2dub Posted May 17, 2023 Posted May 17, 2023 My license is up to date. I am behind on the may update. But I've been killed by spammers today. I just disabled registrations. But I had 35 registrations today (huge for my site) all flooding me with spam. They are validating their address and Spam Defense is giving them a 1 score. I also have questions to answer at registration. Any further suggestions as to what I can do?
Clover13 Posted May 17, 2023 Posted May 17, 2023 (edited) It happened to me recently too. I switched from reCAPTCHA V2 to hCaptcha. So far, so good. I can't tell if they are actually humans or not however, but they are/were getting through the effective human registration process/steps with non-spam registered emails. Edited May 17, 2023 by Clover13
Jim M Posted May 17, 2023 Posted May 17, 2023 4 minutes ago, 2dub said: Keep in mind that there are human spammers as well who do research and work for bots. By supplying answers to 3/4 of these questions in the question itself, you're making their lives very easy. These questions, in general, are rather easy and your target niche don't need those answers in question. If these questions are old, it may be well that the bots/humans have discovered these answers. You'll also want to switch to hCAPTCHA and ensure you have "Difficult" set for the passing method if you continue to get hit hard. 10 minutes ago, 2dub said: They are validating their address and Spam Defense is giving them a 1 score. I also have questions to answer at registration. Be sure to also flag all these users as spammers as that will tell our Spam Defense of them. 2dub 1
Dean_ Posted May 17, 2023 Posted May 17, 2023 We got hit hard on Monday. 85 quick registrations and counting, in the end we had to topic approve to stop the spam and adjust some Cloudflare options. 2dub 1
Clover13 Posted May 17, 2023 Posted May 17, 2023 Yeah that's the same I got hit with and flagged as spammers. Some of the same emails. Ironically, shortly ago (with hCaptcha) I had a spammer join two of my sites with the same email within minutes of each other, but chose two different usernames. On one site, they posted a couple times trying to act like they were interested (maybe a bot even). But profile location in Texas, IP in Wisconsin and timezone in New York it was pretty clear they were trying to get by the post limit to access PMs and spam there IMHO.
2dub Posted May 17, 2023 Author Posted May 17, 2023 @Dean_ That's what we got too. How long did it last? I've disabled registrations and guest posting, but obviously want to enable it again. Thanks to all.
Clover13 Posted May 17, 2023 Posted May 17, 2023 @2dub I'm on a 2+ week span. Two waves with a large number, once I put it back to admin approval on accounts it slowed down, then it seems like a few feeler registrations come in and if it's back on auto approval via email verification another wave hits. My sense is this bulk of emails being used need to be flagged so they get added to the pool and detected on other sites. Seems like this recent attack has all new emails, not currently known ones.
Arthmoor Posted May 17, 2023 Posted May 17, 2023 It's a long standing issue with IPS and their "anti-spam" that doesn't actually prevent spam. Even with hCaptcha. It would be better to press them on enacting my suggestion from January when I got hit by the same spammers: The other often mentioned "solution" is to spend an additional $20 to install ClearTalk, but IMO one should not require additional paid apps to run an already expensive package. Clover13 and G17 Media 2
beats23 Posted May 18, 2023 Posted May 18, 2023 Same here. Since yesterday spammers have been on my site. Some of the spamming emails are the same as @2dub coming from this same email. "@andorem.com" The PC system time they are using is for Kolkata India, and a few from LA. I had to use Cloudflare to block all connections from India to slow down the spamming. Why is IPS spam tool not blocking these spammers?
Marc Posted May 18, 2023 Posted May 18, 2023 34 minutes ago, beats23 said: Why is IPS spam tool not blocking these spammers? I think there may be a misunderstanding on how spam prevention works unfortunately. The reality is, in order to prevet spam, they need to first of all be known to be spam. As bots get more sophisticated, they get closer and closer to looking like human registrations. So you run a fine line between preventing spam, and preventing actual registrations. And when you do pick up on IPs, email addresses etc, it takes time for them to be known as being spam. What I would say here, is in almost all circumstances when we have looked at customer sites, the following tend not to all be in place Spam service set to its defaults Multiple question & answers set up, that are not machine solvable (putting something like "What is 2+2?" will simply be solved by a bot. Having only 1 set up means once its solved, its solved) Not yet using hCaptcha, which was added to our software to try and combat some of the more advanced spam that was turning up Not adjusting hCaptcha settings to a level at which is reducing spam to a suitable level I would advise anyone who is having problems, check the settings above. This said, there is no silver bullet for spam that will work every time. There will be times where items such as these make their way through.
georgebkk Posted May 18, 2023 Posted May 18, 2023 How about attacking the spammers with IPS writing some clever AI functionality and include in the packages?
