IPB useless now because of spambots

[Mushxx]

A better idea would be to enable moderation on all posts with links (I don't think this is supported natively, but would be relatively easy to code). That way, you'd probably avoid issues with most human posts (assuming that your forum isn't centered around posting links to other sites - even then, you could always use a whitelisting system to mitigate those issues).

This might work for some, but not the ones on my forum, they reply with aaaaaa in about 200 replies (they don't start topics)

I have a default group new members go in and auto promote at a certain amount of posts
Email verification
Extra custom fields
No PM until promoted (this has stopped the PM spam)

Thank goodness for delete all posts by member

[Shawn Alain]

What version of the IPB code do you run Shawn?

The latest. 2.3.6
I don't think these are humans registering because they are usually only to get one post before I ban and delete their messages. It just wouldn't make sense for someone to register 100 bots for a post that is usually deleted in less than 24 hours and then the member gets perma banned. There's no way someone would do that without losing interest after more than a week and this has been going on for quite some time.

[PrepsTexas]

this is getting rediculous

Does IPB have any solution to solve this problem? There needs to be a setting.. and I cant find it... to where a member needs to have X amount of posts to have the right to use the PM system.

[Schot]

I'll add to the collection of suggestions. For my forum I have a custom profile field that asks a question for which only one answer is correct. The question must be answered during registration. If it is wrong they don't get in. Bot's don't have the ability to interpret questions which is why this method is so effective. The beauty of it is that no mod is required. It's built into IPB and for my own I'm using 2.3.4. The question is simple and effective. "Is snow hot or cold?"

-->Go to ACP Admin Controls
-->Click Management near top of page
-->Click Custom Profile Field in left menu below Users and Groups
-->Click Add New Field near bottom of page
-->Field Title: Anything you want
-->Description: Your question for registrant to answer. Add (Answer in lower case) after question to simplify.
-->Field Type: Text Input
-->Maximum Input: 20 should be fine. I put 4.
-->Expected Input Format: This is where you put the answer to your question. I use lower case to keep it simple
-->Option Content: (leave empty)
-->Include on registration page? Yes
-->Field MUST be completed and not left empty? YES
-->Field can be edited by the member? No
-->Make this a private profile field? Yes
-->Make Admin and Super Moderator Editable/Viewable Only? No
-->Topic View Format? (leave empty)


That's it. you should see a dramatic drop in spam bots after making this provided you don't have any "sleeper agents". ^^

Good luck! :)

[TrixieTang]

I'll add to the collection of suggestions. For my forum I have a custom profile field that asks a question for which only one answer is correct. The question must be answered during registration. If it is wrong they don't get in. Bot's don't have the ability to interpret questions which is why this method is so effective. The beauty of it is that no mod is required. It's built into IPB and for my own I'm using 2.3.4. The question is simple and effective. "Is snow hot or cold?"

-->Go to ACP Admin Controls

-->Click Management near top of page

-->Click Custom Profile Field in left menu below Users and Groups

-->Click Add New Field near bottom of page

-->Field Title: Anything you want

-->Description: Your question for registrant to answer. Add (Answer in lower case) after question to simplify.

-->Field Type: Text Input

-->Maximum Input: 20 should be fine. I put 4.

-->Expected Input Format: This is where you put the answer to your question. I use lower case to keep it simple

-->Option Content: (leave empty)

-->Include on registration page? Yes

-->Field MUST be completed and not left empty? YES

-->Field can be edited by the member? No

-->Make this a private profile field? Yes

-->Make Admin and Super Moderator Editable/Viewable Only? No

-->Topic View Format? (leave empty)

That's it. you should see a dramatic drop in spam bots after making this provided you don't have any "sleeper agents". ^^

Good luck! :)

I've heard a lot of people suggest this basic idea, might try it.

[Schot]

Definitely give it a go. It is quite possibly the best thing you can do for your IPB forum to fight off spam bots. I get a spam bot about once every 2 months and it's likely the human kind.

[Michael]

this is getting rediculous

Does IPB have any solution to solve this problem? There needs to be a setting.. and I cant find it... to where a member needs to have X amount of posts to have the right to use the PM system.

