Full Version: anti-spam new member login?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
It seems the spam deluge is ongoing, sadly! Since most of it seems to come from 'new members', might it be possible to introduce some kind of verification check, just for new members when they log in for the first time? It wouldn't affect current members, and wouldn't need to be anything extensive, but it might filter out a lot of the rubbish.

Anyone know if that might be possible/easily done?
Thought of that too. I'm not even sure that al these spammers work as bots? Or from the same IP?

And a note to all members - PLEASE do NOT reply to spam message!
Last week I nearly purged a legitimate member because he was silly enough to post a reply. I'm purging spammers by the dozen so don't expect me to open the thread first. The last poster is (almost) always the spammer.
Also I have noticed that they seem to hit the site from 2pm EST (Australian daylight saving time) onwards for a few hours.

Michael Kerr
(11-26-2016, 11:53 AM)Robert Vermaat Wrote: [ -> ]I'm not even sure that al these spammers work as bots?

I suspect some of them must be - the ones that post dozens of new ads at the same time. Others are probably people - and while we might feel sorry for the poor drones sitting in spamming centres somewhere endlessly logging in to random websites, we shouldn't make their job any easier! A brief check (and I remember your suggestion, Robert, of a 'Roman history quiz'!) might thin out the spammage a bit. Who knows, in time RAT might drop off the circulating list of 'easily accessible sites'...

(11-26-2016, 11:53 AM)Robert Vermaat Wrote: [ -> ]PLEASE do NOT reply to  spam message!

Is it possibly a good idea not to open the posts at all, but to report them to moderators by opening the member page and reporting that?
Hi guys
It's not as if any new member is let through automatically. The system checks every new registration by IP, email address and username against the database. If the values there reach a certain threshold, the registration is blocked. From the logs I see that's about half a dozen registration attempts every day. I've lowered the threshold today by a third to see if that helps. Apart from that, every new member has to answer both a Captcha (the letters-numbers gobbledygook) and a Security question related to the Roman army. Obviously the latter could be made very difficult, but we do want to let new interested members in...

There is no harm in opening spam posts, nor is there a benefit to them. Just report them when you see 'em and we'll do our best to get rid of such as come by.
(11-27-2016, 07:11 PM)Praefectusclassis Wrote: [ -> ]I've lowered the threshold today by a third to see if that helps. Apart from that, every new member has to answer both a Captcha (the letters-numbers gobbledygook) and a Security question related to the Roman army.

Thanks! I didn't know that - it's been a while since I registered... [Image: smile.png]

Hard to see what else might be done then... although a more difficult question might work! As I once suggested to Robert, 'what was the colour of the Roman army tunic?' ought to sort the wheat from the chaff... [Image: wink.png]
And put a counter on it. I bet red wins
(11-28-2016, 05:55 AM)Praefectusclassis Wrote: [ -> ]Hahahahah!

Could you put a Captcha test on every login?  I don't know how much trouble that would be for real members.
That would be a serious PITA for everyone.
Besides, most of these 'new members' just seem to post a heap of spam and then leave again. I doubt any of them log in more than once (unless, perhaps, they develop a sudden interest in Roman history...)
A few simple things.
I'd block messages with URLs in the title.
You could also block (put into moderation) any message with a URL until say 10 posts.
You may also be able to reduce the number of posts an individual can do per day (until a threshold of posts).
And many of these use Chinese characters - so send any posts with Chinese characters to moderation.

(Just in case ... you've never changed PHP ... if this MyBB is like PhPBB, there will be software "addons" that you can install. Alternatively, you'd have to change the PhP code. That's not as difficult as it sounds - but it does mean there's the risk of losing all the protection every time the software is updated (as it tends to overwrite whole files).

Hi Mike
Yep, checked various options like that already.
(11-29-2016, 06:30 AM)Praefectusclassis Wrote: [ -> ]Hi Mike
Yep, checked various options like that already.

More than likely its an offshoot from PHPbb.

Unfortunately, whilst I've completely hacked PHPbb - I never did any mods - and I presume the mod system will be similar.

So, your best bet would be to request a specific mod at MyBB.

You've already got ranks - which I assume are based on number of postings. The simplest thing to do would be to introduce some restrictions to those on the "first rank" (<10posts?).

I would suggest:
1. Any post with any URL or URL like text in post or title to go into moderation (or bin if there is no moderation).
2. Limit the number of posts to 2-3 per day
3. Prevent them starting new discussions

This should cause the minimum disruption to actual users and maximum to spammers. The only bypass, will be URLs in the user "signature" - but i suspect it could be a pain to change this.

The changes I've suggested are because they require no changes to user or admin user interface, no change to database. As such they should be relatively easy to get working by small adaptations to present code. So, for someone who knows the code, we could be talking a few hours work.

This should maximise the chances of getting help to produce a suitable mod.
Pages: 1 2