Welcome to WebmasterWorld Guest from 54.196.238.210

Forum Moderators: brotherhood of lan & mack

Message Too Old, No Replies

Question about forum spam prevention

     

abrodski

8:00 pm on Apr 22, 2010 (gmt 0)

5+ Year Member



Hello!

I run a forum (actually, I'm about to) and I have few spam bots that register everyday and it takes time to remove them manually.
I went to a website where they offer a plugin that automatically would detect a spam bot by silently checking in their DB.
Its all nice, but I wonder if there's a chance that if they use IPs to track the bots, then what if some legit person will use that same IP to register. I mean, I doubt that all forum spam bots use and keep forever the same IP addresses...

mack

9:17 pm on Apr 22, 2010 (gmt 0)

WebmasterWorld Administrator mack is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Its a bit of a battle, I don't think there is any way you can total keep the bots from registering but there are a few things that can be done. If you are using a common forum script you might be able to change the form field names within the html. This can sometimes reduce the numbers because the people who run the bots aren't going to change something simply for one site. The bots are built to go after a common trail. If you can deviate from this trail you're doing well.

Captchas are another useful tool. They do frustrate some users, especially the ones that are hard to read, but again they do work well for putting off non human registrations.

The most effective method I have found is to require email validation when a user signs up.

Mack.

abrodski

1:10 am on Apr 23, 2010 (gmt 0)

5+ Year Member



I have an email validation on my forum, but bots still able somehow to bypass it. Almost all of them don't post anything, just appear in list of members. I tried to register myself and I found out that UNLESS you click the link in the mail that system sends, you don't appear as a member, only where it says "awaiting moderation". I use SMF 1.1.11, BTW...
I do have a built-in captcha module and I have it on medium level of complexity. Though it seems too simple, so I might as well go to difficult level.
Speaking of captchas...I know that there's a special module with that name and it looks somewhat special. So when you were talking about "captcha", did you mean just ANY type of module that does the same thing or that particular type?
I don't know if there's a way to change a type of captch module in SMF...?

piatkow

10:52 am on Apr 23, 2010 (gmt 0)

WebmasterWorld Senior Member piatkow is a WebmasterWorld Top Contributor of All Time 5+ Year Member



Captcha is a generic term for any process that requires a manual response to verify that data entry is by a person and not a machine.

If the bots are automatically validating then it suggests that you are using some popular off the shelf software which has had both the captcha and its acknowledgement email format cracked.

Can you customise the registration in some way so that it isn't identical to every other site that uses the same software?
Can you substitute a third party or bespoke captcha for the one provided?
Can you customise the verification so that there is a non standard action such as an additional captcha?

abrodski

5:01 pm on Apr 23, 2010 (gmt 0)

5+ Year Member



As I wrote before, I use SMF 1.1.11 which you could call a generic software out of a shelf (and also free-GPL).
I'm not a programmer, so I can't change the registration fields.
As per adding another captcha or using a different captcha module...I don't know...I have to find out.
For now, I just made it to the hardest level of the existing generic captcha that comes with a forum software.
I definately made it harder for humans to guess, but I will see whether it helps at all to prevent bots from registering (my guess is that it won't).

abrodski

4:33 pm on Apr 25, 2010 (gmt 0)

5+ Year Member



I made it to a high (most difficult) level for an existing captch on SMF and it seems to be working...
Though, its kind of a pain to register (sometimes you have to reload the image or re-type it), but I think that if someone really wants to register, its not a problem.

old_expat

4:07 am on Jun 7, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Are there so many real applicants that you can't register them yourself after they have sent an email?

martinibuster

9:10 am on Jun 7, 2010 (gmt 0)

WebmasterWorld Administrator martinibuster is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



It is a problem if the registration process is difficult. One way to make it easier is to put a human challenge, like asking them to do a simple addition problem. This kind of challenge is effective against bots and is less hassle than a captcha. If you want to make it easier to register you can also skip the requirement for them to confirm their membership.

Good luck.
;)

Barnamedve

4:45 pm on Jun 9, 2010 (gmt 0)

5+ Year Member



I am using smf and I also had the problem that bots are bypassing the the capcha thing. In my opinion the human action is the best as it was mentioned before. The most common is to identify what is shown on the picture and click on the right one. So there is a picture of a car and A is car you click on it etc..the rest you know. What I use now is that not only the activation link is needed but at registration the register cannot choose apassword. A 6 random character will be sent to the applicant by email with the validation link and when he or she enters it offers the applicant to change it therefore you have to recognize what that code is....I hope this helped...
 

Featured Threads

Hot Threads This Week

Hot Threads This Month