HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Poll - Which Registration Method and plugins do you use to deter spammers and their efficacy.

peregrineperegrine MVP
edited September 2013 in Feedback

Everyone complains about spam, but only a few list the details, instead of carping, take part in a poll to provide some useful info.

Perhaps if this discussion doesn't get derailed by philosophy and cartoons - some valuable info might be garnered.

There are several registration methods and several deterrents that work with some effectiveness.

maybe a poll that "You" actually participate in with registration methods, plugins used, and effectiveness - might help all of you. (newbies, silent ones, and experienced forum owners encouraged to respond)

  • A If you have relatively effective spam control.

    • 1 which registration method do you use (approval, confirm e-mail, etc.)?
    • 2 which plugins do you use to deter spammers ?

  • B If you are flooded with spammers

    • 1 where does it occur (registration, activity wall, discussions and comments)?
    • 2 is the spam mostly links with websites?
    • 3 is it mostly the same pattern of spam?
    • 4 Is it mostly from certain ip addresses?

p.s.

I don't have a forum, but to me I think a combined use of 
randomized botstop plugin method and
http://vanillaforums.org/addon/registrationrestrictlogger-plugin
 seems like the easiest for users and forum owners.

This is not a plug for my plugins, because unless you donate it doesn't help me anyway. But the answers to the above questions might help all of you.

no or few responses indicates it is not of concern to you.

I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

Tagged:
«13

Comments

  • hgtonighthgtonight ∞ · New Moderator

    A) I use applicant registration, and I only use akismet for spam plugins. Most spam is registration.

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

  • TamaTama United Kingdom ✭✭✭
    edited September 2013

    a) confirm email, using stopforumspam, botstop ( original ) and akismet. With this we get a spam bot every month or so. However from a previous misconfiguration; we have a list of ips that are blocked by a script I wrote ( grab ip and insert it to the ban table ) it seems this method has blocked many attempts so far ).

    There was an error rendering this rich post.

  • One thing I noticed is I have one larger vanilla install where only registered users can see posts, that has much less spammer signups compared to a much smaller/less used forum where everything is public.

  • Depending on your target audience another option is editing your htaccess so folks from China, Russia and other high spam areas can't access your site. In my case I run a small US/Canada/Europe gaming community, so it was a no brainer.

    if you do a Google search for "block China IP" you'll find sites with info on how to do it and the necessary IPs.

  • vrijvlindervrijvlinder Papillon-Sauvage MVP

    I have 6 installations , I use confirm email on 4, botstop with a hard question , recaptcha . I changed to invitation on two to see what would happen. I think the one that gets the most spam is the applicant , when in that mode of approval.

    I only got superspammed before using BotStop with massive applicant bots and got rid of them with cleanser.

    I have not used askimet except for on a wordpress install and some still get through but I think they are human spammers.

    In my opinion blocking their ip is a must once you find out who they are. I wonder if these people cloak their IP or something ....

  • whu606whu606 I'm not a SuperHero; I just like wearing tights... MVP

    BotStop with registration approval addition and an extra, site specific question in place of 'why do you want to join,' and registration logger.

    Kills all known spambots, dead. At least, for me.

  • peregrineperegrine MVP
    edited September 2013

    post some input here, or we can all assume there is no problem with spam.

    So far it looks like everybody has it under control, with one method or another. Don't cry later, if you can't see fit to post where you might be having problems with the spam, if you didn't respond here, in one easy to see place for easy viewing. (that means everyone who posted a question on this forum, as well as the people who read a discussion on the forum. since this poll's inception,).

    If you do have an effective solution, sharing it even if it duplicates another poster's response will potentially help other people. A community does share, doesn't it. It's time to give (your solutions / and or problems (re:spam patterns, location of spam ,etc).

    Awesome points awarded for participants in the poll :)

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • vrijvlindervrijvlinder Papillon-Sauvage MVP

    This may not apply to registrations but it is interesting nonetheless..

    I put a checkbox bot stop kind of thing in my Contact plugin and had not gotten spam from that since. I think it s a testament to the checkbox idea, that bots can't check a box.....

  • @peregrine said:
    post some input here, or we can all assume there is no problem with spam.

