Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
AshieF73 Posted June 2, 2023 Posted June 2, 2023 Last night our forum was attacked with spam for a hour by around a dozen new forum accounts, although my mods were flagging as spam and hiding, as quickly as they did a new user and spam appeared. In the end I took us offline to clear it and banned users, reopened but closed registrations for the night. It appears to have been one individual, although they used multiple email domains and IP address to register they all showed as a specific location in India. I already had hCapture, a security question from choice of three questions and Email validation. I assume they need some manual input to clear? Today I have changed the security questions and added a few more questions. Is there anything else I can do to force more rigorous manual intervention to make it annoying for a spammer to slow them down if not stop them? Thanks. Ashley.
Marc Posted June 2, 2023 Posted June 2, 2023 Have you tried increasing the sensitivity on hCaptcha? We are seeing quite the increase in spam generally at present, unfortunately.
AshieF73 Posted June 2, 2023 Author Posted June 2, 2023 Thank you Marc, I had it on auto but just changed to difficult to see if that helps. Is there any mileage in having a large group of security questions and changing them reguarly do you think?
AlexWebsites Posted June 2, 2023 Posted June 2, 2023 I turn on approve first post and all links. This puts them in a moderation que.
Marc Posted June 2, 2023 Posted June 2, 2023 1 hour ago, AshieF73 said: Thank you Marc, I had it on auto but just changed to difficult to see if that helps. Is there any mileage in having a large group of security questions and changing them reguarly do you think? It certainly cant be of any detriment, thats for sure. If its people signing up, of course it will make little difference.
AtariAge Posted June 2, 2023 Posted June 2, 2023 For several years now I have been using email and Admin validation. I have a mod that allows me to quickly look at Google and StopForumSpam links for the username, email address, and IP address for pending members on the main index of the forum (only visible to admins, of course), so I don't have to go into the ACP. And I have a link to WhatIsMyIPAddress.com with the IP address, which makes it easier to identify people coming in through VPNs and proxies, plus I can see what country the user is coming in from. With these tools, I can identify most spammers 95% of the time (if not higher). For spammers who who get through my manual validation, the first three posts a user makes need to be manually approved, so that will generally catch the remainder. It's a pain, but it's the only reliable means I've had of keeping spammers off the forum.
ZakRhyno Posted June 3, 2023 Posted June 3, 2023 17 hours ago, AtariAge said: For several years now I have been using email and Admin validation. I have a mod that allows me to quickly look at Google and StopForumSpam links for the username, email address, and IP address for pending members on the main index of the forum (only visible to admins, of course), so I don't have to go into the ACP. And I have a link to WhatIsMyIPAddress.com with the IP address, which makes it easier to identify people coming in through VPNs and proxies, plus I can see what country the user is coming in from. With these tools, I can identify most spammers 95% of the time (if not higher). For spammers who who get through my manual validation, the first three posts a user makes need to be manually approved, so that will generally catch the remainder. It's a pain, but it's the only reliable means I've had of keeping spammers off the forum. Would yo be willing to share what mod you got working for you?
AtariAge Posted June 4, 2023 Posted June 4, 2023 On 6/3/2023 at 9:04 AM, ZakRhyno said: Would yo be willing to share what mod you got working for you? Yes, it's @Adriano Faria's "Validating Members With Links" plugin, but I'm not sure it's available here (a quick search didn't reveal it in the Marketplace). You can send him a private message to ask him about it.
Allen Bradford Posted June 6, 2023 Posted June 6, 2023 I’ve been relatively lucky and I think my Q&A questions thwart most spam registrations. Although not completely. Occasionally a spammer slips in. So I change the questions/answers periodically. If a spammer sneaks in I have my Admin functions set for manual authorization. Since I require a few fields to be filled, like Interests, it’s relatively easy to see who is a spammer upon registration and I can delete that account immediately.
Recommended Posts