HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

How to stop forum spam?

xatanaelxatanael New
edited October 2019 in Vanilla 3.x Help

Hello,

My Vanilla forum is being spammed at the moment. I have 1 new fake member every 5 minutes, each posting a lot of spams messages.

I have "stop forum spam" plugin since the launch, and "akismet antispam".

I can't delete all the members : they make fake accounts faster.

How can I solve the problem?

My forum : https://transactionbourse.com/discussions-2/#/discussions

Comments

  • xatanaelxatanael New
    edited October 2019

    So I just remove the spammers one by one and I set to manually confirm the new ones... it seems to work, but it's not very convenient for the new real members...

    (I have also google recaptcha v2, so I really don't understand how I have so many spams since yesterday).

    (my version is the last one, 3.2).

  • KasparKaspar Moderator

    Use Ban Rules in Dashboard > Moderation.


    Lower the settings for StopForumSpam (lower = more strict).


    Lower settings in Flood Control in Dashboard > Moderation.


    Also


  • KasparKaspar Moderator

    If you get a reg every 5 mins you could use something like this


  • drcongodrcongo New
    edited October 2019

    @xatanael I've been inundated for the last 40 hours or so too. New accounts every 3 to 7 minutes, woke up to an entire front page of spam threads this morning. I thought maybe updating Vanilla might help (I'm on 2.6), but you're on Vanilla 3?

    Combatting it so far: I've added ban rules for a ton of very dubious looking email addresses, ban rules for a ton of IP addresses and IP patterns and switched on approvals for new members.

    I've also tried to set up the permissions system so that new users were unable to post, but the permissions system is so convoluted. I have no idea what the difference between confirmed / unconfirmed and verified / unverified is, and when I did turn off the ability for unconfirmed users to post new threads or comments, the spam threads continued to appear from unconfirmed users but several long-time users lost the ability to post. And there's no verified role at all to set permissions for.

  • phreakphreak Vanilla*APP (White Label) & Vanilla*Skins Shop MVP

    @drcongo: We all know this weakness of Vanilla and other forums. See if this can help you. Look at the IP adresses country origin, do also check your analytics software and try to find out if the SPAM bots are coming from a certain country. The IP adresses will likely give you an answer if so. Then block this country's IP with in your .htaccess. It happens to me once in a while that I get attacks from Chile, Kasachstan or some African states. Let us know how it goes.

    • VanillaAPP | iOS & Android App for Vanilla - White label app for Vanilla Forums OS
    • VanillaSkins | Plugins, Themes, Graphics and Custom Development for Vanilla
  • KasparKaspar Moderator

    Verified/Unverified is not a role.

    You verify those few! you want to be able to bypass spam limitation ie Flood Control.

    Everyone else is unverified.

  • whu606whu606 I'm not a SuperHero; I just like wearing tights... MVP

    I have found this has eliminated spambots on our site:

    https://open.vanillaforums.com/addon/addregistrationquestion-plugin

  • Thank all for your help :)

    I still have a lot of new subs (150 a day, see attached image).

    But I just installed the add registration question plugin, and I will see if it works :)


  • whu606whu606 I'm not a SuperHero; I just like wearing tights... MVP

    For that kind of mass registration, this is ideal:

    as you can add a block on text strings for Reason for joining.

  • "add registration question" plugin seems to work, I don't have any new subs since 1 hour !

  • @xatanael From your screenshots we're definitely getting hit by the same botnet.

  • I went with Registration Restrict Logger with `I like|I love|I would like` added to the spampatterns.php file and so far so good.

  • KasparKaspar Moderator

    They are all the same domain. Add a ban rule with *@ in front of the domain.

  • @Kaspar I think that's all that fitted on his screenshot, I added that domain to my ban rules too but the same botnet is producing plenty with gmail and hotmail addresses.

  • KasparKaspar Moderator

    Ah :-)

Sign In or Register to comment.