Blog Documentation Book a Demo
Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Is there a way to properly stop spammy new members?

dave_stewartdave_stewart New
edited June 2011 in Vanilla 2.0 - 2.8
I've already set my registration process to approval, and asked people to make a specific comment about the subject of my forum, and why they would like to join, but I'm getting an increasing amount of new "spam" members - that is Russian, or with very dodgy email addresses.

Even without the approval mechanism in place, I'd get about10 new spam sign-ups a day, and even with, it actually doesn't cut down my work of deleting them, it just ensures they don't get to post any spam first.

Ideally there's be some kind of captcha plugin, a question and answer, or picture-match mechanism for the registration page, but I've not seen this amongst the add-ons.

I'm happy to build something myself if someone (devs?) could point me in the right direction to which files to tinker with.

Thanks,
Dave
Tagged:

Best Answer

  • lucluc ✭✭
    Answer ✓
    The repcaptha plugin is mainly defeated.
    Coming with 2.0.18, there's a stopforumspam plugin. The crew installed it here a couple of days ago, and they're quite happy with the result.

Answers

  • lucluc ✭✭
    Answer ✓
    The repcaptha plugin is mainly defeated.
    Coming with 2.0.18, there's a stopforumspam plugin. The crew installed it here a couple of days ago, and they're quite happy with the result.
  • dave_stewartdave_stewart New
    Thanks. Does that include registration?
  • lucluc ✭✭
    I think so. I haven't really looked at it.
  • mandel23mandel23
    I am using stopforumspam on my main site (members get Vanilla accounts using proxyconnect), and I'm very happy with it. Glad to see it's coming as a plugin!

    It has prevented 1500 spam accounts in the last year and the only issue is the occasional false positive. A few times people who have dynamic IP addresses have been prevented from registering, but this is something I take care of by asking them to email me directly in my error message.
  • bobthemanbobtheman
    now i just need a way to delete the 5k spam users already registered
  • ToddTodd Vanilla Staff
    @dave_stewart, There are Accept and Reject links beside answers. If you question was answered please click accept.

    @mandel23, Our stop forum spam plugin has two thresholds. If an ip/email has been reported a certain number of times then the registration is logged. If it has more than that it is just ignored. I'm still playing with those number as I don't want admins to have to go through their spam log every day and delete 50 registrations.

    Can you tell me how stop forum spam works on your main site?
  • dave_stewartdave_stewart New
    edited June 2011
    Well it's not really been answered to be honest. I'm looking for which files I need to tinker with if I want to do this myself.

    So far I've figured the 2 files I need to look at are:

    * applications\dashboard\controllers\class.entrycontroller.php
    * themes\[theme]\views\entry\registerapproval.php

    But I'm guessing that perhaps I should extend class.entrycontroller.php in my own theme, but not sure into which folder to put it. Then I can just add my own custom question / check such as "what color is a red bus?".

    Is that along the right lines, or is there a hook I can look at? I couldn't see anything in the controller method, but I don't really know Garden, so I don't know what's going on in the models.

    I'm not going to install 2.0.18 until it's a little more road-tested. I tried the beta a couple of weeks ago, and it wasn't a smooth install, so I reverted.

    That's it!

    PS. Regarding the new Q&A format (just read your announcement) I like the idea in theory, but it does feel a bit regimented. Is there no way just to have an open discussion, you know, chuck a few ideas about? Also, I can't un-accept Luc's response, as on consideration, I don't feel my question has been answered.
  • ToddTodd Vanilla Staff
    When you go to start a discussion you there are tabs at the top to either ask a question or start a regular discussion. That's two people that have missed it now, so I guess I should make it more clear.
  • ToddTodd Vanilla Staff
    With regards to writing stop forum spam into 2.0.17. Hmm, I'd really have to go back and check things out, but you are in the right place for sure.

    We are releasing a beta 3 this week. We are fixing a tonne of bugs in this version for sure.
  • crmarkscrmarks New
    edited June 2011
    With regards to writing stop forum spam into 2.0.17. Hmm, I'd really have to go back and check things out, but you are in the right place for sure.
    @Todd If it's possible to work it into 2.0.17 that would be a great relief and a huge help. My new forum is just now starting to see spam registrations. I plan to upgrade to 2.0.18 as soon possible after it's fully released, but it will take me some time to upgrade my template and customizations too. Meanwhile the spammers roll in :(
  • ToddTodd Vanilla Staff
    I'm not going to back-port the plugin. Have you considered checking out this?

    http://vanillaforums.org/addon/593-vanilla-antispam
  • dave_stewartdave_stewart New
    edited June 2011
    ...but you are in the right place for sure.
    Cool :)

    So can I create extended controllers in a theme, or is that not possible? If so, if you could just tell me the correct folder / format to place it in, that would be great.

    Thanks for all your answers

    Dave

  • ToddTodd Vanilla Staff
    Can you start a new thread?
  • mandel23mandel23
    edited June 2011
    Can you tell me how stop forum spam works on your main site?
    @Todd - Sorry for the delay replying, didn't see your question the other day. We are using this PHP function: http://guildwarsholland.nl/phphulp/testspambot.php - tweaked a bit to use our DB rather than a text file to track registration attempts. When someone tries to register for the main site, we run this function and if we get a positive from stopforumspam we reject their registration outright. We provide a link to a contact form so that false positives can contact us and we can manually override. Since the false positives are fairly low, this isn't too much work for admin purposes - I only have to deal with a false positive every couple of months.

    That said, our signup rate is still fairly low. If it spikes and the false positive rate spikes too, we'll have to re-assess. Still, I'd rather ban first and ask questions later than give any spammers accounts on our site.
  • ToddTodd Vanilla Staff
    Ah, I see. I was actually wondering what you use as a threshold. We only block if their ip has been reported something like 5 times. I have thresholds for email too. It's something forum owners will be able to tweak, but I want good defaults.
  • pablokopabloko
    I've done this
    http://vanillaforums.org/discussion/16777/stop-spam-changed-the-captcha
Sign In or Register to comment.