Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted June 5, 20231 yr Hi Guys I could really do with some help urgently as my site has been overrun by spammers all morning. It's not something I have experienced at this level but it is out of hand at this point.
June 5, 20231 yr I have taken a look at your settings there, and while spam at present is indeed an issue for a lot of people (there is simply a massive amount out there at present), I would suggest the following: Switch to hCaptcha - Once you have done this, also increase the sensitivity of this on your account on hCaptchas website until it helps reduce this Add question and answer challenges. - At present you have none of these on your site
October 16, 20231 yr For the past 3 days, we've been hit by more than one hundred spam accounts, which we've manually blocked. We've switched from Invisible Captcha to hCaptcha this morning, but I've already blocked a couple of spammers since then, so I'm not sure it'll do the trick. A few of those spam accounts were able to post hundreds(!) of spam topics on our community.
October 16, 20231 yr Take a look at the CleanTalk plugin. It's done a good job in reducing spam on our site. It's not perfect (nothing is honestly), but it's certainly been a help in the fight! https://cleantalk.org/help/install-ipboard4
October 16, 20231 yr 21 minutes ago, Rafael Fischmann said: For the past 3 days, we've been hit by more than one hundred spam accounts, which we've manually blocked. We've switched from Invisible Captcha to hCaptcha this morning, but I've already blocked a couple of spammers since then, so I'm not sure it'll do the trick. A few of those spam accounts were able to post hundreds(!) of spam topics on our community. Looking at your community, you may wish to enact the Question/Answer challenge as well. CAPTCHA alone will not stop all spam but will help. Enacting the correct question/answer challenge, which is easy for your users but hard for bots/human spammers, will also greatly assist.
October 16, 20231 yr 36 minutes ago, Jim M said: Looking at your community, you may wish to enact the Question/Answer challenge as well. CAPTCHA alone will not stop all spam but will help. Enacting the correct question/answer challenge, which is easy for your users but hard for bots/human spammers, will also greatly assist. We've always had those Question/Answer challenges, Jim. They're bypassing them somehow, and most of them are using Google's login as I can see. A couple of new ones from the past hour: https://d.pr/i/mKTb8p https://d.pr/i/DAFIJx
October 16, 20231 yr Welcome to the spam waves! Many Invision Communities have been hit since spring with these massive spam waves. It's been frustrating. Some suggestions: - in hcaptcha, make sure you switch to difficult mode. - switch up and rotate your challenge questions. In my experience though, this only stopped it for 1 or 2 days - you may want to turn on automatic moderation - cleantalk plugin (which does have a small fee) does help tremendously but I also think it catches some false positive of actual users too.
October 16, 20231 yr 3 minutes ago, Joel R said: Welcome to the spam waves! Many Invision Communities have been hit since spring with these massive spam waves. It's been frustrating. Some suggestions: - in hcaptcha, make sure you switch to difficult mode. - switch up and rotate your challenge questions. In my experience though, this only stopped it for 1 or 2 days - you may want to turn on automatic moderation - cleantalk plugin (which does have a small fee) does help tremendously but I also think it catches some false positive of actual users too. Thank you, Joel. Really appreciate the tips/suggestions!
October 16, 20231 yr 13 minutes ago, Rafael Fischmann said: We've always had those Question/Answer challenges, Jim. They're bypassing them somehow, and most of them are using Google's login as I can see. A couple of new ones from the past hour: https://d.pr/i/mKTb8p https://d.pr/i/DAFIJx That would likely indicate that it is too easy to google or an answer that bots can calculate. It is not something you just set a question/answer. You have to test many and balance the results with spammers that get through and humans struggling to answer it. In my personal experience, the right question/answer challenge removes a great deal of spammers. However, no spam prevention is absolute.
October 16, 20231 yr 1 minute ago, Jim M said: That would likely indicate that it is too easy to google or an answer that bots can calculate. It is not something you just set a question/answer. You have to test many and balance the results with spammers that get through and humans struggling to answer it. In my personal experience, the right question/answer challenge removes a great deal of spammers. However, no spam prevention is absolute. Even so, Invision Community's spam protection feature should be able to identify those spammers based on posts' content, how many posts they make in just a few minutes, etc. No human would post 100 new topics in less than an hour on a forum about Apple laptops mentioning girls in Abu Dhabi. Just saying…
October 16, 20231 yr Just now, Rafael Fischmann said: Even so, Invision Community's spam protection feature should be able to identify those spammers based on posts' content, how many posts they make in just a few minutes, etc. No human would post 100 new topics in less than an hour on a forum about Apple laptops mentioning girls in Abu Dhabi. Just saying… Please keep in mind, here in support, I can only guide you on what is available in the software today. This is not a feature as it stands and if you would like to see it as one, placing this in the Feedback section is the way to go. We recently added new spam prevention features to help with Geolocation on registration so that may assist you if you’re seeing a specific location of spam registrants.
October 16, 20231 yr Block them at Cloudflare / Firewall level. I have blocked bunch of IP's and ASN's and it took care of the issue. Just make sure you check - if the IP is from Data Center / Proxy and based on that update the rules, so no real users would get impacted. It also takes care off useless search bot who just aggressively scan for WordPress links. Ex: Edited October 16, 20231 yr by AlexJ
October 16, 20231 yr 1 minute ago, AlexJ said: Block them at Cloudflare / Firewall level. I have blocked bunch of IP's and ASN's and it took care of the issue. Just make sure you check - if the IP is from Data Center / Proxy and based on that update the rules, so no real users would get impacted. Would be very careful about doing something like this. Don't want to be overzealous in doing so or you may accidentally block legitimate traffic. Maybe that's a legitimate user using a VPN or a third party service you're running which runs in a datacenter or something else entirely.
October 16, 20231 yr 58 minutes ago, Jim M said: Would be very careful about doing something like this. Don't want to be overzealous in doing so or you may accidentally block legitimate traffic. Maybe that's a legitimate user using a VPN or a third party service you're running which runs in a datacenter or something else entirely. Yeah, I'm always afraid of blocking IPs. I only block the ones which are red flagged by https://www.abuseipdb.com/
October 17, 20231 yr 5 hours ago, Jim M said: Would be very careful about doing something like this. Don't want to be overzealous in doing so or you may accidentally block legitimate traffic. Maybe that's a legitimate user using a VPN or a third party service you're running which runs in a datacenter or something else entirely. I normally check using https://www.ipqualityscore.com/ - it is accurate overall, especially this M27 or datacenter related IP's. We normally mention on site, users should remove Proxy if they face the issue.
October 17, 20231 yr I suggest IPS add possibility to add answers as Numbers in QA Section. Then we could add math questions as challenge - several sites use this as an option.
October 17, 20231 yr 43 minutes ago, Kjell Iver Johansen said: I suggest IPS add possibility to add answers as Numbers in QA Section. Then we could add math questions as challenge - several sites use this as an option. That’s way too easy for bots.