Jim M Posted May 18, 2023 Posted May 18, 2023 17 minutes ago, thaivisa said: How about attacking the spammers with IPS writing some clever AI functionality and include in the packages? Feel free to make a suggestion in our Feedback forum 🙂. Brian Garcia 1
cmer Posted May 18, 2023 Posted May 18, 2023 23 hours ago, 2dub said: My license is up to date. I am behind on the may update. But I've been killed by spammers today. I just disabled registrations. But I had 35 registrations today (huge for my site) all flooding me with spam. They are validating their address and Spam Defense is giving them a 1 score. I also have questions to answer at registration. Any further suggestions as to what I can do? Hello, I understand your frustration. Today, I disabled registrations on my website as well due to an influx of spammers. It's astonishing how many registrations I received in a single day, and it's a major issue for my site too. I've been experimenting with different solutions to combat this problem, and I've found that implementing KeyCAPTCHA seems to be more effective in blocking these spam attacks compared to reCAPTCHA. KeyCAPTCHA provides an additional layer of security by incorporating interactive puzzles or challenges that are more difficult for bots to bypass.
Marc Posted May 18, 2023 Posted May 18, 2023 1 minute ago, cmer said: I've been experimenting with different solutions to combat this problem, and I've found that implementing KeyCAPTCHA seems to be more effective in blocking these spam attacks compared to reCAPTCHA. KeyCAPTCHA provides an additional layer of security by incorporating interactive puzzles or challenges that are more difficult for bots to bypass. hCAPTCHA is currently proving to be the most effective cmer 1
cmer Posted May 18, 2023 Posted May 18, 2023 49 minutes ago, Marc Stridgen said: hCAPTCHA is currently proving to be the most effective I have activated hCAPTCHA and two new bot have just been registered.
olyclimber Posted May 18, 2023 Posted May 18, 2023 Yeah I had hCAPTCHA enabled and got over 17 pages of fresh spam this morning and like 15 new spam registrations this morning. I've turned off new registrations till I can figure out something...or actually set to admin approved only. This is a problem. Hopefully either Invision or the Invision Community/user base can share some real solutions ASAP.
Jim M Posted May 18, 2023 Posted May 18, 2023 As mentioned earlier, if you haven't yet and your site is getting hit hard by bots, changing the "Passing Threshold" of hCAPTCHA to "Difficult" is advised.
Clover13 Posted May 18, 2023 Posted May 18, 2023 @cmer and @olyclimber what were you set on when you got hit? Auto or Difficult?
cmer Posted May 18, 2023 Posted May 18, 2023 1 minute ago, Clover13 said: @cmer and @olyclimber what were you set on when you got hit? Auto or Difficult? Difficult Clover13 1
Jim M Posted May 18, 2023 Posted May 18, 2023 4 minutes ago, cmer said: Difficult May want to double check that as I was not shown a difficult pass when using hCAPTCHA on your community's registration page. Additionally, you are not using Question & Answer challenges. Which also help combat spam when used appropriately.
cmer Posted May 18, 2023 Posted May 18, 2023 1 minute ago, Jim M said: May want to double check that as I was not shown a difficult pass when using hCAPTCHA on your community's registration page. However, I use Difficult for the Hcaptcha
Jim M Posted May 18, 2023 Posted May 18, 2023 Is that indeed the site key you're using in Invision Community?
cmer Posted May 18, 2023 Posted May 18, 2023 30 minutes ago, Jim M said: Is that indeed the site key you're using in Invision Community? Yes, for active license.
olyclimber Posted May 18, 2023 Posted May 18, 2023 2 hours ago, Clover13 said: @cmer and @olyclimber what were you set on when you got hit? Auto or Difficult? I was not set on difficult. I tried to change that setting this morning but it didn't take for some reason in Safari...seems to work in Firefox. But in Safari it was just letting people in with a checkbox. I didn't test Chrome or Edge because I ran out of time and I have to get to meetings. I assume this is a problem with hCatpcha not Invision? IDK. But not like there is a lot to it...just grab the key and the secret and plug them in. I'm not sure why I was having the above issues but for now I'm still set to manually approve till I get time to look at it.
olyclimber Posted May 18, 2023 Posted May 18, 2023 I was set to "auto" when the spam attack happened.... They just keep coming! 🤪
Recommended Posts