homepage Welcome to WebmasterWorld Guest from 54.204.249.184
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / New To Web Development
Forum Library, Charter, Moderators: brotherhood of lan & mack

New To Web Development Forum

    
Question about forum spam prevention
abrodski




msg:4120267
 8:00 pm on Apr 22, 2010 (gmt 0)

Hello!

I run a forum (actually, I'm about to) and I have few spam bots that register everyday and it takes time to remove them manually.
I went to a website where they offer a plugin that automatically would detect a spam bot by silently checking in their DB.
Its all nice, but I wonder if there's a chance that if they use IPs to track the bots, then what if some legit person will use that same IP to register. I mean, I doubt that all forum spam bots use and keep forever the same IP addresses...

 

mack




msg:4120305
 9:17 pm on Apr 22, 2010 (gmt 0)

Its a bit of a battle, I don't think there is any way you can total keep the bots from registering but there are a few things that can be done. If you are using a common forum script you might be able to change the form field names within the html. This can sometimes reduce the numbers because the people who run the bots aren't going to change something simply for one site. The bots are built to go after a common trail. If you can deviate from this trail you're doing well.

Captchas are another useful tool. They do frustrate some users, especially the ones that are hard to read, but again they do work well for putting off non human registrations.

The most effective method I have found is to require email validation when a user signs up.

Mack.

abrodski




msg:4120407
 1:10 am on Apr 23, 2010 (gmt 0)

I have an email validation on my forum, but bots still able somehow to bypass it. Almost all of them don't post anything, just appear in list of members. I tried to register myself and I found out that UNLESS you click the link in the mail that system sends, you don't appear as a member, only where it says "awaiting moderation". I use SMF 1.1.11, BTW...
I do have a built-in captcha module and I have it on medium level of complexity. Though it seems too simple, so I might as well go to difficult level.
Speaking of captchas...I know that there's a special module with that name and it looks somewhat special. So when you were talking about "captcha", did you mean just ANY type of module that does the same thing or that particular type?
I don't know if there's a way to change a type of captch module in SMF...?

piatkow




msg:4120607
 10:52 am on Apr 23, 2010 (gmt 0)

Captcha is a generic term for any process that requires a manual response to verify that data entry is by a person and not a machine.

If the bots are automatically validating then it suggests that you are using some popular off the shelf software which has had both the captcha and its acknowledgement email format cracked.

Can you customise the registration in some way so that it isn't identical to every other site that uses the same software?
Can you substitute a third party or bespoke captcha for the one provided?
Can you customise the verification so that there is a non standard action such as an additional captcha?

abrodski




msg:4120862
 5:01 pm on Apr 23, 2010 (gmt 0)

As I wrote before, I use SMF 1.1.11 which you could call a generic software out of a shelf (and also free-GPL).
I'm not a programmer, so I can't change the registration fields.
As per adding another captcha or using a different captcha module...I don't know...I have to find out.
For now, I just made it to the hardest level of the existing generic captcha that comes with a forum software.
I definately made it harder for humans to guess, but I will see whether it helps at all to prevent bots from registering (my guess is that it won't).

abrodski




msg:4121681
 4:33 pm on Apr 25, 2010 (gmt 0)

I made it to a high (most difficult) level for an existing captch on SMF and it seems to be working...
Though, its kind of a pain to register (sometimes you have to reload the image or re-type it), but I think that if someone really wants to register, its not a problem.

old_expat




msg:4147948
 4:07 am on Jun 7, 2010 (gmt 0)

Are there so many real applicants that you can't register them yourself after they have sent an email?

martinibuster




msg:4148037
 9:10 am on Jun 7, 2010 (gmt 0)

It is a problem if the registration process is difficult. One way to make it easier is to put a human challenge, like asking them to do a simple addition problem. This kind of challenge is effective against bots and is less hassle than a captcha. If you want to make it easier to register you can also skip the requirement for them to confirm their membership.

Good luck.
;)

Barnamedve




msg:4149791
 4:45 pm on Jun 9, 2010 (gmt 0)

I am using smf and I also had the problem that bots are bypassing the the capcha thing. In my opinion the human action is the best as it was mentioned before. The most common is to identify what is shown on the picture and click on the right one. So there is a picture of a car and A is car you click on it etc..the rest you know. What I use now is that not only the activation link is needed but at registration the register cannot choose apassword. A 6 random character will be sent to the applicant by email with the validation link and when he or she enters it offers the applicant to change it therefore you have to recognize what that code is....I hope this helped...

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / New To Web Development
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved