Luke Z Posted February 2, 2023 Share Posted February 2, 2023 My site is currently being hit with a deluge of spam, despite the fact I use keyCAPTCHA and have all the Spam Defense turned on. All the spammers are passing with a Spam Score of 1. Anyone else having a similar issue? Link to comment Share on other sites More sharing options...
CheersnGears Posted February 2, 2023 Share Posted February 2, 2023 Get a CleanTalk subscription and the plug-in from the marketplace. Best $8 a year you'll spend. DSystem 1 Link to comment Share on other sites More sharing options...
Marc Stridgen Posted February 2, 2023 Share Posted February 2, 2023 hCaptcha is actually the most effective, rather than keyCaptcha. Especially if put in the higher settings. Looking at your system, you dont have all methods switched on at present. You should add some question and answer items. Ensuring you add questions which your potential members would answer easily, but would not be answered easily by a bot. For example, if you put something like "What is 2+2" its likely a bot will breeze through that. Add a few of these. SeNioR- 1 Link to comment Share on other sites More sharing options...
Luke Z Posted February 2, 2023 Author Share Posted February 2, 2023 5 hours ago, Marc Stridgen said: hCaptcha is actually the most effective, rather than keyCaptcha. Especially if put in the higher settings. Looking at your system, you dont have all methods switched on at present. You should add some question and answer items. Ensuring you add questions which your potential members would answer easily, but would not be answered easily by a bot. For example, if you put something like "What is 2+2" its likely a bot will breeze through that. Add a few of these. Hi Marc, Thanks for the reply. I've updated to hCaptcha and am thinking on what question/answer to go with. For now, I'm having to manually review all new member requests (still getting registrations even with the hCaptcha). Any idea why practically every one of the spam bots came through with a Spam Defense of 1? Seems like I can't really rely on that feature at all, which is disappointing. Unless I'm missing something. 5 hours ago, Marc Stridgen said: hCaptcha is actually the most effective, rather than keyCaptcha. Especially if put in the higher settings. Looking at your system, you dont have all methods switched on at present. You should add some question and answer items. Ensuring you add questions which your potential members would answer easily, but would not be answered easily by a bot. For example, if you put something like "What is 2+2" its likely a bot will breeze through that. Add a few of these. One additional question... if I delete the spam accounts, does the IP ban still exist, or could all these bots come back? I hate that my websites membership # is inflated with all these bots and would prefer to delete the accounts outright. 12 hours ago, CheersnGears said: Get a CleanTalk subscription and the plug-in from the marketplace. Best $8 a year you'll spend. Thanks for the recommendation! Looking into this now Link to comment Share on other sites More sharing options...
Marc Stridgen Posted February 2, 2023 Share Posted February 2, 2023 59 minutes ago, Luke Z said: Any idea why practically every one of the spam bots came through with a Spam Defense of 1? Seems like I can't really rely on that feature at all, which is disappointing. Unless I'm missing something. Quite simply they are manually registering and not known spammers (even to hCaptcha it seems). We are seeing a substantial uptick lately in spammers at present. Bear in mind the spam defence service can only flag as a known spammer, if indeed there is something on that account to show it as being known. Luke Z 1 Link to comment Share on other sites More sharing options...
Marc Stridgen Posted February 2, 2023 Share Posted February 2, 2023 You didnt mention if you increased hCAPTCHAs sensitivity to spammers. Did you also do this? Also ensure you have your mark as spam settings set to report back to us. This will help us to then prevent spam. Link to comment Share on other sites More sharing options...
Luke Z Posted February 2, 2023 Author Share Posted February 2, 2023 15 minutes ago, Marc Stridgen said: You didnt mention if you increased hCAPTCHAs sensitivity to spammers. Did you also do this? Also ensure you have your mark as spam settings set to report back to us. This will help us to then prevent spam. I don't see where I'm able to increase the sensitivity in my admin view (not saying it doesn't exist, just can't find it); would you mind pointing me in the right direction? Or is that something managed directly on the hCPATCHA site? And confirmed, I've got the 'Send reports back' activated. I'm noticing a decent amount of these spammers using the same email domain. Am I understanding correctly that I could manually ban certain ones using this feature? Utilizing the wildcard, would I just type in something like ***@eurokool.com and that would prevent anyone using '@eurokool' from registering? Link to comment Share on other sites More sharing options...
