Contact & Registration spam stopped almost 100% at zero cost

[MapleOne]

I use both spaminator addons, have captcha enabled, everything possible and still get Contact Form spam.

The spaminator addons by OZZY have so far exceeded my expectations but on the contact form I was still getting spam, dozens a day now and to my best guess it was a human entering or the spaminator addon would have disallowed it.

So disabled both spaminator addons and added the verification word above for new registrations and on the contact form. I also disable the captcha and I got literally zero spam for a long time until someone manually added the word HUMAN and then I changed it to Canada and it stopped once more.

So I bookmarked .../admin.php?captcha-questions and in one lick I change the verification word and again that almost completely stops it.

However (and there is always a however)...

Lately a persistent spammer from India keeps hitting the form manually so I got creative doing this.....


Question #1: What is the Canadian province that starts and ends with the letter " O "
Answer: Ontario

Question #2: What is the Canadian province that starts and ends with the letter " A "
Answer: Alberta


Again that stopped the manual spammer instantly and since my site is for Canadians everyone knows the answers.




So from my experience changing the Captcha question and answer is the most effective way to stop spam of both registrations and on the contact form. If one goes through I go to my bookmark and change the QUESTION & ANSWER in seconds and the spam is zero again. On average it takes weeks before someone gets through and I have to do it again.

 

[Mr. Jinx]

AI will easily answer all those questions at some point.
Did you ever try Cloudflare's Turnstile? That seems to work very well for our site.

 

[Suzanne O]

You should use @Xon's sign up and abuse addons along with cloudflare turnstile - i do this and it works.

 

[MapleOne]

You should use @Xon's sign up and abuse addons along with cloudflare turnstile - i do this and it works.

AI will easily answer all those questions at some point.
Did you ever try Cloudflare's Turnstile? That seems to work very well for our site.

My whole point is you don't have to do that, I stopped all addons and by simply adding a text box it eliminates bots. If a bot gets by, change the word.

If a human enters a spam contact manually add a question, it stopped all contact form spam for me and the registration spam was the easiest because bots seem to be able to get past captcha but as soon as you put something different they get stuck.

 

[Suzanne O]

My whole point is you don't have to do that, I stopped all addons and by simply adding a text box it eliminates bots. If a bot gets by, change the word.

If a human enters a spam contact manually add a question, it stopped all contact form spam for me and the registration spam was the easiest because bots seem to be able to get past captcha but as soon as you put something different they get stuck.

Yeah but the whole reason why they get through in the first place is because a human will fill out the registration form.

 

[MapleOne]

yourdomain.com/admin.php?options/groups/basicBoard/#captcha

Sub your domain name in the link above


I am currently using the question below

Looks like this when done

 

[MapleOne]

Now if the culprit adds the question to a bot you simply change the word to stop the next bot.

So far I am totally free of registration spam and contact form spam.


This is what the registration form looks like




The term: Enter Verification Word was just a simple language edit from the stock Insert Answer here term.

I entered the word HUMAN in all caps to make it stand out in the language file because you cannot bold it there but I set it so HUMAN, Human, or human would be accepted.

 

[FTL]

I used to get quite a lot of registration spam with multiple dots in the email address. I set XF to disallow addresses with more than two dots and that's it, end of spam. I've had maybe one or two spam registrations after that some time apart. Don't need anything more sophisticated than that at the moment.

 

[MapleOne]

I used to get quite a lot of registration spam with multiple dots in the email address. I set XF to disallow addresses with more than two dots and that's it, end of spam. I've had maybe one or two spam registrations after that some time apart. Don't need anything more sophisticated than that at the moment.

In that case I could not have registered on your forum, my email is firstname.middleinitial.lastname@gmail.com

I set up my entire family with a middle initial because there were other people with the same first and last name so I thought adding a middle initial was due prudence.

 

[MapleOne]

I used to get quite a lot of registration spam with multiple dots in the email address. I set XF to disallow addresses with more than two dots and that's it, end of spam. I've had maybe one or two spam registrations after that some time apart. Don't need anything more sophisticated than that at the moment.

After some thought I realized gmail allows you to put in or remove the periods and the address still works so technically I could still have registered by not entering the periods.

 

[FTL]

Yeah, it's always a balance between stopping spam and legitmates, but not many people have multiple dots in their email addresses.

I'm surprised that Gmail treats dotted and undotted the same. So, what happens if someone registers jon.doe@gmail.com and another jondoe@gmail.com? I'll bet you those addresses actually exist lol.

 

[Max Taxable]

I use both spaminator addons

There's three actually. Login, Register and Contactus.

 

[MapleOne]

So, what happens if someone registers jon.doe@gmail.com and another jondoe@gmail.com? I'll bet you those addresses actually exist lol.

You can only register 1 of those, a second person would get a notice the address is in use.
Gmail simply ignores the periods so it does not matter how you register it.

You can then use as many periods in your email address as you like, so sign up for walmart with 3 periods and if you get emails from there you know walmart sold your info.

It quite a useful feature of gmail

 

[Pmel]

I used to get quite a lot of registration spam with multiple dots in the email address. I set XF to disallow addresses with more than two dots and that's it, end of spam. I've had maybe one or two spam registrations after that some time apart. Don't need anything more sophisticated than that at the moment.

how did you disallow multiple dots in email addresses, I'd like to implement that as well. Thanks

 

[FTL]

This:

 

[Ozzy47]

how did you disallow multiple dots in email addresses, I'd like to implement that as well. Thanks

I have a free addon to handle that, https://xenforo.com/community/resou...trations-with-spam-like-email-addresses.8483/

 

[Zardoz43]

Can I add a "I AM HUMAN" test to my forum REGISTRATION?

I FOUND THIS RELEVANT THREAD.

With various solutions suggested above.

Can anybody recommend the easiest solution to block spammer robots from flooding my forum?
I have gotten over 317 new registrations - all flagged as Stop-forum-spam offenders
just in this last month of February 2024.

I noticed the 'Contact Us' verification solution
but is there a way to add a 'HUMAN' question to the standard forum registration process?

 

[MapleOne]

Can I add a "I AM HUMAN" test to my forum REGISTRATION?

I FOUND THIS RELEVANT THREAD.

With various solutions suggested above.

Can anybody recommend the easiest solution to block spammer robots from flooding my forum?
I have gotten over 317 new registrations - all flagged as Stop-forum-spam offenders
just in this last month of February 2024.

I noticed the 'Contact Us' verification solution
but is there a way to add a 'HUMAN' question to the standard forum registration process?

It is already posted above telling you how to do it.

I am happy to report I have only had 1 spam contact email since making this change and the email was directed at the forum trying to sell the product we discuss. So basically generic spam has stopped.

 

[Zardoz43]

Thank you very much.

I guess I will have to carefully review all of the suggestions posted in this thread...

sorry for posting a 'lazy' superfluous post
but I guess I was trying to avoid a whole 5 minutes of studying this thread
which appeared to have several solutions to the 'Human' problem

So, in your initial post you say...
"So from my experience changing the Captcha question and answer is the most effective way to stop spam of both registrations..."

I guess I was just not familiar with that Xenforo option so I will diligently research it
(I just wanted to avoid 'ADD-ONS' if possible

Thanks again for your solultion.

 

[MapleOne]

I guess I will have to carefully review all of the suggestions posted in this thread...

Post #6 has the details