Current SMF Verification feature takes ages?

[Sir Osis of Liver]

It's actually not that difficult to block spammers completely if you have basic coding skills.  Just develop your own verification gimmick, doesn't have to be too elaborate as long as it's unique.  Bots will not recognize it, and spammers won't bother trying to beat it if it's a one-off.  I never get spammers on my forums, or the few client forums I've installed it on, and I've been using it for years. 

[Just Another Member]

It's actually not that difficult to block spammers completely if you have basic coding skills.  Just develop your own verification gimmick, doesn't have to be too elaborate as long as it's unique.  Bots will not recognize it, and spammers won't bother trying to beat it if it's a one-off.  I never get spammers on my forums, or the few client forums I've installed it on, and I've been using it for years.

Same here. Just start out with the standard verification questions. Get 20, 30, 40 questions and then use them maybe 3-4 at a time, random. It takes a bot master weeks to figure it out, and then you just change all the questions slightly and they are back to square one. I do that every several months and it keeps the botnets off me. Plus I have good staff one who which watches the botnet attack building, and then I change all the answers and kick off the bots.

They do that, they'll mine you and set up a few dozen bots with accounts, ready to hit you. Then I LMAO and delete all the accounts I've already singled out and change the verification questions. I really appreciate a good staff! It leaves me free to work on forum development and make the call on difficult member problems.

And funny thing. Most of the time all those botnet attacks come from one country! When some country starts getting too big for their britches I just ban the whole country unless any of my membership comes from there. Which hasn't happened yet.

[Sir Osis of Liver]

I cobbled together some odd bits that were leftover from another project, made a keypad verification gimmick (you can try it here).  Once in a while, when I'm sufficiently bored, I drag out the code and tinker with it some more.  There are 10 numbered versions, and many more in between.  Good thing about it it's 100% effective against bots; bad thing is I can no longer remember exactly how it works (getting old).  Someone who knows how could probably beat it fairly easily, but no one's bothered so far, and the earliest files I have for this are dated 2011.

[Arantor]

I wrote a CAPTCHA, released it here... it's since been beaten by bots

[Sir Osis of Liver]

I've seen it, it's a different captcha, but still captcha, and it's running on enough forums to attract attention.  If every forum ran a unique verification method, bots would be screwed.

[Just Another Member]

I wrote a CAPTCHA, released it here... it's since been beaten by bots

Ohhhh... Poor baby! I'm sorry the bots infested your site.

Write your own CAPTCHA and don't share and you'll be good to go hun!

[Just Another Member]

I've seen it, it's a different captcha, but still captcha, and it's running on enough forums to attract attention.  If every forum ran a unique verification method, bots would be screwed.

Exactamentey what I said.

[Arantor]

I also wrote the support for multiple language Q&A in SMF so... problem solved

[Just Another Member]

I also wrote the support for multiple language Q&A in SMF so... problem solved

Is the anti-spam verification questions I use? I think it comes right with the standard SMF code, as many questions as you want to add, then pick how many at random you want to verify registration.

If so I have made quite successful use of that feature and found it very effective in preventing spammers from joining, particularly if you have an English language forum and they spammer has poor English.

I think what would be highly amusing would be to take my "ban a country" mod package and combine it with a multi-question verification system, but use my banned country feature to keep giving the spammers fake grading and tell them they failed when they actually passed. You know, really mess with their minds! LOLOL!

Of course spending any time on this other than getting rid of spammers would be a waste of time that could be more productively used elsewhere. That is why I generally just hang up on telemarketing calls instead of venting on them. Come to think of it, telemarketers and spammers must be almost the same species.

I am lucky that the nature of my forum allows me the luxury to ban entire countries. At the other end of the spectrum that would be totally unacceptable at SimpleMachines.

[Arantor]

I meant the upgraded version in 2.1 (which is also available as a mod for 2.0) where you can set different questions per language, and also set multiple correct answers per question. I didn't write the original 2.0 version.

But yeah, I also did my own CAPTCHA, which I think got to be popular enough that it got broken, as well as a few more not-so-obvious measures that definitely seem to help (some of which are bundled in SMF 2.1)

The anti spam arms race has been very interesting for the last decade. I particularly enjoyed the people who broke Google reCAPTCHA by using Google image search for the images displayed and feeding some of it into one of the AI vendors (DeepMind IIRC, which might even be Google owned) to be able to beat reCAPTCHA. But against people who will pay $2 for 1000 solved CAPTCHAs, it's hard to go against that.

[Gwenwyfar]

I made use of the multi QA questions to add images (not searchable and highly stylized drawings), and asked something about the image. And they still fell down once in a while to human spammers (or paid ones). No anti-spam can beat real humans at the end of the day

Never had any trouble with spambots though, nor mass-spamming. They did seem to run some tests with the spam accounts occasionally, possibly to test their bots for use elsewhere, trying to post something relevant to the topic (but was still gibberish and nonsense most of the time). One of the members had a job running bot scripts (for multiple purposes, some analytical), and when he put one to work on the forum, it was the most useful "member" in some topics. Funny to watch, troublesome to moderate.

[Just Another Member]

I meant the upgraded version in 2.1 (which is also available as a mod for 2.0) where you can set different questions per language, and also set multiple correct answers per question. I didn't write the original 2.0 version.

But yeah, I also did my own CAPTCHA, which I think got to be popular enough that it got broken, as well as a few more not-so-obvious measures that definitely seem to help (some of which are bundled in SMF 2.1)

The anti spam arms race has been very interesting for the last decade. I particularly enjoyed the people who broke Google reCAPTCHA by using Google image search for the images displayed and feeding some of it into one of the AI vendors (DeepMind IIRC, which might even be Google owned) to be able to beat reCAPTCHA. But against people who will pay $2 for 1000 solved CAPTCHAs, it's hard to go against that.

Yeah, that is definitely a good feature/mod for multilingual forums. I too have been interested in the arms race because of a few spammer swarms I've fought off, and also my own CAPTCHA which is still in use to prevent harvesting of file download links on just one forum. For that reason it's not worth cracking.

That's an interesting story about the cracking of reCAPTCHA. I can tell you for sure I really dislike being on the receiving end of the new one. I get frustrated when I've used up all my attempts and I AM HUMAN. At times it can be too hard for me to convince a website I'm not a bot.

And like you said, spammers can always buy cheap cattle to post spam. That characterizes the countries I have banned, the combination of poverty and cheap labor, which is also why there are few people from those countries who utilize my forum.

[Just Another Member]

I made use of the multi QA questions to add images (not searchable and highly stylized drawings), and asked something about the image. And they still fell down once in a while to human spammers (or paid ones). No anti-spam can beat real humans at the end of the day

Probably paid spammers unless you have a very popular site. My forum had an Alexa of about 70,000 which isn't all that much but was still attractive enough to try to spam me.

Never had any trouble with spambots though, nor mass-spamming. They did seem to run some tests with the spam accounts occasionally, possibly to test their bots for use elsewhere, trying to post something relevant to the topic (but was still gibberish and nonsense most of the time). One of the members had a job running bot scripts (for multiple purposes, some analytical), and when he put one to work on the forum, it was the most useful "member" in some topics. Funny to watch, troublesome to moderate.

All I know is a couple times I had somebody packing my member lists with bots and I figured they were getting ready for an onslaught. Like a long campaign where they just switch accounts when I ban one. My sharp Admin spotted the activity and I did the extermination job.