Forum Spam Protection Issues

[JohnCourt]

Spammers sure are a tricky bunch these days, they are using what appears like normal emails etc, and they are using what appears to be normal user names too. We are getting a lot of spam registrations, and I have the IPS anti spam service activated and my settings are pretty strict, only action to take for 1/4 is activated as "allow member to register as normal", then 2/4 "flag the account for manual review" then 3/4 and 4/4, "do not allow user to register at all".

I also have reCAPTCHA V2 set up.

With that, IPS is returning a score of 1 for almost every single new registration, and we have to research the users manually to find out if they are spammers or not. And on average half are spam registrations. Going through my Spam Defense Logs, I saw one time IPS flagged a 4 back in July, and before that all have been 1's, and after all have been 1's.

We have to see where the IP resides, if they are in Asia, or Saudi, or other locations like that, we pretty much flag and ban, through our own experience those IP's just don't make sense they would be joining our organization for any reason other than spamming. We also copy past emails into "Stop Forum Spam" search engine to review each member, all in all we are spending some time on this, and I was just wondering if we are doing something wrong that IPS Spam Service isn't catching these guys?

Any help and suggestions are greatly appreciated.

Thanks

[opentype]

I just don’t care about them. Most of the spam registrations I get don’t validate their email address, so they can’t post and are deleted automatically. If they do validate their address, they need to have their first “x” posts approved. So if they post spam, I click “mark as spammer” and that solves it as well. 

There is no bullet-proof way to detect spammers just based on their IP and email address and the more registrations you deny just based on that, the more actual users get banned as well. 

[JohnCourt]

Thanks Open, we only look at foreign overseas email addresses and ip addresses closely, US, and Canadian and Mexican profiles are treated with less scrutiny, really, in our experience, for the genre and purpose of our forum, overseas joins are almost always, spam. After 10 years of administrating this forum, you get a good feel for the regions. That being said, I just don't like any spammer profile residing in our community, even if they aren't able to post, it just bugs me, I guess I need to get over that. 

But, back to my original question, I guess it was question, why is IPS returning 1's on almost every spam registration that comes through?

[bfarber]

opentype's solution is honestly the best approach, as there's no bulletproof way to detect spammers. By putting layers of protection in place, far less can slip through.

20 minutes ago, JohnCourt said:

But, back to my original question, I guess it was question, why is IPS returning 1's on almost every spam registration that comes through?

Our spam defense system uses data from several publicly available sources (such as StopForumSpam and Project Honey Pot, amongst others), as well as reports from clients such as yourself. The reality is, if the system is returning a code of "1" it simply means we have no reason to identify the registration as a spammer not that it is in fact not a spammer. If the user registers on your site and you flag them as a spammer using the built in tools (and have enabled to report this to us, which is the default), then the system will learn and grow from such reports. 

Typically we see a few "waves" of new spammers each year, and then the wave dies out as the system learns about those users, however it will always be a cat and mouse game. This is why multiple layers of protection offer the best overall solution.

[JohnCourt]

Thanks Brandon, appreciate it much!