Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Stop Spam Member Account Creation? It is harmful to my community.

edited April 2012 in Vanilla 2.0 - 2.8

Pretty please don't point me to There are no viable resolutions in the thread. Thanks in advance!

  • Why is reCaptcha NOT working?!

  • We get multiple spam member accounts created per HOUR.

  • Not many actually post spam with their spam accounts, good; but...

  • They are putting spam links in their member profile, letting Google spider them, and they are even Tweeting the url to those member profile pages to propagate the spam spidering.

  • Does it directly harm the forum, ummmmm, kinda? member list bloating, we've had accompany contact us to remove spam members linking to their site, management in general is inefficient.

  • Secondarily, we're getting pretty tired of "Declining" thousands of spam member accounts that do not email validate their accounts.


Frustrated :(


  • Options
    x00x00 MVP
    edited April 2012

    If someone is determined enough they will spam, given an in.

    Intelligent spammers use your site becuase it has attractive features. You could for instance make sure that profiles are not viewable to guest in which case google wouldn't be able to reach these pages.

    It is all about getting into their mindset. Often you will be surprised how few spammers or spamming organisations are spamming your site, even if they are causing havoc. They have specifically picked you out, becuase they are exploiting an 'in'.

    I would also check that all link anywhere people can post, have the rel="nofollow" attribute setting.

    You need to get inside their heads and think like them. Some of them are smart some of them are not so smart. Both can cause problems.

    You have to strike a balance between making your site unattractive to spammers, and still useful to your users. I've seen sites that, don't allow links to be placed, till the user has made x amount of posts.

    reCaptcha was previously cracked, I think they have fixed this issue, but using muliple strategies will help again automated spam.


    Non automated spam is harder to prevent, but try as much as possible to waste their time, and make the forum not useful for their aims.

    Also don't forget to report their email address and sites to the antispam sites.

    There are also more complicated 'bait' and 'honeypot' tactic but you really have to know what you're doing, and this is more of a recreational sport.

    Having said that the internet is more spam than porn, this accounts for most of the traffic.

    grep is your friend.

  • Options
    • Figure out the IP addresses / IP range that the spam users are registering from
    • Are there any real users still registering too?
    • Think about letting your users post links after they've had a few posts, like x00 says
      Put users in a separate usergroup after they've registered (configurable in config.php). When they've proven to be legit, move them to the real usergroup.

    There was an error rendering this rich post.

  • Options

    Reviving this old thread.

    I have this problem, and obviously several others are having it too:

    Recaptcha is enabled for direct registrations, but I also have social login with Google and Twitter.

    Is there any way to diagnose the attack vector these annoying bots are using? Is there a way to blacklist certain email domains (like mailinator, spambog, spamavert, trash-mail, Is there a good spam bot extension which will nip these registrations in the bud? I've found references to disabling comments in activity - how can I do that? And I've also seen someone suggest disallowing links in posts or comments until sufficient karma/experience has been built up - how can I do that?

    Any help welcome! This is a serious problem for our forum.


  • Options
    ShadowdareShadowdare r_j MVP
    edited August 2013

    Add Pages to Vanilla with the Basic Pages app

  • Options
    phreakphreak Vanilla*APP (White Label) & Vanilla*Skins Shop MVP

    I think for humanoid SPAMmers the 'not authenticated to post a link till 25 postings are reached' is one of many good tactics. They register give it a try and fade away.

    Shouldn't be so complicated, but i hasn' t been made so far. Or is it something that anyone expects to come to the core?

    • VanillaAPP | iOS & Android App for Vanilla - White label app for Vanilla Forums OS
    • VanillaSkins | Plugins, Themes, Graphics and Custom Development for Vanilla
  • Options
    hgtonighthgtonight ∞ · New Moderator

    @dneary said:
    Reviving this old thread.
    Is there any way to diagnose the attack vector these annoying bots are using? Is there a way to blacklist certain email domains (like mailinator, spambog, spamavert, trash-mail,

    Check out the ban list in the admin dashboard (/dashboard/settings/bans) you can ban by domain there.

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

  • Options

    I have spambots on my site, these official plugins got rid of them:

Sign In or Register to comment.