SpritesMind.Net

Hi,

this forum is more and more spammed...
My anti spam measure at sign in isn't enought to stop 'human' spammer...
I banned almost any IP from Pakistan/India/SriLanka but it's not enought...
There are some mods which block spammers from their ip and/or their email...but for phpBB 3.x

so 3 solutions (from the easiest to the hardest) :
1/ I keep it like this and delete user/posts one by one
2/ I dev a mod myself (could be harder to hack than "known" mods) using API like StopForumSpam's one
3/ I move this forum to the latest version

I still don't know what to do... but if you see some weird behaviors on this forum on the coming weeks, don't be surprised : I'm perhaps updating it

Again, sorry for the spams, I'm working on this problem.

Did you tried to change your anti bot question ?
The current question can be find by bot with google
I know that since i added an ambiguous question to a forum that i somewhat managed at work we don't get a single bot (we got a tons before, even with anti bot picture stuff).
When i say ambiguous question it can be something as :
"Give the result minus one of this simple operation : 3 + 4"
which is not 7 as the bot will reply but 6...

I think the anti bot question is difficult enough...
It's not basic like 2+3 or (green or yellow)

My problem is with human spammer, people paid to lost time register manualy then use their account to bot spam (I don't think they manualy spam)

I plan to check ip + email on register, login, reply, post and private message page. API available is easy to use so it should be possible...

KanedaFr wrote:I think the anti bot question is difficult enough...
It's not basic like 2+3 or (green or yellow)

My problem is with human spammer, people paid to lost time register manualy then use their account to bot spam (I don't think they manualy spam)

I plan to check ip + email on register, login, reply, post and private message page. API available is easy to use so it should be possible...

Honestly i don't think they are human spammer which actually does register manually to forum. I just think that automated bots are more and more capable of replying questions.

I just don't get it why do people spam this forum out of all the forums.Maybe you could do a test question that only people who want to register for the forms because of the sega genesis for example:
Q:What is another name for the sega genesis
A:sega megadrive
EDIT:I just logged out and click register and then got this for the question:
What of these four is an planet?
America, Cat, Earth, University

everyone knows it's earth try something that only sega genesis fans would know like (above) or even what 3 letters are on a sega genesis controller and the answer would be (of course)A B and C

Human spammers is a real problem - pretty much any of those ads you see for "Earn up to $2000 a day working at home!" is a job signing up on forums for spambots to use. They aren't just in certain countries anymore, but everywhere.

I've no idea how much work it would be, but perhaps after signing up, the user would have to make ten posts in an invisible forum (link provided in the email after registering). If they don't make the posts, or if the posts meet some filtering specs, they're auto-banned. Or maybe send them ten different emails, each with it's own question, one a day for ten days. The idea is to make it not worth the spammer's time as wasting ten days to get on one forum isn't worth the money.

the email idea seems like it would make it a bit more difficult to register (for a real reason) because what if the person who wants to register for real and not to post about discount Viagra or what ever crap they are trying to sell just forgets to check there email and then gets auto-banned.

How about making it possible for forum users to help you deal with spammers? Don't try anything extreme to stop human spammers registering, just make it possible for other registered users to click a "Report as spam" link or whatever on a users post. You can then use that information however you want. It might just be logged, for you to check out later, or maybe you can allow it to have an immediate effect, IE, if a user gets, say 10+ reports, or whatever number you think makes sence, their account gets suspended for a day. If you log on and see it's really just a spam account, you can then ban it.

I think adding tools to allow users to help manage spam is the best way. Just look at how Wikipedia manages to keep so well under control.

sega16 wrote:the email idea seems like it would make it a bit more difficult to register (for a real reason) because what if the person who wants to register for real and not to post about discount Viagra or what ever crap they are trying to sell just forgets to check there email and then gets auto-banned.

Give them a week to respond to the email. If they don't respond, maybe mark the account as "suspect" and when the person tries to log in, pop up a screen telling them to respond to the email or they'll be banned.

Nemesis wrote:How about making it possible for forum users to help you deal with spammers? Don't try anything extreme to stop human spammers registering, just make it possible for other registered users to click a "Report as spam" link or whatever on a users post. You can then use that information however you want. It might just be logged, for you to check out later, or maybe you can allow it to have an immediate effect, IE, if a user gets, say 10+ reports, or whatever number you think makes sence, their account gets suspended for a day. If you log on and see it's really just a spam account, you can then ban it.

I think adding tools to allow users to help manage spam is the best way. Just look at how Wikipedia manages to keep so well under control.

Great idea! that would by far get the most results also it would more than likely get spritesminds of there list of sites that people register and spam

sega16 wrote:

Nemesis wrote:How about making it possible for forum users to help you deal with spammers? Don't try anything extreme to stop human spammers registering, just make it possible for other registered users to click a "Report as spam" link or whatever on a users post. You can then use that information however you want. It might just be logged, for you to check out later, or maybe you can allow it to have an immediate effect, IE, if a user gets, say 10+ reports, or whatever number you think makes sence, their account gets suspended for a day. If you log on and see it's really just a spam account, you can then ban it.

I think adding tools to allow users to help manage spam is the best way. Just look at how Wikipedia manages to keep so well under control.

Great idea! that would by far get the most results also it would more than likely get spritesminds of there list of sites that people register and spam

No, it wouldn't. NeoFlash had a similar problem, and giving common user (like myself) the ability to delete spam and ban spammer made NO DIFFERENCE AT ALL since the spammers realized that users will still take a certain amount of time to notice the spam, realize it is spam, then delete it. If they can flood 10 to 100 spams before getting banned, they've earned their money and they'll keep it up. You need to prevent them from ever getting a single spam posted or you've failed.

By the way, NeoFlash eventually wound up updating the forums to the latest version of their board software to block current spammers.

Chilly Willy is right about the update part By keeping up with the latest security updates we would be more ready to combat the spammers with better technology

I know....but update to 3.x is a major work...
I need to find the time to do it

KanedaFr wrote:I know....but update to 3.x is a major work...
I need to find the time to do it

Yeah, that's the downside of updating. I guess in the meantime as a stop-gap measure, you could set a couple other users to admin status so they could delete any spam until you find the time to update.

In my opinion, only severe restrictions on new registered users can prevent spam.

For example:

- prevent new account posts from appearing on the forums immediately, make their first posts go through some kind of moderation pipe until you are sure they are not spammers.

- block private messages for new accounts until above step is fulfilled (this blocks spamming users message boxes)

- remove public profile informations or signatures (it's often used to spam website addresses and I'm sure we can live without it)

It's not as if this forum was getting a lot of new registered users anyway so I don't think these measures would be too much annoying for legit users, maybe the first step requires some boring work on the moderating side and could eventually be dispatched to forum users who have time to do it. Off course, it must also be technically possible, and that I have no idea.