    I wouldn't entirely agree, I think moving to a different captcha service would do vanilla a lot of good, or have easier/default options for alternatives like botstop. Since reCatcha is 100% useless in my experience, it lets multiple spam users through every day.

  • @Gillingham said:
    I wouldn't entirely agree, I think moving to a different captcha service would do vanilla a lot of good, or have easier/default options for alternatives like botstop. Since reCatcha is 100% useless in my experience, it lets multiple spam users through every day.

    I was hoping to keep philosophy out of this thread. and get a poll from what forum users are using (see top message of discussion). Start a philosophy discussion elsewhere, and this can be a poll on what people use.

    BUT - there is a lack of responses. The usual respondents, who usually help people on the forum have responded as expected, but the casual forum owners are silent, and if they can't take the time to respond on where the problems are (see top discussion). This becomes another fruitless discussion poll due to apathy or inability by others to provide info.

    If there were more respondents in this discussion - it would all be in one place and easier to peruse - solutions and problems alike - something worthwhile could be possibly done.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • x00x00 MVP
    edited September 2013

    A

    1. custom+reCAPTCHA / closed membership / paid membership only
    2. custom

    I think the problem is the sporadic support of solution, and solution that don't really understand the maths and capability of spammers.

    reCAPTCHA is not useless. Implementations may be. Any regularly updated solution, which has the maths in its favour is always going to beat a custom solution in brute force protection. There may sometime be ways round, but these can be closed. Whereas exposed DIY solution aren’t always salvageable,

    DIY solution work simply becuase the spammer has not devoted time to solving it. Most DIY solution, can be solved with a few minutes to hours. However I’m not knocking this as a secondary measure, it just make sense to make it very specific to your site and your users.

    The maths is simple, you need a large data pool which need to be mostly private and continually growing, and you need a big enough possible answered per try.

    I demonstrated on one known alternative solution that made all sorts of extraordinary claims, that I could solve it within 10 tries, if I just imputed the same answer repeatedly. It simply didn't have the maths in its favour, not a big enough data pool and not enough possible answers per try. I wouldn't knock them if they hadn't made the claims to be ironclad.

    There are solution that do have similar maths to reCAPTCHA. I like this one
    http://research.microsoft.com/en-us/um/redmond/projects/asirra/

    You have to read their paper to know why.

    Don't be a attracted to a solution simply becuase it has a good feel to it.

    grep is your friend.

  • I short I believe a two fold solution where you use something like asirra/reCAPTCHA plus custom solution for you site, where you are asking questions specific to your usership such as word answers, from a pool of imputed questions, and not multiple choice is best.

    grep is your friend.

  • A-
    1 I use the approval method of registration, keeps all the spam out of the site and only on my admin dashboard where I can deal with it
    2 I used to use the Stop Forum Spam plug-in, but all it did was move some of the spam bots to another folder, making the process of deleting them take longer. now I just approve each day's real people and mass-delete all the spam bot applicants. keeps the site looking squeaky-clean for the users and all the work out back where only I can see

  • RavenRaven New
    edited October 2013

    Nice to meet you all, my first time commenting. I'm in category B - my Vanilla forum (free, not the paid service) has been overrun with spam the last couple of months. This means daily about 5 different spam posts with about an additional 15 different signups that include spam links in their member information.

    I'm using the standard reCaptcha, email confirmation, with StopForumSpam. May not be relevant, but I also have FirstLastNames, OpenID, Google Sign In, and Facebook plugins active.

    The spam is both in the user's info (some include videos), and on the site posts. Primarily links to different websites. I also had to shut off the tagging which was overrun every day with spam words.

    I am not the only one having problems. The large RapidWeaver (web design program community) Vanilla forum is having about 30-40 spam accounts per day being registered. http://realmacsoftware.vanillaforums.com/discussion/63569/spam-overload

    I am very surprised that the folks on this poll don't seem to have a problem! I wonder if it is their addition of BotStop which I don't have (and if I understood correctly, was incompatible with FirstLastNames) and/or Askimet.

  • I have a problem with Spam. Sorry I haven't responded sooner but I don't check this discussion forum every day.

    Anyway, my Spam problems are only in the Application process. Using Registration Restriction and Bot Stop I'm able to prevent most of the Spam applicants but the ones that get through always apply with some kind of thing like this...

