miniBB ® miniBB®
miniBB Support Forums
 | Forums | Register | Reply | Search | Statistics | Manual |
Re-cycled miniBB Support Forums / Re-cycled /   

Figthing Spam

Author Jan
Registered
#1 | Posted: 10 May 2014 11:27 
Hi,

any idea how to fight spam? I purchased CAPTCHA plugin. It helped a little. Then I had to disable guests. Now there's only one spam post a day. How can I eliminate it completely without decreasing user's comfort? I would like to enable guests again.

Thanks.

Author Jaime
Registered
#2 | Posted: 10 May 2014 12:04 | Edited by: Jaime 
Hi Jan and welcome,

This adjustment you can make in the bb_plugins.php

Check out what it says under $enableForPostings ... where you have put the code for the captcha.

Is it set to FALSE (OFF) set it to TRUE (ON). And here more for spam protection with the CAPTCHA (Human Authorization)

Author Paul
Lead Developer
#3 | Posted: 10 May 2014 21:11 
I've recently posted some improvement recommendations regarding this add-on, you may try them out.

The basic recommendation is that you must change default settings to more customized. Amount of chars and chars string itself, secret key, fonts etc.

Author Paul
Lead Developer
#4 | Posted: 10 May 2014 21:34 
Actually what kind of spam do you have?

If guests post links, you should prevent them from that, plugging in the anti-guest add-on.
This add-on also has the list of keywords to forbid in posts.

This is the best method of antispam protection I know. It's also plugged in here on miniBb forums; and as you see, may be only couple of wastefull messages pass from guests per day, may be even not any.

Author wilkinsmd
Guest
#5 | Posted: 20 Oct 2016 18:58 
I have an issue with a flood of new unwanted user registrations.

I am using the CAPTCHA plug-in.

Few if any posts are made from the new accounts, at least not immediately, and I try to delete the new user registrations pretty quickly. But it's a pain to keep having to do it.

The target audience of my forum is in the U.S., and it's very unlikely that anyone from another country would have much interest in the discussions. Yet based on the e-mail addresses it is often clear that the unwanted registrations are from other countries. Their usernames or email addresses imply that they want to SPAM.

Also, all of these unwanted registrations are blocking their IP addresses. I attempt to capture their IP address and save it in a user_custom field but the getIP function returns nothing for them.

Is there an easy way let the user (or bot?) complete the registration form but then not actually create the new user if their IP address is blank/blocked? Alternatively, if their e-mail domain matches a certain regular expression (I'm comfortable with preg_match syntax)?

Thanks for any info
Mark

Author tom322
Registered
#6 | Posted: 20 Oct 2016 20:38 
I'm sure all of them have an IP address; what function do you use to capture IP? IF they have 'null' IP it would be simple to block them, but I really doubt that's the case.

Author Paul
Lead Developer
#7 | Posted: 21 Oct 2016 18:18 
wilkinsmd
Each of such issues could have a different nature, and you preferably should identify such users by some other criteria, not the IP address. Specially, if you see IP addresses are blank, it probably means they are hiding them using proxies or something similar.

The most effective way is to protect posts by preventing some definite words from being posted. Usually spammers are only about their "own arsenal" of words and phrases, which are definite, and without them the message would have no sense. Install Anti-guest add-on for that and add new words to the vocabulary.

Also, make sure you have installed the Captcha improvement mechanism, which would make Captcha codes more unique for each day.

To that, you could make all forums for registered users only, and enable some additional routine for accounts validation using email-address verification. This is the strongest method. I suppose, spammers may use non-existing email addresses.

Author wilkinsmd
Guest
#8 | Posted: 24 Oct 2016 15:04 
Paul:
make sure you have installed the Captcha improvement mechanism, which would make Captcha codes more unique for each day.

Thank you I will try that.

Paul:
you could make all forums for registered users only, and enable some additional routine for accounts validation using email-address verification. This is the strongest method.

Yes I am already doing both of those things.

tom322:
what function do you use to capture IP?

getIP, as defined in bb_functions.php.

tom322:
IF they have 'null' IP it would be simple to block them

Could you please suggest how/where to do this? I would prefer to block them from registering.

