I have question and answer set for new registrations. The questions consists of me telling new members to send a message to me via the "contact us" and request the answer to complete registration. So there is no way these spammers are getting the answer correct. So why do I have 30 new spam registrations each day? I am putting them into moderation and deleting all of them, but shouldnt they be stopped from completing registration with out the correct answer? Im running 3.8.7

Limiting Spammers:
For 3.7.x - 3.8.x series vBulletin - use the following and it should knock out all automated spambots. The only spammers you'd see are those who register manually. Great thing is - the bulk of spammers are spambots - so this combination of modifications (in this order of installation) should nip the problem directly in the bud:


NoSpam! (https://vborg.vbsupport.ru/showthread.php?t=183329)
A must-have that vBulletin based it's question/answer functionality off of - only NoSpam! works much better :)


ragtek Botscout Register Check (http://www.vbulletin-germany.org/showthread.php?5744-ragtek-Botscout-Register-Check)
This mod is graveyarded on vB.org due to drama - but still works fine. There are no security concerns to worry about. It checks new users IP address against the botscout.com (http://botscout.com/) anti-spam database


Cyb - Advanced Permissions Based on Post Count (https://vborg.vbsupport.ru/showthread.php?t=177704)
This is not necessarily anti-spam -- but with the correct permissions set - new users (with post count of 10 or below or whatever you amount you set via AdminCP) will not be able to post links in threads/posts/pms/etc... So this mod will block users who register manually from spamming their links. It will, however, not block said users from posting links on their profile ARG - profile spam is a sneaky bit of madness...


HTH ;)

J.

It doesnt stop them because they have scripting that is bypassing the entire register process - least thats my best guess.

Vbulletin should have a fix for this - its getting really bad on one of my forums too the last few months. I have installed a few mods and it really slows them down, but a few still manage to get through. Its very annoying.

I use NO SPAM linked above in addition to this > Stop the Registration Bots (https://vborg.vbsupport.ru/showthread.php?t=183917) and it sends me an email every time it denies a registration - a good deal of these dang bots complete the form in 0 seconds - no way they are even looking at it - they are pretty much inserting straight to the db some how.

Another mod I suggest is the SM Limit Editing Signature Before X Posts (https://vborg.vbsupport.ru/showthread.php?t=158650) - this prevents anyone from having access to the signature until they have X number of post. Least when they do get through they wont be able to do anything with the account!

The ones that get through will be human!, they cant "inject in to the database" as that would imply a huge security flaw.

I agree it is annoying but you'll not stop paid human spammers. There are some scripts that read q&a and keep trying known words like "What colour is the sky?" they'll recognise that phrase and the script will roll through colours, you'd have to make the q&a more complicated and require email confirmation too, that will cut many of your spammers, then use something like "bad behaviour" or "stop forum spam".

Lastly have new registrations go in to moderation and access to only one welcome forum for posting, now you've narrowed it down to one forum which makes it easier to clean-up anad you or staff can vet each and every new member - hey presto no spam!

It all boils down to how much trouble you want to go to in order to stop them.

It doesnt stop them because they have scripting that is bypassing the entire register process - least thats my best guess.



Lol no. That's impossible.


They get past Q&A either because a human is registering or has submitted the answer to the automated registration, or because the spambot is able to answer your question since it's simple enough.

Lol no. That's impossible.


They get past Q&A either because a human is registering or has submitted the answer to the automated registration, or because the spambot is able to answer your question since it's simple enough.

LOL, right a real human fills in the entire form and answers my question plus fills out captcha and then clicks submit when the submit button is disabled because its on a timer.... LMAO! Many of these bots submit the form in 0 seconds and are denied registration - that mod keeps 90% of them out, but other bots are getting through and some are even bypassing the admin approval and showing up as members immediately.

These are NOT human spammers!

vBulletin has issues, period!

...vBulletin has issues, period!

Well, there are many vb installations but not many people complaining about that problem, so that would seem to point to a non-vb issue. If it's true that new users are really showing up without going through registration then it's more likely there's a security problem elsewhere.


I'm assuming you've checked that they really are new users? I've seen users register then not post for quite a while.

Well, there are many vb installations but not many people complaining about that problem, so that would seem to point to a non-vb issue. If it's true that new users are really showing up without going through registration then it's more likely there's a security problem elsewhere.


I'm assuming you've checked that they really are new users? I've seen users register then not post for quite a while.

Yes, the forum is running the outdated version 3.6.9, but I'm not in a position to pay the upgrade hijack fee.

Yes, the forum is running the outdated version 3.6.9, but I'm not in a position to pay the upgrade hijack fee.


I don't know much about the licensing terms, but if you own a vb3 license doesn't that allow you to download the latest vb3 version?

I have question and answer set for new registrations. The questions consists of me telling new members to send a message to me via the "contact us" and request the answer to complete registration. So there is no way these spammers are getting the answer correct. So why do I have 30 new spam registrations each day? I am putting them into moderation and deleting all of them, but shouldnt they be stopped from completing registration with out the correct answer? Im running 3.8.7

That's self-defeating. One of those requests was a spammer who in turn circulated the correct answer supplied by you to his cohorts.

I don't know much about the licensing terms, but if you own a vb3 license doesn't that allow you to download the latest vb3 version?

No it does not. The VB3 license "expired" after a certain time, and if you did not pay the upgrade fee you are stuck with the latest 3.x version released on the day of expiration.

VB had a $50 upgrade promotion to upgrade all 3.x users to the latest 3.x version but as announced it was a limited time thing, they stopped it after a few months.

Today the only way to upgrade to 3.8,7 is to buy a 4.x forum license.

Also while your 3.6 forum MAY be being exploited (vb.org is 3.6) the vast majority of people who have spammers getting through the spam question is because of human spammers. They are paid minimal wages but all they need to do is sign up for forums all day and enter that data into a spam database that bots come in and post with later.

No it does not. The VB3 license "expired" after a certain time, and if you did not pay the upgrade fee you are stuck with the latest 3.x version released on the day of expiration.

My mistake - thanks for clearing that up.

vBulletin has issues, period!

I'm sorry that you think vBulletin 3.6.9 has an exploit that allows spambots to bypass the registration problem and become a part of your member base in doing so.

But in reality, what's happening is you either have a simple question spambots have no problem getting answered or humans paid to spam in some sweatshop doing so.

Increase the difficulty of your Q&A or employ some other anti-spam protection.

Yes, the forum is running the outdated version 3.6.9, but I'm not in a position to pay the upgrade hijack fee.

yeap... vBulletin has issues... and it looks like yours are way bigger and you can't face them so you put the fault on someone else... very funny. kid

the guys who registers and overpass the securities are paid kids who registers as humain, and post spam... there are more and more on the market, and it's not related to vBulletin.. go to http://community.invisionpower.com/ and you will see the same pattern... http://phpbb.com is the same.

bots are one thing... spammers are another topic.

and oh, yeah, i remember... bored members start spamming their boring forums as well...

I still dont know why the question and answer system doesn't stop spam registrations. Im getting 50 per day and they cant be getting the question right. I have the question as a statement to send me an email via the contact us form at the bottom of the page and tell me how you found the board. I never get any emails and I still get 50 spam registrations per day even though they are not answering the question. Im running 3.8.7.

Have you tried changing the answer and seeing if that makes any difference? Have you looked at your web server logs to see if it looks like they are actually accessing register.php?

Do you regularly change the answer? If one human got it they probably posted the answer to a spam database somewhere.

Have you tried changing the answer and seeing if that makes any difference? Have you looked at your web server logs to see if it looks like they are actually accessing register.php?



Changing the answer wont help. The "answer" is a random phrase that cant be guessed. I had registration off and within a minute of turning it back on I had spam registrations. Without the correct phrase that they would get by email my the registration shouldnt even process. But it does. Thats why im just going to change the registration closed phrase so they have to contact me if they want to join. The current system is a joke.

Changing the answer wont help. The "answer" is a random phrase that cant be guessed. I had registration off and within a minute of turning it back on I had spam registrations. Without the correct phrase that they would get by email my the registration shouldnt even process. But it does. Thats why im just going to change the registration closed phrase so they have to contact me if they want to join. The current system is a joke.

I was thinking that someone might have shared your answer with other spammers , and you could test that if you change it and registrations stop.

So you disabled registrations and they actually stop? Then they are going through the normal process. If you know even a little php you could make the registration script log the info its receiving and you could check to see if the answer is being provided or not. Again, not many sites are having your problem so there has to be some answer

I don't understand...

You make a Q&A and get spambots signing up... You disable registrations... They stop. How exactly is it vBulletin's fault that your Q&A is so simple that spambots can sign up no problem?

Use reCAPTCHA or something. Stop blaming others for your own faults.

I don't understand...

You make a Q&A and get spambots signing up... You disable registrations... They stop. How exactly is it vBulletin's fault that your Q&A is so simple that spambots can sign up no problem?

Use reCAPTCHA or something. Stop blaming others for your own faults.

Q&A works far better than ReCaptcha, and he already said the answer is impossible without emailing him.

The weak link in the chain is only 1 human spammer needs to email him and get the answer 1 time- then they can re-use the same answer forever if it is never changed making it worthless.

Paranoia at its finest. Seen it many times.
I went to your site, you have all forums closed from public view & what people to click the contact me button and send you the user name they are going to use as well as an email address to have you create an account for them... good luck with that....I can't see the contact me button get pushed that often regarding registration. Just my 2 cents.
Sheltering your site will close your site.

What I am seeing in the thread is a pointing game & you are not willing to listen to anything the previous posters have written and want to blame vbulletin.... I would suggest to you to submit a ticket on vbulletin.com if you really think this is the issue....I can't see the ticket going very far.
Appreciate what the members here are advising you to do, they speak from experience.
We have all been there.

I get little( 1 a month) to no spammers at all on any vb site I have or any that I may manage. The tools and advise are here for you to use, free of charge.....

Good Luck to you.

I've had my site now for a little over 3.5 years and i have a total of 108 spammers, they were all human as i use Q&A, my questions change every 6 months, i use vb3.8.7 (always upgraded but will never upgrade to the beta they call vb4), i do have bad behaviour installed and vbstop forum spam, but both are just set in logging mode they do nothing to the user, so i guess with that plain old Q&A that vb supplied i've had on average 30 human spammers a year, not bad eh?

I know you dont want to believe it but one of your signed up members is either a spammer or given the secret answer to a spammer, if you dont want to use Q&A why not install a picture Q&A, you know how it goes "click on the cat" and you have to click the correct pic, if you right click the pic and check the properties they're named something like 1zY5xoo234.jpg so no clues for the automated bot, only humans can get past that.

At the end of the day you will NEVER stop human spammers, thats the joys of being a forum owner.

Q&A works far better than ReCaptcha, and he already said the answer is impossible without emailing him.

The weak link in the chain is only 1 human spammer needs to email him and get the answer 1 time- then they can re-use the same answer forever if it is never changed making it worthless.

So how exactly does that make it better than ReCaptcha?

From feedback from webmasters and my own use it for well over a year now it has been apparent ReCaptcha has been exploited in some way-

https://www.vbulletin.com/forum/showthread.php/370694-Increased-Spamming-Attempts-and-Ways-to-Combat-It?

My theory is the bots are copying the image and displaying it on file-sharing websites where thousands of people eagerly type in the answers every minute of the day.

That's one guess.

I've also seen a video showing that the vast majority of the time you really only need to type in the "easy" half of ReCaptcha for it to go through- in which case basic OCR can be enough, when coupled with multiple tries..

Ok let me try to make this more clear for those of you that dont seem to understand and think its my fault. I had the question and answer system in place and all was fine. All of a sudden spam registrations went through the roof. So I changed my questions. That did not help. So I figured they were human spammer answering the questions. So I changed the "answer" to the question to something that cant be guessed. There is no "answer". You have to email me personally from the contact uslink at the bottom of the main page and ask for the answer. Registrations were still going through even though I hadnt been contacted by anyone for the pass phrase that is necessary to complete registration. At least I thought it would be necessary to complete registration. And just so none of you say I gave out the answer one time and forgot I just changed the answer just now. Its a nonsense phrase that could never be guessed. I changed the answer and turned registration back on at 3:19 EST. Im going to the store and im betting when I get back I will have new spam registrations that should be impossible.

OK its now 6:39 and I just got home. I have 3 new registrations. Now tell me how can I have 3 new registrations when I have a question and answer system in place and the "answer" is not know to anyone. I havent given it to anyone, I just got home. So whats wrong with the question and answer system???

_________________________________

There is a new user, guccibags at HO.net

To view their profile, go here:

http://www.hangin-out.net/member.php?u=1041

Email Address : arnobeck369@gmail.com

_______________________

There is a new user, charleslsq at HO.net

To view their profile, go here:

http://www.hangin-out.net/member.php?u=1040

Email Address : ertfdgrkuuuu@gmail.com


____________________

There is a new user, Zonia LemmeDDFC at HO.net

To view their profile, go here:

http://www.hangin-out.net/member.php?u=1042

The good old days when the spammers were stopped with a simple captcha or a q&a challenge are over. Spammers have become more sophisticated not to mention the human spammers who will bypass any kind of restrictions. As mentioned above, there is no way of stopping them.

I just registered on your site and there was no question. You did actually try it yourself didn't you?

ETA: BTW, sorry for any inconvenience - you can delete the user I created.

You seem to only have one question, did you fill in the regex part of the question instead of adding answers?

Do you understand how the Q&A system works?

You're supposed to have 5-100 questions, with at least one valid answer.

Each time a user tries to register they get 1 of those questions randomly.

If you have one question, and one answer. Once someone FINDS the answer, or if your Question is bad because you don't have a valid answer or you have an invalid regex setting, you have NO SECURITY AT ALL.

I use Q&A and timers. If the registration is under 5 seconds, then I ban the user and ip.

The best protection is Q&A and have at least 10 questions.

Well the Q&A seems to be enabled now.

spammers are registering users without the Question and Answer option.

They are registering users directly in the database.

This is a issue that vbulletin knows already.

They need to release a fix to stop this issue.

We are using this version: vBulletin 3.8.7 Patch Level 3

Hogwash.
Spammers don't have direct access to your database.

spammers are registering users without the Question and Answer option.

They are registering users directly in the database.


This is a issue that vbulletin knows already.


They need to release a fix to stop this issue.


We are using this version: vBulletin 3.8.7 Patch Level 3

Never seen this happen. If someone is directly accessing your database you've been hacked.

I still dont know why the question and answer system doesn't stop spam registrations. Im getting 50 per day and they cant be getting the question right. I have the question as a statement to send me an email via the contact us form at the bottom of the page and tell me how you found the board. I never get any emails and I still get 50 spam registrations per day even though they are not answering the question. Im running 3.8.7.Install this simple fix and end all autospam registrations altogether:

Bot Blocker (https://vborg.vbsupport.ru/showthread.php?t=289464)

I haven't had a successful spambot register since install, it has stopped over 5,000 and counting.

I heard that the latest version of a popular auto-spamming software gets around the Q&A by something called "averaging" but I don't understand it. I don't use any of the native vBulletin human verification options anymore, the hack I linked you to above makes them all superfluous.

So, once the people who make bots figure out they need to add a delay, then your defenses are broken. You shouldn't rely on any one single system.

