[Max Taxable]

Quote:

Originally Posted by mmllc

So Max, let me ask you. What setting within the Admincp would block someone from joining if the answer to your question(s) is incorrect? How is this effectuated because I will abandon the way I am doing it and adopt yours if it really works that well. I swear on everything holy these people are using bots, which in turn use hundreds of proxy ip's that make it all but impossible for me (one human) to block them one by one; you seem to have the right way to do it.

Thanks a bunch.

I must confess I have another tool I am using which really does most of the bot stoppage - I do not allow IE6 and older to view the site. This is because most of the bots are IE6 or older computers that are compromised and are now zombie computers in botnets.

However, in your human verification settings you choose which actions must be verified before they are allowed to proceed. (See Attachment)

Not sure how it is your human verified actions when not passed still allow you to moderate them. That's another setting I suppose. (You probably have "Moderate New Members" set to "yes" in User Registration Options - I do not.)

I also have an extensive list of known bad IP ranges installed in my .htaccess file which are blocked there. They get an error page when they visit. In addition, I have the Proxy Blocking hack installed, (set to allow browsing but not registering by proxy users) I have found these in combination stop most of the human spammers.

There's really not one "magic bullet" for this, it's a combination of bullets in multiple guns you need.

Again, I know for sure I get thousands of spambot registry attempts per month, none ever make it through. Occasionally, once or twice a month, a human spammer does get in. He is very limited on what he can do by a couple of other good hacks such as, advanced permissions based on post count, signature based on post count, etc. BirdOPrey5 has several really good hacks he's released, for limiting the damage a newly registered human spammer can do. (Including keeping them from using the private message system until they reach a preset post count.)

It all depends on how much you want to install in order to block spam.

Here's a short example of what you need in .htaccess to block IP ranges:

HTML Code:

<Limit GET HEAD POST>
order allow,deny
# Country: CHINA
# ISO Code: CN
# Total Networks: 3,414
# Total Subnets:  331,630,848
deny from 1.0.1.0/24
deny from 1.0.2.0/23
deny from 1.0.8.0/21
deny from 1.0.32.0/19
deny from 1.1.0.0/24
deny from 1.1.2.0/23
deny from 1.1.4.0/22
deny from 1.1.8.0/21
deny from 1.1.16.0/20
deny from 1.1.32.0/19
deny from 1.2.0.0/23
deny from 1.2.2.0/24
deny from 1.2.4.0/22
deny from 1.2.8.0/21
deny from 1.2.16.0/20
deny from 1.2.32.0/19
deny from 1.2.64.0/18
deny from 1.3.0.0/16
deny from 1.4.1.0/24
and so on
and so on
and then

allow from all
</Limit>

I have literally millions of IP ranges from known bad sources blocked, this short list is for example only.

I realize I am pretty militant on this, but the results speak volumes. I am committed to a spam free board, with as little effort on my part and on the part of my volunteer moderators as possible. You either are serious about blocking the garbage, or you are not in my view.

Good luck, please keep us posted on what you do and how it works. There's always more to learn out here.