Thanks

Author Paul
Lead Developer
#9 | Posted: 24 Oct 2016 16:40 | Edited by: Paul 
wilkinsmd:
Could you please suggest how/where to do this? I would prefer to block them from registering.

So, do you suppose they use such a large amount of various email addresses, and they are up to verifying them manually? Sounds impossible.

After all, do not delete such users, just make them inactive (set Member -> No under the user profile). I'm not sure how many emails they could have, but possibly sooner or later they should come to the end...

Also, what emails do they use? Gmail, Yahoo?.. I think I have couple of functions which would allow to prevent certain email addresses by mask or pattern...

Author kuopassa
Registered
#10 | Posted: 26 Oct 2016 22:56 | Edited by: kuopassa 
How about also:

1) Renaming the original "Register" link's anchor text with something else, like "Create an account".
2) Renaming the actual URL of the registration form.

So currently users can register with http://myforum.com/index.php?action=registernew, but how about changing it to http://myforum.com/create-an-account/? This can be done with PHP and .htaccess. :-)

Here's the PHP that should be put inside bb_plugins.php:

# BEGINS: CREATE A NEW "REGISTER" LINK
if ((isset($l_menu[2],$GLOBALS['enableNewRegistrations'],$GLOBALS['user_id'])) && (empty($GLOBALS['user_id'])) && ($GLOBALS['action'] !== 'registernew')) {
$new_register_link = '<a href="'.$GLOBALS['main_url'].'/create-an-account/" rel="nofollow">Join us</a> '.$GLOBALS['l_sepr'];
}
else {
$new_register_link = NULL;
}
# ENDS: CREATE A NEW "REGISTER" LINK

Then inside main_header.html that original {$l_menu[2]} tag should be replaced with {$new_register_link}.

And finally inside .htaccess file this line should be added:

RewriteRule ^([\-a-z]+)/$ ./index.php?action=registernew

Author wilkinsmd
Guest
#11 | Posted: 27 Oct 2016 16:31 
First of all, thank you everyone for the responses.

Paul:
So, do you suppose they use such a large amount of various email addresses, and they are up to verifying them manually? Sounds impossible.

I agree. It has been a cat and mouse game. Initially I did not check e-mail addresses and allowed immediate registrations. Then I added the CAPTCHA add-on. Then the unwanted registrations started again and so I enabled the functionality to require a valid e-mail address and it sends a link to complete the registration, and that slowed it down considerably for a while. Now, somehow, the registrations have again become frequent.

Paul:
Also, what emails do they use?

A good number of them (but not all) are mail dot ru. But the one thing they have in common is they all block their IP address.

Thanks

Author Paul
Lead Developer
#12 | Posted: 29 Oct 2016 15:00 
wilkinsmd:
But the one thing they have in common is they all block their IP address.

So, may be then it would be worth of trying to disable access to the forum, if the IP address is hidden? Here's a simple code:

/* no IP users can't access site */
if(trim($thisIp)==''){
$title=$sitename.' - '.$l_forbidden;
echo ParseTpl(makeUp('main_access_denied')); exit;
}
* --no IP users can't access site */


Author Paul
Lead Developer
#13 | Posted: 29 Oct 2016 15:01 
kuopassa
Thanks for the trick; however I suppose, if someone is registering manually, then there's no matter how the link actually looks. This could help from preventing automated registrations; but I'm mostly sure if Captcha is enabled with some extra code like I explained above, then the automated processes should be suppressed as well.

Re-cycled miniBB Support Forums / Re-cycled / Figthing Spam Top

Your Reply Click this icon to move up to the quoted message

 Short link for this topic:

 ?
You are welcome to post anonymously, by entering a nickname with no password (if the similar Username has not been taken yet), or by leaving both fields empty. If you have a forums account, you can also sign in from this page without posting a message, or sign in and post at once.


Before posting, make sure your message is compliant with our forum posting rules. If not, it may be locked or deleted with no explanation.
 
miniBB Support Forums Powered by Forum Software miniBB ® Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contacts
Check out the Captcha add-on: protect your miniBB-forums from the automated spam and flood.
Captcha Addon for miniBB