You can disable access to the PM system to the default Members group, then set up a new group which the Members group promotes to after X number of posts.

[rct2·com]

Ermm, I think the topic is about 'topic' bots rather than 'PM' bots?

[Teddy Rogers]

Shawn, you did install the eCaptcha update - and it is enabled and working correctly?

http://forums.invisi...on-improvement/

Ted.

[Luke]

If I'm not mistaken, the reCapatcha update also had a question method as well that allowed you to add a bunch of questions and answers specific to your community.

[3DKiwi]

Does IPB have any solution to solve this problem? There needs to be a setting.. and I cant find it... to where a member needs to have X amount of posts to have the right to use the PM system.

Create a new member group called something like "Regular Members". Give them normal permissions. Rename the "Member" group to "New Member". Disable the PM system for these members. Enable "Auto Promotion" to next group after X number of posts. At my site I make the new member group have their posts moderated. After a couple of posts they are auto promoted to the regular member group. This has virtually eliminated spam.

Things I also do to cut down spammers signing up:

Don't accept registrations from gmail or yahoo email addresses as most problems that I have had the spammer was using one of these freebie email accounts. If they are genuine and only have one of these email accounts the person usually emails me and I set up an account manually for them.

Delete unvalidated accounts after 3 hours. Most genuine people validate their account straight away.

This all works for me. Not sure why some of you are having so many problems with spammers. I run a busy site with 19,500 members. Inactive members are deleted after 12 months of inactivity and seldom have a problem. I did have problems prior to doing the moderating new members first couple of posts.

Nigel / 3DKiwi

[toffee90]

Used vbulletin previously, awful for spam bots, going on about 30 registering a day and getting past all the spam stuff in place, not noticed it with IPB yet until the other day got about 3 accounts joining up, and noticed the same usernames on a few ipb boards i visit.

[blackfalcon1]

Here is a few tips.

1. require email validation. This will do three things for you. First, if it is a spam bot, it wont be able to validate. Second, if it is a person, make it clear that because they must enter a valid email, if they are a spammer, you will be able to find their IP through their email provider and report them. Third, if they do spam your forum, you can report them.

2. In IPB3 the is a feature called "flag as spam" which when a moderator flags a member as spam it instently suspends their posting and PM and unapproves all their current posts.

[rct2·com]

More tips.

[*]Add a custom profile field to the registration, so that people have to answer a question. Fools registration bots, and confuses human 'bots' working from written scripts. [*]Instead of what 3DKiwi says above, create a new group called (for example) 'Probationers'. Give the new group limited posting rights, no PM rights, and promote the group to 'Members' after X posts. Find out the group number [in AdminCP or with PHPMyAdmin look in the ibf_groups table]. Then change the line in conf_global.php to use the new group number instead of the default '3'.

[Damien1990]

the spammers on my site are just registering and changing their siggys to links to warez/porn ect.
boit actually posting

[chasz]

the spammers on my site are just registering and changing their siggys to links to warez/porn ect.

boit actually posting

of course, once they have your domain name, posting links, user ACP links are pretty much consistent and in pattern on all boards of the same brand.

So make a generic registration question and force spammers to register manually, after 5 boards they will quit.

So stop whining and do the suggestions

[AtariAge]

I run 2 boards. Neither have been affected by spambotters.

[list=1] [*]One uses admin validation at registration [*]The other has an extra field that has to be completed on the registration form.

[/list]

I do both of these on my board and almost never have spammers get through.

..Al

[SecondSight]

As for me, I use both user and admin validation. Moreover, I check every account registration (IP, etc.). It's very easy to recognize spamers registrations and delete them.
It seems like they tried three or four days to register on my board and now they have stopped.

[rct2·com]

If you have command line access, and a Linux server, I can really recommend the apf firewall. This collects a list of spamming IPs every day and bans them, they never get as far as accessing your registration page.

It also includes a anti-ddos script that temporarily bans [for a period that you choose] any IPs that have too many [you define too many] concurrent connections.