StopForumSpam Selections

[Alfuzzy]

Apologies if this isn't the best place to ask this...wasn't sure where to put it.

I'm sure all of us deal with some level of Spam on our sites. With the StopForumSpam built into XF...we're given the following options to deal with a potential spammer:



Three questions:

1. When you have potential spammers to deal with in the Approval Queue...how can you tell if it's a true spammer from an innocent newly registered member (potential false positives)? If I understand correctly...the email address's used for registering are checked against the StopForumSpam database.

2. If you do deem newly registered members in the Approval Queue to be spammers...which of the selections do you most often use (do nothing, approve, spam clean, reject)?

With some internet searching...I think I read if you choose "reject"...some of these folks will simply try registering again.

3. Am I correct that with XF all new member registrations must pass a Captcha step (if Captcha is selected). If this is true...does that mean that the potential spammers that are showing up in the Approval Queue are real-humans...and not bots (since they got thru the Captcha step)?

Thanks

 

[Paul B]

If the hit is just on the user name then I give them the benefit of the doubt and approve it.

If there are hits on the IP and email addresses then it's a spammer.

does that mean that the potential spammers that are showing up in the Approval Queue are real-humans

A lot of them will be.

Programs are also able to defeat captchas.

 

[Alfuzzy]

A lot of them will be.

Programs are also able to defeat captchas.

In the ACP > Setup > Options > User Registration...I have "Use reCAPTCHA v2" selected.

Would choosing one of the other Captcha options (Q&A Captcha, textCaptcha, Solve Media, KeyCaptcha) be more effective against non-human registrations?

Thanks

 

[Paul B]

I've never done a comparison test.

Most, if not all captcha programs are eventually broken.
Use the most recent/up to date one and you should be able to catch most of the automated stuff.

 

[Alfuzzy]

Most, if not all captcha programs are eventually broken.

I thought maybe this would be the answer. I know the "bad guys" are usually 1-2 steps ahead of the "good guys". And if the "good guys" do get ahead of the "bad guys"...it usually doesn't last long.

Thanks for the help.

 

[Mendalla]

1. I usually do an IP check if StopForumSpam didn't flag on IP. Since my forum is basically Canada focussed with only a few foreign members, I can pretty safely watch for IPs from known spam sources like Russia and Eastern Europe and reject those. Vietnam's been bad over the past year. At this point, I have StopForumSpam set to automatically kick most dubious registrations in any case.

2. I just choose Reject. If I am getting repeated attempts to register from the same IP or block, then I'll get into blocking or discouraging IPs.

3. What @Brogan said re. captchas.

At this point, spammers are just a nuisance for me. What I am watching for primarily are a couple banned users with some past history who periodically attempt a return. One in particular has a history of being rather pressing and persistent.

 

[Alfuzzy]

...I can pretty safely watch for IPs from known spam sources like Russia and Eastern Europe and reject those. Vietnam's been bad over the past year. At this point, I have StopForumSpam set to automatically kick most dubious registrations in any case.

I've mostly been getting these as well.

How do you have StopForumSpam setup to do the auto-kick? Is it the "Reject registrations when this many warning flags are detected:" setting?

2. I just choose Reject. If I am getting repeated attempts to register from the same IP or block, then I'll get into blocking or discouraging IPs.

Good deal...I'll try using this.

Thanks

 

[Paul B]

How do you have StopForumSpam setup to do the auto-kick? Is it the "Reject registrations when this many warning flags are detected:" setting?

Yes.