Spam out of control: Q&A ineffective
 

You would think security Q & A would slow it down, but with the vB Q&A and a NoSpam! Q&A together, we still get 12~15 spammers a day who make it through the reg process. That's with StopForumSpam too.

If bots cannot solve Q&A, then there are people out there daily registering? Is that likely?

The vB Q&A goes something like this: What does a ship sail on? With the answers being waves, ocean, sea.

The NoSpam! question is more difficult:

Come on, no one can answer that question without spending 30 seconds googling, you mean to tell me there are Philippinos in a warehouse somewhere actually going to that much effort to spam our forums? :confused:

Any suggestions would be greatly appreciated.

Have you tried registering at your own forum and seeing if you can either just click through any of the questions or enter rubbish and still get through?

also make sure the solution is not mentioned within the page or the question, like our last question/answer was:

Which color does a red firetruck have?

Apparently, some bots were intelligent enough to try words which are bold and/or other words from the page. So we changed it to something not as obvious but still doable by humans and had no bot registration since, with 10+ registrations from bots with the old Q/A

That is exactly what is happening. People underestimate the number of human spammers out there.

You know that persistent mobile phone spammers here on vb.org ... they are all human spammers.

Here is what I do.

https://www.vbulletin.com/forum/show...-on-your-forum

Of course, and it does not allow registration when trying rubbish or variations of the proper answer (ex: "Tiranta" instead of "Tirante"). Good suggestion, though.

Yeah, it must be human, or there's something really wrong with the Q&A sceme. I worry that, because the answer of the Q&A is in the vB options, there's some way that a bot can find the answer and supply it to the Q&A. Has anyone checked that? Like I said, wow, it's hard to believe humans are googling an obscure WWII submarine question to sign up to the forum, when they are deleted within 2 hours every day. :p



Hey Andy, yeah, your post is famous, it's where I began my anti-spam crusade. I used to use the Q&A ideas from it, but I have made it harder, as you can see in my original post. I have created a Custom profile field, I will make it "required during registration", very good idea, thanks.

I was wondering the same thing one day. We get maybe 5-10 spammer registrations a day and I was wondering if they were human. I wrote some code to log questions shown and answers guessed. I only ran it for 1 day, but I found that there were a lot of "aborted" registrations, i.e. started to register but never offered any answer to the question, so I guess that those were bots that couldn't handle q/a. But the ones that did answer didn't do anything like entering a lot of guesses, they normally got it in one (and our questions don't have the answer as part of the question at all). There were also a few wrong answers like you'd expect from a human. In any case, I didn't see any signs of q/a being bypassed or guessed via brute force.

I also wondered about the possiblilty of a human finding the answer and somehow recording it for bots to use, but I find that changing the questions makes no difference to the number of registrations we get, and one time we got a few registartions right after I changed them.

Yeah, I think you're right, there must be a network where a human spammer is assigned to answer the Q&A, and then can set up bots to go from there. I need to add about 200 Q&A, that may help.

I will copy the message I have at vb.com, I am working on a spam tool with Eric, to help admins and moderators detect spam in new members who actually get past the registration but have not made a spam post that members will see and report. Generally, there are a lot of spammers who never post, but have spam in their sigs, or homepages. Eric based it off his new members mod, and I'm sure half of the people here can tweak that to achieve the same results as my Spam Check mod. I would rather reward him for helping me, and when it is finished, let him release it as a new mod (my contribution to the Global War on Spam ;)).

It's just a variation of the New Members mod, but it lists the user signature (if they have one) and homepage (if they have one) on the member roster, making it super easy to detect spammers with spam sigs or homepages. There is also an option for moderators to "Infract" them into a spammer usergroup, allowing you to Move/Prune them off the db.

I have asked him to add the custom user profile to it, that should be all it takes to easily detect and prune spammers at will.

Take a look at Zb Block - Stop Spam & 'bots @ Server Not only does it keep a lot of spam bots out of your hair, I was amazed at how much bandwidth we wasted each month on such.

EDIT: Fixed above LINK, extra http:// in there for some reason?

Internet Explorer cannot display the webpage :confused: