The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
|
|||||||
|
#1
05-15-2008, 07:26 AM
|
|||
|
|||
Stopping Spam Members Joining?
Right I've been running Vbulletin for quite a while now and never had any problems with spam members joining, now all of a sudden I'm getting bombarded with them! I have the settings turned to verify by email for registration.
Any other tips or is tehre a way of stopping them join? 
|
|
#2
05-15-2008, 07:52 AM
|
||||
|
||||
|
Which type of verification are you using? (CAPTCHA, reCAPTCHA, or Q&A)
|
|
#3
05-15-2008, 09:22 AM
|
||||
|
||||
|
My advice is to use the question and answer system, and use custom questions for your forum that cannot be answered with a dictionary. And then, if you still need back up, email validation and/or moderating the first five posts of each user. This is how I personally have never had one spam bot account or post for about six months.
|
|
#4
05-15-2008, 11:11 AM
|
|||
|
|||
|
With the captcha AND the SPAM question MOD installed, I was STILL getting 4 to 5 bogus registration EVERY day. I finally added a script to my registration form that traps the bogus submissions and NUKES them before they can submit the junk. I have a record of the IP address and other stuff they used so my "badguy blacklist" is dynamic and pretty much up to date. In addition to the IP address, I wrote some filters that check for known badguy foot prints which enables me to determine a bogus registration by other means as well. I have added a honeypot to mix too (it takes out a fair number of them including badbots that ignore robots.txt). Since last November I have completely eliminated the daily flow of badguys from my site. Zero, not one! I have collected almost 10000 IP addresses of attempts to illicitly access my site. The email addresses they use are almost always forged from the data I have been able to collect over that time period.
Since upgrading to 3.7.0 I have not yet turned of MY system to see if the vB system does what it is suppose to do and am not sure if I will, given that I have some thing that absolutely works and like they say, "if it works, don't fix it" ... I may do some testing at some point to see if 3.7.0 catches the badguys but I don't have a priority for it now. regards, mikesz
|
|
#6
05-15-2008, 03:12 PM
|
||||
|
||||
|
Quote:
Oh, and if you ever use question and answer, I'd say to make the questions more complex than Maths and less general knowledge. Because as said, bots can solve maths. As can normal computers.
|
|
#7
05-18-2008, 06:44 AM
|
|||
|
|||
|
cheat-master30, you know that is ABSOLUTELY true. I did use simple math because that is what the so-called "experts" were recommending as well. But the Bots are more sophisticated these days and simple math isn't any problem for them as well as captcha displays that have a following of freaks who want nothing better than to break them publicly which is where the bots retrieve the info to use in the exploits. It is ugly for sure. Yes, indeed I do have an "autoban blacklist" that seems to work. I have not advertised, productized or even packaged it ( I have been monitoring my 3.7.0 system to see if it still works correctly, given the CSRF issues) yet as I don't want to have the badguys make ME their pet project but I would be glad to install it for anyone thinks it will help them get rid of the "mischievous monkeys" LOL
Send me a PM if you are interested in the details about it. regards, mikesz
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 06:08 PM.