fake/spam accounts driving us insane

Jo.

Well-known member
For the past week or so we've been getting a massive increase in the number of accounts being registered on our forum in what looks like attempts to flood our server, as well as your bog-standard spammer accounts (like those catalogued on StopForumSpam etc.). I don't suppose anyone knows any way to stop/reduce this kind of thing? It's taking up so much of our time to get rid of them all, when we could be spending it on the set up our xf forum, which we'll be migrating to when stable release is out. It'd driving us all bonkers lol.
 
What do you have in place for spam protection? I use stopforumspam with xenForo and vBulletin. I rarely have anyone go through it. Maybe one per month.
 
I see you are using vb3.8.6

On our vb3.8 forum we have a question & answer, using a custom profile field. "2+2=".. and that sort of helps out, but many get past that.
What really helps out is having another custom profile field with a default value being a letter (any letter), then asking people to type another letter into the box. For some bizzare reason the normal spammers cannot seem to get past that.

Admincp -> user profile fields -> Add New User Profile Field
title: Type the letter 'H' in this box
default value: W
Single line text box
Field required: Yes, at registration and profile updating
Field editable by user: Only at registration
Private field: Yes
Field Searchable on Members List: No
Show on Members List: No
Field required: Yes, at registration and profile updating
PCRE expression: ^[hH]$
Display page: edit your details
 
Even with these mods installed you will still get attacked since spammers always revolve to new IP's, but you should look at the mods and test them, you can also look at www.botscout.com too !

What would be nice would be a firewall that filters IP's before they hit your apps in the first place.
 
Have you loaded the Stop Forum Spam mod? There are currently 2 on the boards right now.

Stop Forum Spam

[8wayRun.Com] XenUtiles (Tools)
on our xf forum yes, but this problem is on our vb forum. :)

I see you are using vb3.8.6

On our vb3.8 forum we have a question & answer, using a custom profile field. "2+2=".. and that sort of helps out, but many get past that.
What really helps out is having another custom profile field with a default value being a letter (any letter), then asking people to type another letter into the box. For some bizzare reason the normal spammers cannot seem to get past that.

Admincp -> user profile fields -> Add New User Profile Field
title: Type the letter 'H' in this box
default value: W
Single line text box
Field required: Yes, at registration and profile updating
Field editable by user: Only at registration
Private field: Yes
Field Searchable on Members List: No
Show on Members List: No
Field required: Yes, at registration and profile updating
PCRE expression: ^[hH]$
Display page: edit your details

Thanks heaps for that Dean. I'll look at this properly and try it out tomorrow. (off to bed for now)
 
If you are on later versions of vB, you can enable the human question module on the sign up form, we did this on one forum with one of the later versions of vB 3.7 and it cut down on 99% of the spambot registrations.
 
If you are on later versions of vB, you can enable the human question module on the sign up form, we did this on one forum with one of the later versions of vB 3.7 and it cut down on 99% of the spambot registrations.

I'll look into that tomorrow too. :) thanks!
 
Even with these mods installed you will still get attacked since spammers always revolve to new IP's, but you should look at the mods and test them, you can also look at www.botscout.com too !

What would be nice would be a firewall that filters IP's before they hit your apps in the first place.
Try my suggestion Anthony, seriously, it cut down spam to near absolute zero.
 
Thanks Dean, but none of this really stops them from hitting your server, they are still there knocking on the door unless you have a firewall that filters malicious IP's before they hit your domains.
 
Human verification is not even working on vB now. Somebody has punched a hole clean through their security. Moderator validation of new users is not effective either with this wave of spam bots. They go to registration, and BOOM, they're registered members regardless of what security measures you have in place, and the spamming commences. vB is denying that there is an issue, but this hit two of my boards within a day of each other. Both running the latest vB4. I went from one or two spammers per month sneaking through, to 70-80 per day... overnight. I've completely banned some class A addresses on my sites until I can get this figured out. I hate to do this because both sites are international discussion forums and I'm cutting out about half of eastern Europe. Most of these spammers are coming from 91.x.x.x, 92.x.x.x, 94.x.x.x and 95.x.x.x TLDs located in Russia, Ukrane, and Poland.
 
Thanks Tony (btw... long time no see) but I don't wan't third party add ons. I want the security to be handled by the software that I have bought.
 
The reason for the recent flood is that a new version of the software they are using is out. The new version is able to register a user, wait for some time, and e.g. add the link to the user profile later.
(I won't post a link to give them credit)
 
The reason for the recent flood is that a new version of the software they are using is out. The new version is able to register a user, wait for some time, and e.g. add the link to the user profile later.
(I won't post a link to give them credit)
Yes. I saw an announcement advertising full ReCaptcha recognition too.

Nothing to do with vB, people....
 
Well if it's nothing to do with vB, explain to me why they're punching straight in. I've had settings in place for a long time that require the full user profile to be filled out (real name, phone number, business name, email address), ReCaptcha on top of the Image Magic library, Q&A, valid email that a validation email is sent to that must be responded to, then once that is done, a moderator or administrator must confirm their information by cross checking their IP. This has worked great for a couple of years and only a very few persistant human spammers have snuck through. Now suddenly none of the profile fields are being properly filled out, just garbage, Q&As are not being answered correctly, validation emails are never getting answered, yet 70-80 bots per day are becoming registered members without a moderator ever even knowing they're in the queue for validation. Nothing has been changed in the configuration of the software on our side. Please explain this to me if it has nothing to do with vB. It's not just one board, it's two boards... both stock vB installs with no addons (well, one has a custom skin). Four other vB boards have not been hit yet, but I imagine it's just because the bots haven't found them yet. None of the SMF, IPB or PHPBB boards that I manitain have been hit.
 
I know you don't like to use third party addons, but in this case I think that refusal is doing a disservice to you, your mods and your users.

http://www.vbulletin.org/forum/showthread.php?t=230921

Get this addon ASAP and it'll help, I swear. Right now your choices are to be stubborn & wait for vB to fix something while your users twist in the wind, or you can do something about it yourself right now! You can still be pissed at vB that you were forced to do this, but if you don't anything else that happens is as much your fault as theirs.
 
Top Bottom