Jump to content

Community

Stop the Spam: Guide to stopping spammers


Recommended Posts

  • Replies 108
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

With the proliferation of topics regarding how to combat spammers, I thought to create a guide for members on how to fight this phenomenon. The one thing everyone should be aware of is that you cannot

This thread has helped my site stop 600+ Registrations in just under a week.

ie.. If they're bad enough to need such a mod, then either lay down the law and then enforce it or ban them and be done with it. Stop pussyfooting around with it.

What's cphulk? Were they trying to access your cpanel or your site?

cPHulk is a Linux server security feature that locks down the cPanel, WHM, mail, shell.root access and FTP logins.

If you don't have cPanel/WHM on your server you can install Fail2ban which is the same as cPHulk but stand alone.

Both cPHulk and Fail2ban can be set to email you the IP of attempted logins.

Link to post
Share on other sites

they were trying to access through ssh using some basic user names on port 22.

I don't use normal ssh port so any attempt is blocked really.

crap like that been happening all day.

this was only one that was banned as a spammer and then tried that as far as I know though.

nothing new, happens all the time really.

Link to post
Share on other sites

Yeah, I definitely back having more than 1 challenge question. :smile:

The amount of questions or their complexity is irrelevant for bots.

For popular sites the scraped questions that cannot be correctly answered by bot itself are being filled by human operators

It is the issue of keeping a question out of bot's data bases.

So, it is pointless to hope that forum specific questions will be reliable.

It is just a matter of time, popularity and continuous overriding of the spam database updates.

Link to post
Share on other sites

I've tried it previously, but a very large amount of innocent users were getting blocked. Not useful at all. There isn't a method for them telling you this unless they happen to know your email address. This was on 2.3.x when there wasn't an SFS plugin.

Now in 3.3.x I'm using the SFS plugin and it does a much better job. No one has emailed about being blocked out but I've stopped over 3300 spammers in a month.

Link to post
Share on other sites

Good afternoon,

I am still the new girl here, may someone just tell me the steps to change my question and answer?

I know my old Web Developer put 5+5 or 2+2 something like that. I know I seen it some where in the Admin.. CP but can't recall?

I run a Bipolar support group and it is driving my very few members crazy and preventing me from growing back up?

I appreciate any information any of you can provide, again I apologize ahead of time for my lack of experience here....

Thanks have a good day,

Jan

Link to post
Share on other sites
  • 2 weeks later...
  • 4 weeks later...
  • 2 weeks later...

I think I'm going to try Stop Forum Spam. The spammers are still registering on my forums even though I have maths based questions with the questions written in a complex format to make it harder to read and understand. The IPS Spam Service just isn't working tonight, it refuses to mark a page full of validating accounts at a time as spam accounts for some reason.

post-34851-0-52286400-1358621663_thumb.j

I'm afraid that I have little confidence in IPS's anti Spam Service because it still lets dozens of accounts register in seconds, even though they all have similar format e-mail addresses, and some are so obvious they must be impossible to miss...

post-34851-0-91621900-1358621453_thumb.j

I have just selected 3 of the accounts in the screenshot above and it took about 2 minutes until the 'Loading' text disappeared but the accounts I ticked are still being displayed. No idea what that means.

Why does it still allow sign ups with 'casino' or 'onlinepaydayloan' in the e-mail address? LOL

Link to post
Share on other sites
  • 3 weeks later...

If you are using the QA Challenge, try not to put the answer into the Question. For instance here are two (reasonable) questions:

And, Andy is quite correct. You don't want to include the answer in the question. lols

Why not? Putting the answer inside the question is a good way to confuse a bot.

Which day of the week is in all caps?  sunday monday TUESDAY wednesday thursday friday saturday -- tuesday
Which day of the week is in all caps?  sunday monday tuesday wednesday THURSDAY friday saturday -- thursday
Which day of the week is in all caps?  sunday monday tuesday wednesday thursday friday SATURDAY -- saturday
Choose one of the ODD ONLY numbers: 2 + 2 + 47 -- 47

I'm afraid that I have little confidence in IPS's anti Spam Service because it still lets dozens of accounts register in seconds, even though they all have similar format e-mail addresses, and some are so obvious they must be impossible to miss...

I've seen it in action. I was testing something and like a fool I didn't disable SMS. I did a few registrations and then suddenly BAM, it got me. When I say a few, I do mean a FEW, not even half a dozen.

Link to post
Share on other sites

I am so frustrated with the lack of spam blocking in this expensive software. I am use to running a CMS site with a forum bridge. Botscout was my prefered API and it works quite well. I have a site running now with over 3K members and 0 spammers on my forums. I'm sure that at some point there will be one that slips through, but the record is good. The IPB spam services hasn't done much to help my site that I switched over from my old CMS. I'd request the developers or someone develop the hook or code for botscout and other redundant features to help stop the spammers. If it's already developed , then please point me in the direction so I can eliminate the spam.

Link to post
Share on other sites

I am so frustrated with the lack of spam blocking in this expensive inexpensive software. I am use to running a CMS site with a forum bridge. Botscout was my prefered API and it works quite well. I have a site running now with over 3K members and 0 spammers on my forums. I'm sure that at some point there will be one that slips through, but the record is good. The IPB spam services hasn't done much to help my site that I switched over from my old CMS. I'd request the developers or someone develop the hook or code for botscout and other redundant features to help stop the spammers. If it's already developed , then please point me in the direction so I can eliminate the spam.

* Corrected one of the multiple misspelled words in the above quote.

There are pros and cons to the SMS.

