you will create a mod to spam the Russians back. 

[Kindred]

KeyCAPTCHA Mod


The mod I linked has solved this problem for us. Almost all of the bots have stopped coming to our forums since. If this doesn't work there is another that asks "Are you a bot?" / "Are you a human?" - I've kept the question on "random" to switch back and forth between the two, and randomly ordering the drop down menu to answer.

That looks like it would work, but I got an error on install.

read the FAQ about what to do when you see and error on mod installation

[Steve]

Error in mod installation

[gigashiga]

ques and answer mod has worked for me, to a great extent.
the key is using different questions related to your forum so that genuine forum members can answer it.
from 100's of posts a day it came to couple of posts a day.

[cpf]

KeyCAPTCHA Mod


The mod I linked has solved this problem for us. Almost all of the bots have stopped coming to our forums since. If this doesn't work there is another that asks "Are you a bot?" / "Are you a human?" - I've kept the question on "random" to switch back and forth between the two, and randomly ordering the drop down menu to answer.

That looks like it would work, but I got an error on install.

read the FAQ about what to do when you see and error on mod installation

Will do.  Where is the FAQ?

[Illori]

http://wiki.simplemachines.org/smf/Error_in_mod_installation

[cpf]

http://wiki.simplemachines.org/smf/Error_in_mod_installation

Thanks.

[Steve]

Error in mod installation

http://wiki.simplemachines.org/smf/Error_in_mod_installation

Oh sure, Illori, steal my thunder ...

[cpf]

I forgot to reply back.  I was getting flooded daily with the Russian spammers, but I installed Arantor's spam mod, and I haven't had a single spam get through yet.  This completely solves the spammer problem.