Signup abuse detection and blocking [Paid] 1.20.4
- Thread starter Xon
- Start date
That changes the designation from unknown to know.
It will appear like this in the registration log:
It's not required, just trying to address your specific issue with rejections.
As it is clearly written in the description of the add on:
This add on is complex and can (but also must) be configured to suit you individual needs (or those of your forum) and the behaviour of your users. This is an advantage as obviously needs and behavior differ between forums and obviously there is neither a "one size fits all" nor would it be possible to create a default config that fits your forum optimally. Though the possiblity of individual configuration of the patterns and their individual weight the wide number of patterns to take into account by this add on is possible at all and this is why it works so well. If you are not willing to learn what this add on does and how it works and to create your individual configuration it is simply not for you. This is not a failure of the add on or it's author.
You don't have to. You can adjust the score users with Gmail addresses will get. However: It is a bit problematic as many legitimate users do use gmail-addesses (depending from your audience) but it is clear as water that gmail along with yahoo are the mail addresses that are most used by spammers when trying to register. So it is a bit of a tough choice how to score it.
Get off your high horse. What am I not doing by asking here if its not learning.
Just to touch on this, we processed ~28,600 registrations in FY25. We found that just blocking the '.' method in gmail addresses AND the at-risk ASN's, eliminated about 98% of spammers trying to use gmail accounts. There are a couple of sites out there using gmail temp addresses like "somethingrandom+owpvo@gmail.com" and those were easy to pickup and blacklist with a filter. We don't see much Yahoo anymore these days.
We see crazy nonsense more often now that looks like this:
That particular ASN is driving a lot of trash...
In those cases, SFS does a pretty decent job of snagging them first. We did also lockout non-standard TLDs like .casino, etc.
There was a lot of attempted trash coming from them.
The default for the "Non-allowed email action" option (aka action on unknown email domain) is "none" which does nothing but log it is unknwon. Someone changed this option to "moderate".
You can either add gmail.com to the allow list so it gets registered as a known email domain and gets a score of '0' or change the "Non-allowed email action" option back to "none".
I also recommend my free option history add-on, so you've got history of when options are changed and by who. Which makes troubleshooting configuration for Signup Abuse Detection ad Blocking add-on sane.
You can either add gmail.com to the allow list so it gets registered as a known email domain and gets a score of '0' or change the "Non-allowed email action" option back to "none".
I also recommend my free option history add-on, so you've got history of when options are changed and by who. Which makes troubleshooting configuration for Signup Abuse Detection ad Blocking add-on sane.
Well, complaining, I guess. At least it reads like that. The way this add on works is pretty well described in the add on description, in the texts aside of the options in ACP and in the 50 pages of the thread you are posting to. So reading any of that could have helped. Instead you choose to complain...
...which clearly indicates you did not read any of the existing documentation and failed to understand the fundamentals about how this add on works.
Not sure if that is a good way. I've quite a few regular users that use the "+" syntax in gmail-addresses, let alone addresses with a "." in it. So I'd only use this along with an ASN score but then again is the question of how low the gmail score has to be to not end up in moderation quite regularly.
Regarding the spammers caught by that add on, especially gmail and yahoo: Today it does barely catch any spammers as they do not get until there. I am using Ozzys spaminator and this caught basically all spam registrations apart from a small hand full of manual spammers (as it is dedicated to work against bot registrations). As I blocked the IP ranges the spam bots were using and can do this more efficiently since using IP Threat Monitor via ASN and country blocking for access to any page of the forum now even the spaminator has been idling and only caught 2 attempts within the last two months.
Before that spaminator has constantly been catching bot registration attempts and most of these have been gmail and yahoo, but both w/o a special syntax in the local part, so w/o "+" etc..
Sorry, to clarify, we allow the + but block the specific prefixes that are used as temp/spam address.
So, the filters look like this:
amzhoxvzidbke+*@gmail.com*.*.*.*@gmail.comDoesn't block people that use normal iterations, but keeps the unwanted types out.
I'd have to look at the % of gmail users, but it's in the top 5 and with implemented checks, we haven't had many issues.
Anyone using Signup throttling? Care tou share your settings
Thanks.
Lots of forums died precisely because of that forum ‘stalwart’ who told people to read the effin manual.
Thanks.
So 50 pages in, I’m the only one to ask a question that could be found in the instructions. Maybe we should shut the support forums then.
Lots of forums died precisely because of that forum ‘stalwart’ who told people to read the effin manual.
Don't be foolish. Typically help in forums is delivered on a volunteer basis. The idea behind most forums is "support with self support" which means you are expected to try to figure things out yourself out first on a resasonable level out of respect for the time of others. Also, you cannot expect the developer to provide support on this level if the question asked is clearly covered in the docs and is self-explaining. This is simply not feasible for the price that add ons cost. This means reading existing documentation, using the search funktion, trying things out yourself before asking. If you don't do any of that and recognizably expect others to dedicate their free time b/c you are too lazy to even try to understand the absolute basics and recognizably have done absolutely nothing to figure out your issue yourself before asking in many forums you won't get an answer. If you don't have and show respect for others - why should they help you? In the end it is you who has a problem, not them.
If it becomes the culture of a forum not to invest the slightest own effort the consequence is that people who are knowledgable do not post or answer questions any more b/c it is too annoying and too time intensive and they don't have any incentive for that. So you will get either no answers or not-so-good or even wrong answers. And there you are: A forum full of noise and half truths that lacks relevance and makes it hard for those who really have serious questions. Just b/c you were too lazy to read and understand what has been directly in front of your eyes in ACP.
Too lazy to read this too. Is the air thin up there.