Pro: It gives you an extra service using information gathered by through other communities to help your community to be better protected against spammer attacks. If someone is seen registering multiple accounts on multiple sites in an unusually short period of time, then it can detect that much faster than you would believe. (I'm not sure if it actually does that, although from doing a registration test for other reasons, it did detect my actions and banned my attempts rather quickly.) Imagine if the same legitimate-seeming person were to register on a couple of dozen sites and make a few spam posts before it was caught and reported to SFS (Stop Forum Spam). During the time between an admin noticing it and reporting it, that same person could have hit several other sites as well. SMS, if it works the way I have noticed, after the suspicious activity is detected on a few sites, they are locked down and cannot continue.

Con: Since it is limited to IPS software run communities, it does require a spammer to sleaze their way onto IPS based communities and so you don't get the benefit of any reports of their activities on communities run on other software platforms.

It's not perfect but there is something to keep in mind. Even with other forms of protection, it still takes 'learning' who a spammer is before they can be blocked. If your site is their first target and they aren't a known spammer yet, then they'll be let in. Suddenly your protection 'failed', but in reality, it worked as it should. Most services rely on people actively submitting data about someone for it to be useful. The problem with that is someone (or a group of friends) could submit false reports on someone to get them blocked on other sites. With the IPS SMS, it's a bit more difficult to do and less likely to happen. Still possible, but less likely.

Oh and the SFS add-ons can be found here:

http://community.invisionpower.com/files/file/5143-stop-spammer-registration/

Link to post
Share on other sites

* Corrected one of the multiple misspelled words in the above quote.

There are pros and cons to the SMS.

Pro: It gives you an extra service using information gathered by through other communities to help your community to be better protected against spammer attacks. If someone is seen registering multiple accounts on multiple sites in an unusually short period of time, then it can detect that much faster than you would believe. (I'm not sure if it actually does that, although from doing a registration test for other reasons, it did detect my actions and banned my attempts rather quickly.) Imagine if the same legitimate-seeming person were to register on a couple of dozen sites and make a few spam posts before it was caught and reported to SFS (Stop Forum Spam). During the time between an admin noticing it and reporting it, that same person could have hit several other sites as well. SMS, if it works the way I have noticed, after the suspicious activity is detected on a few sites, they are locked down and cannot continue.

Con: Since it is limited to IPS software run communities, it does require a spammer to sleaze their way onto IPS based communities and so you don't get the benefit of any reports of their activities on communities run on other software platforms.

It's not perfect but there is something to keep in mind. Even with other forms of protection, it still takes 'learning' who a spammer is before they can be blocked. If your site is their first target and they aren't a known spammer yet, then they'll be let in. Suddenly your protection 'failed', but in reality, it worked as it should. Most services rely on people actively submitting data about someone for it to be useful. The problem with that is someone (or a group of friends) could submit false reports on someone to get them blocked on other sites. With the IPS SMS, it's a bit more difficult to do and less likely to happen. Still possible, but less likely.

Oh and the SFS add-ons can be found here:

http://community.invisionpower.com/files/file/5143-stop-spammer-registration/

I appreciate your help, even though it was condescending. I will look into the information you provided.

Link to post
Share on other sites

I appreciate your help, even though it was condescending. I will look into the information you provided.

I fail to see how it was condescending. I mentioned a pro and a con in a factual manner with no insults planted in it. Some of the benefits of the IPS supplied SMS happen to generate some of the cons, it's one of those things that can't really be helped. You might wonder why IPS doesn't make use of SFS or other services to detect spammers and as has been mentioned before by IPS, they don't have control over those other resources so they don't know the validity of the data. I refer you again to the fact that a few people could send in reports of someone and have them marked as a spammer when they're a legitimate user. At the end of it, I provided links to a couple of resources that you asked for help in finding.

Link to post
Share on other sites

I fail to see how it was condescending. I mentioned a pro and a con in a factual manner with no insults planted in it. Some of the benefits of the IPS supplied SMS happen to generate some of the cons, it's one of those things that can't really be helped. You might wonder why IPS doesn't make use of SFS or other services to detect spammers and as has been mentioned before by IPS, they don't have control over those other resources so they don't know the validity of the data. I refer you again to the fact that a few people could send in reports of someone and have them marked as a spammer when they're a legitimate user. At the end of it, I provided links to a couple of resources that you asked for help in finding.

Again, thank you for your assitance.

Link to post
Share on other sites

I have thought about these same issues for some time and then I read this topic and it made me think. The challenge were just to damn easy. Yes IPS Anti Spam in conjunction with SFS do a pretty good job with the spam but the Q&A I had were just to easy after I read this post... Since I changed the Q&A to be more site specific I haven't seen the normal bombardment of spammers make it through these last 2 months as in previous years... Good Job Keiichi and all other contributing members... Well thought out topic...

Link to post
Share on other sites

That's why I don't use typical question and answer challenges. What I find is that forum admins have the tendency regarding their inability to not being very creative with their question and answer challenges. There are too many asmins who use the same "what is 2+2". I have question and answer challenges customized to the subject of my forum community. Not many poeople know the answer and something that a spambot could never guess.

Since October 2012, the SFS hook has blocked over 4,100 spammers that haven't been caught by the IPS system. :thumbsup:

I'm just glad that this guide is helping everyone deal with their spambot problems. :tongue:

Link to post
Share on other sites
  • Recently Browsing   0 members

    No registered users viewing this page.


×
×
  • Create New...

Important Information

We use technologies, such as cookies, to customise content and advertising, to provide social media features and to analyse traffic to the site. We also share information about your use of our site with our trusted social media, advertising and analytics partners. See more about cookies and our Privacy Policy