So, once the people who make bots figure out they need to add a delay, then your defenses are broken. You shouldn't rely on any one single system.Of course you're right about the bolded. As for the other? The whole point of bots is SPEED. It'll never happen. Plus, there's not a "got'cha" message telling them how or why the registration attempt failed.

I guess I am one of the lucky ones that doesn't get spammers on my site. I only use reCaptcha and I have not had any spam on my forums in over 5 months.

I do however have a long list of IP ranges that I have looked at and verified as possible spammer's IPs. I can share that list which is added in your htaccess file to deny anyone from that range of known IP ranges access to your site.

You have to be careful though that you are not deny access to good people who are not spammers by adding a range of IPs instead of just the one IP. In my case I know who will be visiting my site and from what country.

The countries that are know for spammers are places like russia, hungary, poland, austria, czech republic and other small countries in that area. Since I know I will rarely get actual members from those areas/countries I have blocked most of those IP ranges.

I have used reCaptcha for a long time and never have had problems with it. I used it on my wordpress and joomla sites as well and it has worked out great.

Like Zachery said on his post, "You shouldn't rely on any one single system", I use reCaptcha and of course IP bans as well.

Here is the advice I give out when people contact support about too much spam-

We have determined the most effective "Human Verification" currently built into vBulletin is "Question and Answer" verification.

To enable this go to your Admin CP -> Settings -> Human Verification Manager. (In VB 3.x it is Admin CP -> vBulletin Options -> Human Verification Manager)

Click on this link.

On the new page choose the option for "Question & Answer Verification."

If this is the first time you are using it you will need to add one or more questions and answers. To add your first question click on the "Add New Question" near the bottom center of the page.

On the next page enter a question. Do not make this a math question (what is 2+2?)- Math questions are absolutely worthless. If your forum is about a specific topic try to make the question something someone interested in your niche would likely know. If not still make a question that requires a human to answer- creativity helps here.

An example question would be: If there are three people in a room how many total toes are likely in the room?

Leave the box for "Regular Expression" blank. Use it only if you understand Regular Expressions.

Hit "Save"

On the next page there will now be a button "Add New Answer" - Press It.

The next page is one simple box marked "Answer." Enter the answer to the question. Questions can have multiple correct answers.

Answers are NOT case sensitive so if you put "thirty" in as an answer both "Thirty" and "THIRTY" will also work.

Enter "thirty" as the answer (without quotes.)

Save.

Now you will be back on the page where you can press the "Add New Answer" again, press it.

This time add the answer: 30
And hit "Save" again.

If your forum is multi-lingual you may want to continue adding answers to cover the word "thirty" in different languages.

When you believe you have set every possible correct answer you can click on the Admin CP Menu to go back to "Human Verification Manager" and repeat the process to add additional questions.

The more questions you have the better you will be- five is a good minimum, 10 or more is better.

We have found forums that implement good Q&A questions stop nearly all "bot" spam. (We have documented drops of a 90% reduction in registrations, all of which were spammers.) There will always be spam created by humans though who cannot be blocked by easy questions. If you feel you still have too much spam to handle please check out various "anti-spam" mods available on vBulletin.org:

VB 4.x Anti-Spam Mods:
https://vborg.vbsupport.ru/forumdisplay.php?f=245&page=1&pp=25&threadprefix=Anti-Spam+Options&sort=lastpost&order=desc&daysprune=-1

VB 3.8 Anti-Spam Mods:
https://vborg.vbsupport.ru/forumdisplay.php?f=235&page=1&pp=25&threadprefix=Anti-Spam+Options&sort=lastpost&order=desc&daysprune=-1

Please note like all vBulletin modifications we do not provide official support for 3rd party mods, you will need to ask for help in the threads of the mod in question if you need help installing, configuring, or using the mod.

Overall the best defense against spam is to have an active and vigilant moderator staff able to find and delete spam quickly. Educate forum users on how to use the "Report Post" button to report spam. Do not let the forum run without a moderator or administrator making regular visits to keep an eye on things.

