Spam Overload

[nrep]

For the past few months we've been getting spam on our forums every single day. We've got Q&A enabled, plus the excellent "Detect and Block Spam Registrations" and "Tac Anti Spam Collection" addons. Yet spammers still get through.

It's normally supplement / drug spam and always contains a link. We've set it up so that posts containing a link are placed into the moderation queue, but it's tiring for the moderators to constantly clear out this list.

Are there any other techniques that I'm missing which will help reduce spam on our forums?

 

[Paul B]

Do you change your Q&A regularly?

It won't stop the spam but it should slow it down until the new question/answer is known.

 

[nrep]

They seem to adapt within a day or two, I can only assume that the spam software in use records the Q&A's and waits for humans to fill in the answer and then the bots are let loose once again. I tried blocking the worst offending countries from registering, but they started to use VPNs. It's a lot of effort to get around posting, so I can only assume it's mainly automated as the spam is removed right away.

 

[Arty]

I've been getting tons of those as well, but they weren't using VPN. All connections came from IPs belonging to Pakistan. They seem to be registering manually.

Checked IP ranges used by spammers for possible valid customers, didn't find a single non-spam account originating from it. So I solved that problem by blocking all connections from that ISP:

iptables -A INPUT -s 39.46.0.0/16 -j DROP
iptables -A INPUT -s 182.176.0.0/12 -j DROP
service csf restart

 

[Anthony Parsons]

Keycaptcha... you'll never bother with any other anti-bot process again.

 

[nrep]

Thanks, I've not tried that one yet - I'll give it a go and see if it works .

 

[MikeMpls]

KeyCaptcha works well. I'm now giving Google's new "Prove You're not a Robot" captcha a try as I update forums to the latest releases.

I had a lot of home page spam from Pakistan. Banning the IP blocks slowed them down (use an IP WHOIS that provides the CIDR for the block), but as they ran out of IP accesses in Pakistan they started using IP blocks mostly in the UK, occasionally elsewhere. I finally "fixed" it by modifying 4-5 templates to remove everything that allows the home page to be edited or displayed. In the last week I've had a couple suspicious registrations but no home page spam.

Regular post spam is well handled with the built-on options (stopforumspam, akismet, etc.).