    ドルガバ 時計,ゴヤール 財布[/url]

    I can't simply add that line to the Registration Restriction spampatterns file and the IP addresses are always different so that doesn't stop it. The one feature that is the same in all these applicants is the [/url] line which I tried to put in the spampatterns file but that hasn't stopped it. Any ideas?

    I am curious about how you block incoming ISP from China. Can someone direct me to how you do that? If I had that my Spam problem would be down to almost zero.

    Thanks
    Perry, 44

    PS My forum http://chemistscorner.com/cosmeticsciencetalk

  • peregrineperegrine MVP
    edited October 2013

    thanks for getting to the poll...

    Left Brain (Perry) -

    Please update to the latest version. A new version has been added.

    http://vanillaforums.org/discussion/24411/feedback-for-restricted-registration-plugin


    to block ips via country in your .htaccess (you add deny ip codes or ranges.

    order allow,deny
    deny from 218.86.50.58
    deny from ....
    deny from ...
    etc.
     allow from all 
    

    you can download block country .htaccess snippet from here

    http://www.ip2location.com/free/visitor-blocker

    just chose the country in step one and save the text. then cut and paste it into you .htaccess,

    you may not want to block entire countries, might be some valuable posters from that country, but you could certainly block ip ranges.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • peregrineperegrine MVP
    edited October 2013

    @Raven said:
    Nice to meet you all, my first time commenting. I'm in category B - my Vanilla forum (free, not the paid service) has been overrun with spam the last couple of months. This means daily about 5 different spam posts with about an additional 15 different signups that include spam links in their member information.

    I'm using the standard reCaptcha, email confirmation, with StopForumSpam. May not be relevant, but I also have FirstLastNames, OpenID, Google Sign In, and Facebook plugins active.

    The spam is both in the user's info (some include videos), and on the site posts. Primarily links to different websites. I also had to shut off the tagging which was overrun every day with spam words.

    I am not the only one having problems. The large RapidWeaver (web design program community) Vanilla forum is having about 30-40 spam accounts per day being registered. http://realmacsoftware.vanillaforums.com/discussion/63569/spam-overload

    I am very surprised that the folks on this poll don't seem to have a problem!

    I think it is that the people who know how to solve things answered the questions on the solutions. And the people who have problems are either embarassed to answer, or general apathy by forum posters.

    e.g. "If my question is answered, I don't care about the other questions and won't bother posting" type of mentality.

    The other problem is if a post is two years old people will necropost. If a post is relatively new, some people would rather start their own discussion than be coerced to add to a poll question :) human nature.

    Raven said: I wonder if it is their addition of BotStop which I don't have (and if I understood correctly, was incompatible with FirstLastNames) and/or Askimet.

    I am not sure about that - did you try it or point to a link where it says it is incompatible,

    thanks for taking the poll.

    I am not familiar with the other plugins OpenID, Google Sign In, and Facebook plugins

    but if you use the approval method or registration - this plugin has been effective for a few folks

    http://vanillaforums.org/discussion/24411/feedback-for-restricted-registration-plugin

    The spam is both in the user's info

    if you turn off activity that may help also.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • jeongweejeongwee Vanilla version 2.6 ✭✭

    A)
    1.basic registration method
    2.botstop only
    B)
    1.all spam appeared on discussions.
    2.yes.
    3.donno wat is it means
    4.only little spammers appeared at my site,but they are from diffrent IPs.

  • peregrineperegrine MVP
    edited October 2013

    @jeongwee said:
    A)
    1.basic registration method
    2.botstop only
    B)
    1.all spam appeared on discussions.
    2.yes.
    3.donno wat is it means
    4.only little spammers appeared at my site,but they are from diffrent IPs.

    thx for answering poll.

    edited: jeongwee, you were probably laughing about my joke to block forum members from china. :)

    if you use approval registration and registration restrict plugin - you might keep the automated spammers from registering.

    as far as spam in discussions - I think the other plugins mentioned might deal with that, not sure what the other plugins do.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • RavenRaven New
    edited November 2013

    I noticed something else very odd recently. Spammers are putting links and comments (like 'see my blog') several times on their member user entries (not on the forum) even though they have NOT confirmed their email address. I can't see how this is possible (that function is turned on) unless they are interacting with the signup software in ways that they should not be able to.

Sign In or Register to comment.