I guess I am one of the lucky ones that doesn't get spammers on my site. I only use reCaptcha and I have not had any spam on my forums in over 5 months.

I do however have a long list of IP ranges that I have looked at and verified as possible spammer's IPs. I can share that list which is added in your htaccess file to deny anyone from that range of known IP ranges access to your site.

You have to be careful though that you are not deny access to good people who are not spammers by adding a range of IPs instead of just the one IP. In my case I know who will be visiting my site and from what country.

The countries that are know for spammers are places like russia, hungary, poland, austria, czech republic and other small countries in that area. Since I know I will rarely get actual members from those areas/countries I have blocked most of those IP ranges.

I have used reCaptcha for a long time and never have had problems with it. I used it on my wordpress and joomla sites as well and it has worked out great.

Like Zachery said on his post, "You shouldn't rely on any one single system", I use reCaptcha and of course IP bans as well.The Captcha and the Q&A annoy humans. Plus, the "designer" spam bot programs are now defeating those. That's why I have tried to get away from using them.

I use the "Ban Spiders by User Agent" to exclude MSIE 0-7, this takes out ALOT of bots. It's one of the handiest Mods ever. In addition, I use the Mod I linked above, because it emails me with details on the bots, so I can send them to Project Honey Pot, thus helping others stop spam.

I have NO Moderator staff, don't need any. Eliminate the bots, eliminate most all spam and also, most all need for moderators.

@ Max Taxable

I could care less if Captcha and Q&A annoys "humans", if they really want to join my forums they have to go through the process.

Even with Captcha on, I am still getting people to register, just this month alone I have 88 new registered members and none of them are spam accounts, last month I had 70+.

You choose not to have moderators and that is fine, everyone's sites and forums are different and serve different purposes.

I happen to know a spammer and from him telling me how they find sites to spam is pretty impressive. They have figured out a way to scan sites for any kind of script that slows down and tries to deny registration to bots and humans. They don't always do it just to spam, they do it to show people that no matter what they can still get through your registration process regardless of what anti-spam system you have.

So in other words, the more "you" try to stop them the more they are going to mess with you, especially if you have a pretty active site or forums.

I don't want to be getting emails with details about bots and besides I have blocked and every day I add new IPs and ranges to block most bots. Getting emails every day about bots is just not something everyone wants to deal with. If you do that is fine, it annoys me.;)

@ Max Taxable

I could care less if Captcha and Q&A annoys "humans", if they really want to join my forums they have to go through the process.

Even with Captcha on, I am still getting people to register, just this month alone I have 88 new registered members and none of them are spam accounts, last month I had 70+.

You choose not to have moderators and that is fine, everyone's sites and forums are different and serve different purposes.

I happen to know a spammer and from him telling me how they find sites to spam is pretty impressive. They have figured out a way to scan sites for any kind of script that slows down and tries to deny registration to bots and humans. They don't always do it just to spam, they do it to show people that no matter what they can still get through your registration process regardless of what anti-spam system you have.

So in other words, the more "you" try to stop them the more they are going to mess with you, especially if you have a pretty active site or forums.

I don't want to be getting emails with details about bots and besides I have blocked and every day I add new IPs and ranges to block most bots. Getting emails every day about bots is just not something everyone wants to deal with. If you do that is fine, it annoys me.;)I was merely describing what I do, not recommending it. I have been a active botnet fighter for 11+ years. I am well aware of their techniques and research. I've also been instrumental in shutting down a couple, one admin of which is sitting in US federal prison.

The scripts I use aren't detectable and don't slow down the registration process at all.

Project Honey Pot data is used by quite a few anti-spam plugins, not the least of which is Spam -o- Matic, for blocking known sources of forum spam. I collect data on spammers and enter that data at PHP. It's just a hobby that might have the side benefit of helping others.

I hate spam.