Marc Stridgen Posted February 2, 2023 Share Posted February 2, 2023 40 minutes ago, Luke Z said: I don't see where I'm able to increase the sensitivity in my admin view (not saying it doesn't exist, just can't find it); would you mind pointing me in the right direction? Or is that something managed directly on the hCPATCHA site? It is indeed on the hCAPTCHA site itself you are looking. 41 minutes ago, Luke Z said: I'm noticing a decent amount of these spammers using the same email domain. Am I understanding correctly that I could manually ban certain ones using this feature? You could certainly do that if needed. For example adding *.gmail.com would ban anyone with a gmail.com email. It would probably be worth doing the hCAPTCHA settings first and then monitor first Luke Z and SeNioR- 1 1 Link to comment Share on other sites More sharing options...
IndianaJoe Posted February 2, 2023 Share Posted February 2, 2023 One of my sites has been getting hit hard over the past few hours. I created a starter group where their first five posts have to be approved by an admin. It's a little work, but better than cleaning up spam messages. After 5 approved messages the person is promoted to the regular member group without any need to approve messages. Luke Z 1 Link to comment Share on other sites More sharing options...
Marc Stridgen Posted February 3, 2023 Share Posted February 3, 2023 11 hours ago, IndianaJoe said: One of my sites has been getting hit hard over the past few hours. I created a starter group where their first five posts have to be approved by an admin. It's a little work, but better than cleaning up spam messages. After 5 approved messages the person is promoted to the regular member group without any need to approve messages. Indeed, I've used that strategy myself in the past. Also doing things like reducing what they can post as new members can be helpful Luke Z 1 Link to comment Share on other sites More sharing options...
wegorz23 Posted February 13, 2023 Share Posted February 13, 2023 Word filter do nothing because they change words every time. Ban ip e-mails, ip do nothing if they using VPN in browser or other one. (it can automaticly change ip when old one is not reaching target) We also ban like about 10-15 account per day and block many spamers by moderation approval. The best way to prevent that is to install CleanTalk now its clean and silent. But it can block legit users too for no reason. 🙂 Link to comment Share on other sites More sharing options...
Marc Stridgen Posted February 13, 2023 Share Posted February 13, 2023 hCAPTCHA set on higher level of sensitivity has tended to be the best option at present. 2 hours ago, wegorz23 said: Word filter do nothing because they change words every time. This one I would argue isnt 100% effective as they can change words. However to say it does nothing I would say is incorrect. If someone comes back with the same word, it will indeed block it Link to comment Share on other sites More sharing options...
SeNioR- Posted February 13, 2023 Share Posted February 13, 2023 On 2/2/2023 at 4:31 PM, Marc Stridgen said: For example adding *.gmail.com would ban anyone with a gmail.com email. I suggest doing the opposite, adding a list of only trusted email addresses to get rid of the temporary ones. The following query will count the most used domains: SELECT substring_index(email, '@', -1) domain, COUNT(*) email_count FROM core_members GROUP BY substring_index(email, '@', -1) ORDER BY email_count DESC, domain; wegorz23 1 Link to comment Share on other sites More sharing options...
wegorz23 Posted March 1, 2023 Share Posted March 1, 2023 On 2/13/2023 at 11:47 AM, Marc Stridgen said: hCAPTCHA set on higher level of sensitivity has tended to be the best option at present. This one I would argue isnt 100% effective as they can change words. However to say it does nothing I would say is incorrect. If someone comes back with the same word, it will indeed block it if thay write same word it working perfect but they change some and spamers was from other locations and diferent reason for spamming. like positioning and for seo in my case cleantalk fixed problem for like 90% of them trying to register or write some spammers text Link to comment Share on other sites More sharing options...
Marc Stridgen Posted March 1, 2023 Share Posted March 1, 2023 3 hours ago, wegorz23 said: if thay write same word it working perfect but they change some and spamers was from other locations and diferent reason for spamming. like positioning and for seo in my case cleantalk fixed problem for like 90% of them trying to register or write some spammers text I agree, of course. What I disagreed with is the statement that it does nothing. Link to comment Share on other sites More sharing options...
Recommended Posts