Getting inundated with spam

[Floren]

If I could, I would ban the entire country.

Use the geolocation features in Nginx, easiest way to kill spammers.

 

[Deebs]

Use the geolocation features in Nginx, easiest way to kill spammers.

Nah, I would use ipset and do it properly. Do it as low as possible in the stack where it belongs.

 

[Floren]

Nah, I would use ipset and do it properly. Do it as low as possible in the stack where it belongs.

IP bans are not reliable at all. You only want to protect the Registration page and redirect it to a custom registration form where the user will be moderated automatically. It can be easily done with PHP and Nginx:

$country = getenv('GEOIP_CITY_COUNTRY_CODE');

 

[Deebs]

IP bans are not reliable at all. You only want to protect the Registration page and redirect it to a custom registration form where the user will be moderated automatically. It can be easily done with PHP and Nginx:

$country = getenv('GEOIP_CITY_COUNTRY_CODE');

Excuse me? You are banning an IP, it makes more sense to do that lower in the stack than in an application if your ultimate goal is to ban an IP address. Why on earth would you let it traverse all the way up to an application to deal with?

 

[Floren]

Excuse me? You are banning an IP, it makes more sense to do that lower in the stack than in an application if your ultimate goal is to ban an IP address. Why on earth would you let it traverse all the way up to an application to deal with?

The ultimate goal is to avoid spam and still allow legitimate viewers to read your site. IMO, moderating based on location is the proper way to do it. Of course, you can do whatever you like with your site. I was simply presenting a proper solution to the OP. Still, this is not a viable solution... IP or not. The spammer could easily use a different location/IP and register, then pass the info to his indian friends and spam you to death.

On the other hand, if you ban IP's you might endup discouraging 1 billion potential readers of your site.

 

[Deebs]

The ultimate goal is to avoid spam and still allow legitimate viewers to read your site. IMO, moderating based on location is the proper way to do it. Of course, you can do whatever you like with your site. I was simply presenting a proper solution to the OP. Still, this is not a viable solution... IP or not. The spammer could easily use a different location/IP and register, then pass the info to his indian friends and spam you to death.

On the other hand, if you ban IP's you might endup discouraging 1 billion potential readers of your site.

Totally understand but if you want to ban an IP from accessing anything you host on your server then the only way I would do it is at the stack level. Totally remove their ability to view or attempt to damage your system from that particular IP. Also it is more efficient doing it in the stack. Leaves the application to serve those legit users. There is no "correct" way, just different methods based on what they really want to do when it comes to banning the IP.

 

[Floren]

Personally, If I want to ban a partial IP like 123.45.*, I use one line of code in Nginx configuration.

 

[Deebs]

Personally, If I want to ban a partial IP like 123.45.*, I use one line of code in Nginx configuration.

And I would use ipset to do the same thing except lower in the stack, I ban them from the entire webserver, period. Luckily I have many servers over which different services run so I can afford to do it at that level. When it comes to banning my view is that the application shouldn't worry itself with that, let the stack or some other device further upstream do it.

If an IP is a spammer then just ban it, they are not interested in reading your content so why allow them to read it? Personal choice

 

[digitalpoint]

If I could, I would ban the entire country.

You can if you really want. Along with Pakistan, China and Indonesia (those would be the 4 countries I would pick myself).

 

[Floren]

If an IP is a spammer then just ban it, they are not interested in reading your content so why allow them to read it?

Because they might click on the rover eBay link some user posted on your site.
I will never block anyone from reading a site, but I will restrict some of their actions if I believe they might affect the site or other users. A spammer can't do much if he cannot login or register. He/she might send you an email through the Xenforo Contact Us form and post there the spam content, though. Believe it or not, I got some emails like that.

 

[dtmcl]

Why don't you just stop people from posting links until they hit 20 or so posts? That's what we do and we don't get many spammers.

 

[mrGTB]

Why don't you just stop people from posting links until they hit 20 or so posts? That's what we do and we don't get many spammers.

You have to do things like that now on forums. It's not ideal and usually won't go down well with legitimate new members unable to post links, but necessary though.

 

[Floren]

Why don't you just stop people from posting links until they hit 20 or so posts?

IMO, disabling links will not stop a spammer. They'll just post empty replies with a smilie etc. until it reaches 20-30 posts and they will kill your site with hundreds of spam posts in minutes. Personally I think disabling links is very irritating, especially for a site where a lot of references are posted.

 

[mrGTB]

They'll just post empty replies with a smilie etc. until it reaches 20-30 posts and they will kill your site with hundreds of spam posts in minutes.

Well you have a point that can happen. Another nasty trick some are pulling is not to add the spam links at first with their posts, only coming back later after they've posted quite a lot stuffing them in unexpected. So it's wise to make sure you use the Post Editing Time Limit feature these days.

 

[Adam Howard]

StopForumSpam.com
FSpamList.com (API Key Required)
BotScout.com (API Key Required)

I use all 3 of the above from

XenUtiles (Tools)
http://xenforo.com/community/resources/8wayrun-com-xenutiles-tools.104/

Added with CloudFlare.com and I have had only 1 spammer make it through.

I also use ReCAPTCHA, even though everyone says its useless. I find the question and answers on some sites to be annoying, but they also are restrictive to just 1 answer and in whatever keyboard (language) someone is using.

 

[Floren]

Along with Pakistan, China and Indonesia (those would be the 4 countries I would pick myself).

I finally got tired to delete every day spam from my forums. I implemented a country based filter in Nginx for the following countries:

• Anonymous Proxy
• Afghanistan
• Bangladesh
• Brazil
• China
• India
• Indonesia
• Pakistan

The above listed countries are based on what I got as posts from spammer IP's. The users from these countries can register and read the forums if they want. However, if they try to start a new thread, a conversation with a member, post a reply or a message into a public profile, they will be served instead the Terms and Rules page.

I'm not sure yet if I should block the registration also... Let me know your thoughts on that, what's the use to register if you cannot post anything. Blocking the registration is a little tricky as the URL is used also for a regular login.

 

[cmeinck]

Is this easily done? Would you be able to share how I'd go about doing this?

Thanks

 

[craigiri]

It all depends on your forum type.

I have never had a "real" user from those countries who needs to register - that is, China may have a few makers of stoves and fireplaces, but they can get any info they need just by reading....no need to register and ask questions. If there was an exception, they could email me....but there never has been!

So, yes, I think most people would do well to block all those and more...
My old software had a built-in country blocker as well as whitelists and blacklists.

Floren, are you doing this in .htaccess or similar??

 

[Andy.N]

I use questions like these in the registration form
"_____ plus (-28.5) equal -20.5"

If they can't answer that, they shouldn't be on our site in the first place. Few spammers got through and XenUtiles spot that very quickly.

 

[Floren]

Floren, are you doing this in .htaccess or similar??

Nginx built-in GeoIP.

Is this easily done? Would you be able to share how I'd go about doing this?

Super easy, is explained in their Wiki page.