Lol...well good for you on putting that person behind bars. I hate spam too and have done my share, maybe I put something behind bars too but honestly I have never been told if I have or not.;)

But you did say that "The Captcha and the Q&A annoy humans. Plus, the "designer" spam bot programs are now defeating those. That's why I have tried to get away from using them." which is something I have not had a problem with.

Even your scripts will be defeated at some point and every script is detectable, what makes you think they are not, or the ones you use are not?

Lol...well good for you on putting that person behind bars. I hate spam too and have done my share, maybe I put something behind bars too but honestly I have never been told if I have or not.;)

But you did say that "The Captcha and the Q&A annoy humans. Plus, the "designer" spam bot programs are now defeating those. That's why I have tried to get away from using them." which is something I have not had a problem with.

Even your scripts will be defeated at some point and every script is detectable, what makes you think they are not, or the ones you use are not?By the same token - that is if your board is crawled by google and such, you WILL have the bigger autospam problems others enjoy. The bigger botnets WILL deploy on you, using the latest bot tech that goes right past captcha, Q&A, and the other native human verification tools.

For a script to be looked for, hunted for detection, there must be some clue first, just how the bots are being defeated. Lots of the anti-spam stuff deliver a "got'cha" type message when bots are blocked. That's self defeating. I've been using the time sensitive mod for over a year, it gives no "got'cha" and thus far, after stopping over 5,000 autospam registrations, there's no evidence the botnet admins are even aware of it.

Oh Google is searching the heck out of my site and forums I know that for a fact lol...

So you mean to tell me that there is nothing in that time sensitive mod that they are not aware of? That is pretty hard to believe.

I have never used the time sensitive mod because I honestly haven't had to use it, but others who have spam problems have. I don't want to ask you here why that mod is not detectable in order to prevent giving out clues, but good to know that the mod is a good one. Sometimes when I set up a site with forums for others they end up with big time spam problems and I could probably use that on their sites.

What works for me might not work for others, know what I mean?

Oh Google is searching the heck out of my site and forums I know that for a fact lol...

So you mean to tell me that there is nothing in that time sensitive mod that they are not aware of? That is pretty hard to believe.

I have never used the time sensitive mod because I honestly haven't had to use it, but others who have spam problems have. I don't want to ask you here why that mod is not detectable in order to prevent giving out clues, but good to know that the mod is a good one. Sometimes when I set up a site with forums for others they end up with big time spam problems and I could probably use that on their sites.

What works for me might not work for others, know what I mean?Yep, that's why sharing is indeed, caring! :D

I really have no idea why some boards get slammed with spam and others never seem to. It hasn't really been relative to how popular or busy they are, that I've seen. Like you, I have set boards up for people and they never see any spam, whilst others get spam hammered the first day! There's no rhyme or reason to it.

But definitely, having many torpedoes in the tubes to fight spam is preferred over relying on just one or two.

Just to add, this is Google's IP which is always crawling my site:

66.249.73.175

Baidu is 119.63.192.0 - 119.63.199.255 which I have completely blocked since I am not going to have any members for my video game site coming from China lol...

CHINANET Beijing province network 220.181.0.0 - 220.181.255.255 also one that I have completely blocked

This is one way to block Baidu in htaccess:

RewriteCond %{HTTP_USER_AGENT} Baiduspider
RewriteRule ^.*$ http://127.0.0.1 [R,L]

People just have to know what all this does to. That actually consumes (quite a bit) more processing power than a simple block does, meaning more resources are taken up dealing with Baidu than necessary.

But since blocking Baidu on my site spamming has gone done to almost nothing. I had the last spammer on my forums over 5 months ago. I was also thinking of blocking Googles cuz I honestly don't care if they crawl me or not but it would probably not be a good idea in the long run.

--------------- Added 1351016050 at 1351016050 ---------------

Yep, that's why sharing is indeed, caring! :D

I really have no idea why some boards get slammed with spam and others never seem to. It hasn't really been relative to how popular or busy they are, that I've seen. Like you, I have set boards up for people and they never see any spam, whilst others get spam hammered the first day! There's no rhyme or reason to it.

