Problems with bogus users
 

I recently started having a problem with what I believe are bogus registrations. All of these have unusual email addresses such as deemdod@f4hrs9.com. I have the usual human verification hack but apparently it is not helping in this case. Anyone have any suggestions?

Sounds like spammers. You may find it helpful to block the individual IP's

If they are all from the same IP block then you can block that IP range.
But this may stop any genuine potential members from joining if they are using that IP range.

This puts an end to that stuff permanently, without blocking any IPs..

https://vborg.vbsupport.ru/showthread.php?t=135094

I will try it out. Most of the ip address are from China, a few from Russia and Nigeria. Thanks for the help.

--------------- Added [DATE]1323639985[/DATE] at [TIME]1323639985[/TIME] ---------------

I installed it but I'm still getting quite a few registrations coming through. I've been banning IP addresses also. Maybe I might not have installed it correctly perhaps?

Not all spamming posts are from bots. So blocking IP's can be of use.

Some spammers will post ten times and then post a link. They can usually be spotted as they post inconsequential things like , "good post, I have been looking for posts like this" and "Nice post I will add to my blog" ETC.

On some sites a noob has to post five or ten posts before they can post a link, so some spammers will post ten times and then hit you with a link.

Rapid deletion of their posts is somewhat of a deterrent to them, as their sole reason for existence is to promote their site's, hence the links, so that they can get income from people clicking them.

If you take this away from them their work has been in vain.

There are human spammers but it's a tiny percentage of the spam problem. Most spam is coming from big botnets. Stop the bots, stop most of the spam.

I have NoSpam! installed on a couple of sites and I think it's perfect at preventing bot registration....if you know how to use it. Far to often I see people coming up with verification questions that actually are too easy. Examples would be simple math questions or "type the word "blubber" in this box."

One of the reasons I like NoSpam! over the one built into vB is the ease at adding multiple questions quickly, but also the ease of adding HTML images. I add dozens of images, make sure the answer isn't in the file name, and have the user identify something basic about the image. Like, how many "cubes are in this picture?" [photo of a bunch of shapes], "This is a picture of a what?" [photo of a cat], "Type the last four letters in the word in this picture" [Star Wars logo] and then I put in the multiple correct answers that NoSpam! allows me to add. I stay away from making people identify colors and try to use the same question for multiple pictures, such as the "this is a picture of what?" question. Depending on the niche of your site, you can even get more specific with the questions (there's no reason someone going to my gaming website shouldn't know who Batman is), but if I do those, I do a lot of them and I add more any time I think of them.

On another site I'm using SolveMedia's CAPTCHA (which may not be making me a ton of money, but I do like how you have to play a video to see the verification string) along with requiring the user to enter in a YouTube URL. (I provide a few right there for them to right click and paste) I've only tested this for a couple of days, but I noticed the garbage registrations have come to a stand still where I was using SolveMedia and a not-recently-updated set of NoSpam! questions alone. Will wait to see how this plays out. I do like this Is Bot thing now that I've looked at it more closely, and may add that in as just another layer of defense and a way to see if I can get some reporting on if my registration protection is working.

I use this cut/paste problem with the standard Q&A. The answer is identical to the question, which is a long, convoluted instruction to copy and paste the question into the answer box. Nobody's going to take the time to type it, and there are subtle built-in typing errors that probably wouldn't be noticed if they did. Bots cannot copy/paste, human spammers usually skip out and find a easier target.I get about 80 spambot signup attempts daily, none ever succeed. Very rarely, the occasional human spammer does get through but finds the account created so limiting that it's essentially worthless, since new users cannot even send visitor messages, PMs except to Admins, cannot post images or links in posts, and cannot even use signatures or have access to the "home page" field on the profile. Most just hang it up and leave without even posting.

Many layers of spam protection is best, as you say. But I have found the IsBot mod to be by far the best bot catcher and reporter. I get their email address, IP address, what username they tried to use and I send all of the information to Project Honey Pot, and the IsBot works even if they don't fill out the Q&A field. There's also instructions in the Mod thread, on how to make it automatically ban these IPs and email addresses, for those so inclined. The other nice thing about IsBot, it doesn't give itself away with any kind of "gotcha" message, it just uses the default vBulletin "The Administrator has disabled registration" message. So the botnet administrators don't get the clue what is causing the problems getting their bots registered.

Currently I am also experimenting with hidden fields in the register.php script. These are fields the bots can see and will attempt to fill out, triggering the IsBot script regardless of time, if they do so. Humans won't see these hidden fields and therefore could never attempt to enter any data in them.

As you can see, I hate spam.