HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

[Spam Attack] How to deal with Spammers

UnderDogUnderDog MVP
edited November 2013 in Feedback

Hi guys,

I had to close another topic about spammers, but since it's everyone's problem these days, let's have a discussion on how to deal with them.

I'm stealing @peregrine 's post, since it sums up all the solutions, but I'll switch the list a little bit ...

Let's follow the advices in the links first:




Then your first tool:

  • to filter and delete Applicants use this plugin

http://vanillaforums.org/addon/cleanser-plugin or the BulkEditor plugin

  • to filter and restrict login attempts, use the


  • to filter capabilities of an applicant

remove permission in that role for viewing activity and profile.

  • to filter via a program use


Last but not least, fill peregrine's poll:


And always ... always ... if plugins "don't work" ... post under the plugin page (after searching of course)

Let me know if I've missed a plugin name ...

There was an error rendering this rich post.


  • Options
    hbfhbf wiki guy? MVP

    the stop forum spam plugin and good ban list entries are the most effective tools I've used.

    I get about 8 /wk past that line of defense at this point.

  • Options
    edited November 2013

    I haven't had the experience of managing a board with a lot of users, but one board I installed for someone has a few hundred active users. It's an SMF board, and SMF has a feature to create any number questions and allows BBCode in the question, then specify how many questions have to be answered when registering.

    The person who admins that board has not had a single spammer hit the board in the several years since its installation.

    What has worked is changing the questions weekly and making the questions impossible for current bots to answer (I imagine at some point in the not-too-distant future the bots will have the power of Watson). Here is an example of how a question is asked:

    In what venue do the Jacksonville Jaguars play?

    Answer (SMF answers are not case-sensitive):
    everbank field

    That strategy is to ask questions that imply certain things that most humans will correctly infer, but a bot won't. For example, the word 'venue' does not appear anywhere in the Jacksonville Jaguars Wikipedia page, but a human familiar with sports would likely understand that the venue of a football team is the stadium played. Though the question leaves out the word 'home', most users will infer that the Wikipedia link provided contains the answer, and the only venue on that page is the home stadium.

    The admin added a note in the registration page to inform new users to try refreshing the page to get a new question if they are unable to answer the displayed question. There is also an email address to contact the admin if the user is having too much difficulty and the confirmation email also requests new users to contact if there is difficult in answering the questions. So far, no complaints, and no spam! Although I think that board has been lucky in not getting humans logging in and spamming, as I understand that happens in some cases.

    I would be curious to know why this wouldn't be effective for other forums.

    Oh, I forgot to mention that the board does a Stop Forum Spam plugin, which may account for the absence of human spammers.

  • Options
    SrggamerSrggamer HardCore Gamer ✭✭✭

    I never get spam. And I held a community with over 5000 users.

  • Options

    @Srggamer What tools do you use?

  • Options
    SrggamerSrggamer HardCore Gamer ✭✭✭

    None. I have never received any spam :)

  • Options

    @Srggamer Well, that's very fortunate for you! If only everyone could enjoy the same experience...

  • Options
    SrggamerSrggamer HardCore Gamer ✭✭✭

    I do agree. Most of the time spam happens if you don't have Advanced host protection. Cheap hosts usually leave you hanging easy to DOS/DDOS. But the more you pay the harder it is for a spammer to infiltrate the website to spam it.

  • Options

    @Srggamer said:
    None. I have never received any spam :)

    I bet we can cure that for you. post your web site a few places :)

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • Options
    SrggamerSrggamer HardCore Gamer ✭✭✭

    @peregrine said:

    I have actually paid for advertising. Google, Youtube, Everywhere still no luck!

    I shall give you a website when I finish it.

  • Options

    I posted to the nginx mailing list and asked how they keep the mailing list so squeaky clean of spam and got a response of a Cisco switch model.

  • Options
    AdrianAdrian Wandering Spirit Montreal MVP
    edited November 2013

    With WordPress, I always had good luck with BadBehavior: http://bad-behavior.ioerror.us/

    I tried to work on a plugin for Vanilla with little success. Maybe the better Devs here might want to take a stab at it. A couple of things I know: It has been 100% effective for a Wordpress blog I run and to date has stopped of 53,000 spam comments in 2 years. I think SMF had a module based on this but I am not sure how good it is.

  • Options

    @Adrian Bad Behavior provides a Porting Guide for projects that aren't listed on their Installation page. This does look like it would make a fantastic plugin for Vanilla, but I'm no PHP coder. When I evaluated moving from SMF and learning a new forum, the biggest potential weakness I spotted in Vanilla was spam prevention.

  • Options
    AdrianAdrian Wandering Spirit Montreal MVP
    edited November 2013

    Vanilla handles spam well if you are on a good host as @srggamer showed or use the appropriate plugins. The bad behaviour plugin is something else that could be added to the arsenal -- I am merely pointing it out as an option for someone who wants to tackle it. This is not something I am planning to build.

  • Options
    AdrianAdrian Wandering Spirit Montreal MVP

    I should add I am speaking about the self-hosted version.

  • Options
    peregrineperegrine MVP
    edited June 2014

    you can also try this plugin to add a particular question to registration form


    the one advantage it has over botstop approval and botstop is that it uses the views that come with vanilla core and just uses event triggers to add a question.

    works with Registration Method configurations

    $Configuration['Garden']['Registration']['Method'] = 'Basic';
    $Configuration['Garden']['Registration']['Method'] = 'Captcha';
    $Configuration['Garden']['Registration']['Method'] = 'Approval';

    and can be used with or without


    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

Sign In or Register to comment.