[OzzModz] Registration Spaminator Stop Spam Bot Registrations

[OzzModz] Registration Spaminator Stop Spam Bot Registrations [Paid] 2.2.0 Patch Level 1

No permission to buy ($40.00)
Angry Jimmy Fallon GIF by The Tonight Show Starring Jimmy Fallon
 
I've paid for this addon. I can't get patch level 1 because the server is down. Can anyone share this patch with me. It will likely be against the terms, but I'm sure @Ozzy47 will forgive this instance while they are off line, and I'm being hit by spammers. Cheers
Let me see what can be done.
 
  • Like
Reactions: cwe
don't make it so compicated. spammers able to pass through, this addon did not help me.
I have just uploaded 10 picture text captchas.
Setup > Question and answer CAPTCHAs
did set up here & not getting any spam
 
don't make it so compicated. spammers able to pass through, this addon did not help me.
I have just uploaded 10 picture text captchas.
Setup > Question and answer CAPTCHAs
did set up here & not getting any spam

No spam and you'll never know how many potential forum users you're deterring
 
none! I only wrote advice from my own experience to help! it's up to you! to: listen, consider or ignore & continue debating nonsense!
 
go here: https://xenforo.com/community/threads/the-large-xenforo-forums-list.87974/post-861167
& visit the biggest forums one by one to check registration page,

I'm on that large forum list :) And if you Know (but how could you know) that your 10 picture Captchas and your QandA have not deterred a single user, then carry on. Meanwhile, I'll try and find a compromise, by using addons like this, because I know from studies and my own experience that Catchpas are a PITA
 
I killed my forum by putting recaptcha & turnstile. daily from 300 to 25
after removing this stupid captchas which don't work anyway, I managed to bring back to 150 now. its growing.
spammers mostly use service like 2captcha to bypass captchas, you can discover how many captcha bypass types it supports.
real users somewhere from India, Bangladesh at pc solve captcha & earn money for those companies
 
My forum seems to have been discovered by a spammer recently. Most spammer registrations were detected as suspicious by stop forum spam and automatically sent to moderation to choose wether or not to let them in and it weren't too many. Just enough starting to annoy me about the manual work with that. And I had the feeling that those registrations were on the rise. A couple of days ago one managed to get through the net and to post a spam posting a couple of days later. Not the end of the world but I was annoyed. So I bought the registration spaminator along with the corresponding login spaminator, assuming that I will probably already have a couple of sleepers in my userbase.

Testing showed no issues, so I installed it on the productive forum, still having my doubts that a relatively simple mechanism like this with fake form fields and checkboxes would really do the trick. I was pretty baffled to see that literally within the first two hours already two registrations attemtps were caught and this has continued over the following days constantly. Seems the spammer fell in love with my forum and visits is a couple of times a day, most of the time from Russia.

I could easily use geo blocking w/o harm, as I do have a pretty regional user base, but regularly the spammers do use proxies or VPN endpoints in my region as well. However, I configured geo blocking for a hand full of countries additionally as a second line of defense, using the free geo blocking add on by @Sim.

I wouldn't go as far as to say that my other mechanisms in place would not have detected the spammers the registration spaminator has caught, but as the spaminator checks leave no doubt wether it is a spammer or not and additionally manual interaction is no longer necessary, so it is a quality of life improvement if not more.

As I installed the login spaminator as well I see the pattern that immediately after they think they would have registered they try to log in once or twice, again falling in the same traps than before, this time with login spaminator, and then are gone and until now do not seem to come back with this "account"/user name. The ones I already banned before tried as well with the same result, no unknown sleepers popped up until now. So it may be the case that one single spammer discovered my forum just recently and added it to his tool.

After the first days I am pretty pleased with the two add ons. Loking forward how the situation will evolve.
 
Short update on how it is going nine days after the installation according to the logs:

- the registration spaminator has caught
• 82 registration attemts
• those came from 29 different IP addresses
• top address tried it 46 times (and counting), the others are between one and five tries

- the login spaminator has caught
• 107 login attempts
• again 46 of those came from the same IP (same as above) using the same username
• again the other IPs tried 1-5 times each over time

There seem two main patterns involved in the chosen usernames (one cohort uses fake names, one cohort uses mail addresses as usernames, mainly yahoo ones).
In the "captcha" section the notorious one with 46 occurences never fills this out, the other ones either seem to try it (one cohort) or puts a spammy URL into that field (second cohort). Most come from fixed IPs in Russia and one in the Netherlands, the others are scattered all over the world, possibly using VPN end-points or hacked infrastructure. So we are probably talking about at least three different spammer, possibly more.

The good thing is: Not a single false positive and not a single spam registration that I would have to deal with in the moderator queue and not a single spam registration that came through either (I typically get 2-3 registrations a day, so it was possible to go through the successful ones manually to check wether they are legit (which seems to be the case).

I am aware of the fact that spaminator only catches automated bot registrations, so a spammer registering manually will not be caught by spaminator. But these are then ruled out by geoblock (if from the wrong region) and what's left is atm only a couple per year, so total peace of mind.

Clearly, spamintor took off the cover of a can of worms that otherwise would not have been successful with registering for the most part anyway and so I wouldn't have recognized them before, so the high numbers caught should not mislead. But still: Peace of mind for me, very useful tool and I think I can let it run w/o monitoring it in future.
 
Back
Top Bottom