Hi,

any idea how to fight spam? I purchased CAPTCHA plugin. It helped a little. Then I had to disable guests. Now there's only one spam post a day. How can I eliminate it completely without decreasing user's comfort? I would like to enable guests again.

Thanks.

Hi Jan and welcome,

This adjustment you can make in the bb_plugins.php

Check out what it says under $enableForPostings ... where you have put the code for the captcha.

Is it set to FALSE (OFF) set it to TRUE (ON). And here more for spam protection with the CAPTCHA (Human Authorization)

I've recently posted some improvement recommendations regarding this add-on, you may try them out.

The basic recommendation is that you must change default settings to more customized. Amount of chars and chars string itself, secret key, fonts etc.

Actually what kind of spam do you have?

If guests post links, you should prevent them from that, plugging in the anti-guest add-on.
This add-on also has the list of keywords to forbid in posts.

This is the best method of antispam protection I know. It's also plugged in here on miniBb forums; and as you see, may be only couple of wastefull messages pass from guests per day, may be even not any.

I have an issue with a flood of new unwanted user registrations.

I am using the CAPTCHA plug-in.

Few if any posts are made from the new accounts, at least not immediately, and I try to delete the new user registrations pretty quickly. But it's a pain to keep having to do it.

The target audience of my forum is in the U.S., and it's very unlikely that anyone from another country would have much interest in the discussions. Yet based on the e-mail addresses it is often clear that the unwanted registrations are from other countries. Their usernames or email addresses imply that they want to SPAM.

Also, all of these unwanted registrations are blocking their IP addresses. I attempt to capture their IP address and save it in a user_custom field but the getIP function returns nothing for them.

Is there an easy way let the user (or bot?) complete the registration form but then not actually create the new user if their IP address is blank/blocked? Alternatively, if their e-mail domain matches a certain regular expression (I'm comfortable with preg_match syntax)?

Thanks for any info
Mark

I'm sure all of them have an IP address; what function do you use to capture IP? IF they have 'null' IP it would be simple to block them, but I really doubt that's the case.

wilkinsmd
Each of such issues could have a different nature, and you preferably should identify such users by some other criteria, not the IP address. Specially, if you see IP addresses are blank, it probably means they are hiding them using proxies or something similar.

The most effective way is to protect posts by preventing some definite words from being posted. Usually spammers are only about their "own arsenal" of words and phrases, which are definite, and without them the message would have no sense. Install Anti-guest add-on for that and add new words to the vocabulary.

Also, make sure you have installed the Captcha improvement mechanism, which would make Captcha codes more unique for each day.

To that, you could make all forums for registered users only, and enable some additional routine for accounts validation using email-address verification. This is the strongest method. I suppose, spammers may use non-existing email addresses.

Thank you I will try that.

Yes I am already doing both of those things.

getIP, as defined in bb_functions.php.

Could you please suggest how/where to do this? I would prefer to block them from registering.

Thanks

So, do you suppose they use such a large amount of various email addresses, and they are up to verifying them manually? Sounds impossible.

After all, do not delete such users, just make them inactive (set Member -> No under the user profile). I'm not sure how many emails they could have, but possibly sooner or later they should come to the end...

Also, what emails do they use? Gmail, Yahoo?.. I think I have couple of functions which would allow to prevent certain email addresses by mask or pattern...

How about also:

1) Renaming the original "Register" link's anchor text with something else, like "Create an account".
2) Renaming the actual URL of the registration form.

So currently users can register with http://myforum.com/index.php?action=registernew, but how about changing it to http://myforum.com/create-an-account/? This can be done with PHP and .htaccess. :-)

Here's the PHP that should be put inside bb_plugins.php:

# BEGINS: CREATE A NEW "REGISTER" LINK
if ((isset($l_menu[2],$GLOBALS['enableNewRegistrations'],$GLOBALS['user_id'])) && (empty($GLOBALS['user_id'])) && ($GLOBALS['action'] !== 'registernew')) {
$new_register_link = '<a href="'.$GLOBALS['main_url'].'/create-an-account/" rel="nofollow">Join us</a> '.$GLOBALS['l_sepr'];
}
else {
$new_register_link = NULL;
}
# ENDS: CREATE A NEW "REGISTER" LINK

Then inside main_header.html that original {$l_menu[2]} tag should be replaced with {$new_register_link}.

And finally inside .htaccess file this line should be added:

RewriteRule ^([\-a-z]+)/$ ./index.php?action=registernew

First of all, thank you everyone for the responses.

I agree. It has been a cat and mouse game. Initially I did not check e-mail addresses and allowed immediate registrations. Then I added the CAPTCHA add-on. Then the unwanted registrations started again and so I enabled the functionality to require a valid e-mail address and it sends a link to complete the registration, and that slowed it down considerably for a while. Now, somehow, the registrations have again become frequent.

A good number of them (but not all) are mail dot ru. But the one thing they have in common is they all block their IP address.

Thanks

So, may be then it would be worth of trying to disable access to the forum, if the IP address is hidden? Here's a simple code:

kuopassa
Thanks for the trick; however I suppose, if someone is registering manually, then there's no matter how the link actually looks. This could help from preventing automated registrations; but I'm mostly sure if Captcha is enabled with some extra code like I explained above, then the automated processes should be suppressed as well.

A very interesting method, but how effective?