But definitely, having many torpedoes in the tubes to fight spam is preferred over relying on just one or two.

Yes definitely buddy, I just started fighting spam myself and went through searches and searches to see what worked for "Me", in the end this is what has worked for "Me".

But I do want to gain knowledge on how to help others since I do build sites and forums for others as a "hobby" ;)...

So thanks for that bit of info my Friend.:up:

Just to add, this is Google's IP which is always crawling my site:

66.249.73.175

Baidu is 119.63.192.0 - 119.63.199.255 which I have completely blocked since I am not going to have any members for my video game site coming from China lol...

CHINANET Beijing province network 220.181.0.0 - 220.181.255.255 also one that I have completely blocked

This is one way to block Baidu in htaccess:

RewriteCond %{HTTP_USER_AGENT} Baiduspider
RewriteRule ^.*$ http://127.0.0.1 [R,L]

People just have to know what all this does to. That actually consumes (quite a bit) more processing power than a simple block does, meaning more resources are taken up dealing with Baidu than necessary.

But since blocking Baidu on my site spamming has gone done to almost nothing. I had the last spammer on my forums over 5 months ago. I was also thinking of blocking Googles cuz I honestly don't care if they crawl me or not but it would probably not be a good idea in the long run.I use Simon's "Ban Spiders by User Agent" (https://vborg.vbsupport.ru/showthread.php?t=264932) to block the bad crawlers like Baidu. Here's the list I have populated on that so far:

baiduspider
beta.statsit.com
statsit
SiteIntel
Yandex
GomezAgent
FunWebProducts
Nesotebot
DCPbot
AOL Advertising R&D
DataCha0s
aiHitBot
Apache-HttpClient
Zend_Http_Client
ReverseGet
XXX bot Content
vBSEO
spbot
OffByOne
thyroidbuzz
AcoonBot
coccoc
xpymep
proxyproxy2884
AppEngine
start.exe
Semiocast HTTP client
Firefox/3.6.23
TurnitinBot
curl
SwpLc/1.6
GrepNetstat.com
news bot
AskTbPTV
checks
panopta
App3le
PhantomJS
AlwaysOnline
SISTRIX
proximic
CRAWL-E/0.6.4
WebMoney
Maxthon
HTMLParser
oBot
UnisterBot
ERACrawler

Some of those aren't bots, they are hijackers and toolbars that appear in the user agent string of alot of autospam zombie computers. I also have MSIE 0-7 in this list, there's still tens of millions of those infected and are the most common zombies out there. If a human is using any of those dinosaur browsers, I really don't want them on my site anyway.

Oooooooooooooh nice! hahah....

I am going to check that out Max! That has them all that I can see...BAM! ...

--------------- Added 1351016617 at 1351016617 ---------------

Ah poop! But that one sends out emails and there is no option to turn it off right? That's the one?...

It's also handy since the bots can also spoof their user agent, masking themselves as nonexistent (or even existent) versions of legitimate browsers, such as the "Firefox/3.6.23" listing you see there.

--------------- Added 1351016860 at 1351016860 ---------------

Ah poop! But that one sends out emails and there is no option to turn it off right? That's the one?...No, you can turn them off. Many options in adminCP.

Also, the time sensitive one just updated with ability to turn the emails on/off.

Oooooooooooooh nice! hahah....

I am going to check that out Max! That has them all that I can see...BAM! ...

--------------- Added 1351016617 at 1351016617 ---------------

Ah poop! But that one sends out emails and there is no option to turn it off right? That's the one?...

It only sends emails if you want!, its cool you know, hardly any overheads :)

Max Taxable

Thanks for the solution we have installed it moments ago, I hope that is the end to the spamm registrations because daily we get a lot from Russia and from China.

I will write here about how it works.