HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
How to stop forum spam?
xatanael
New
Hello,
My Vanilla forum is being spammed at the moment. I have 1 new fake member every 5 minutes, each posting a lot of spams messages.
I have "stop forum spam" plugin since the launch, and "akismet antispam".
I can't delete all the members : they make fake accounts faster.
How can I solve the problem?
My forum : https://transactionbourse.com/discussions-2/#/discussions
0
Comments
So I just remove the spammers one by one and I set to manually confirm the new ones... it seems to work, but it's not very convenient for the new real members...
(I have also google recaptcha v2, so I really don't understand how I have so many spams since yesterday).
(my version is the last one, 3.2).
Use Ban Rules in Dashboard > Moderation.
Lower the settings for StopForumSpam (lower = more strict).
Lower settings in Flood Control in Dashboard > Moderation.
Also
If you get a reg every 5 mins you could use something like this
@xatanael I've been inundated for the last 40 hours or so too. New accounts every 3 to 7 minutes, woke up to an entire front page of spam threads this morning. I thought maybe updating Vanilla might help (I'm on 2.6), but you're on Vanilla 3?
Combatting it so far: I've added ban rules for a ton of very dubious looking email addresses, ban rules for a ton of IP addresses and IP patterns and switched on approvals for new members.
I've also tried to set up the permissions system so that new users were unable to post, but the permissions system is so convoluted. I have no idea what the difference between
confirmed
/unconfirmed
andverified
/unverified
is, and when I did turn off the ability forunconfirmed
users to post new threads or comments, the spam threads continued to appear fromunconfirmed
users but several long-time users lost the ability to post. And there's noverified
role at all to set permissions for.@drcongo: We all know this weakness of Vanilla and other forums. See if this can help you. Look at the IP adresses country origin, do also check your analytics software and try to find out if the SPAM bots are coming from a certain country. The IP adresses will likely give you an answer if so. Then block this country's IP with in your .htaccess. It happens to me once in a while that I get attacks from Chile, Kasachstan or some African states. Let us know how it goes.
Verified/Unverified is not a role.
You verify those few! you want to be able to bypass spam limitation ie Flood Control.
Everyone else is unverified.
I have found this has eliminated spambots on our site:
https://open.vanillaforums.com/addon/addregistrationquestion-plugin
Thank all for your help :)
I still have a lot of new subs (150 a day, see attached image).
But I just installed the add registration question plugin, and I will see if it works :)
For that kind of mass registration, this is ideal:
as you can add a block on text strings for Reason for joining.
"add registration question" plugin seems to work, I don't have any new subs since 1 hour !
@xatanael From your screenshots we're definitely getting hit by the same botnet.
I went with Registration Restrict Logger with `I like|I love|I would like` added to the spampatterns.php file and so far so good.
They are all the same domain. Add a ban rule with *@ in front of the domain.
@Kaspar I think that's all that fitted on his screenshot, I added that domain to my ban rules too but the same botnet is producing plenty with gmail and hotmail addresses.
Ah :-)