Deterring Spam Bots

[shreddedbullet]

What is everyone's ways of deterring spam bots? My forum have been really been having a lot of issues with spam bots. I changed my capatcha to a Q and A style verification so I hope that helps, but does anyone have any other tips that can help to deter spambots?

 

[Page]

Do you have it set so that your new members have to get an email verification

 

[Jason76]

Ask them to spell a word backward at registration. It works most of the time!

Ex. What is forum spelled backward?

Do you have it set so that your new members have to get an email verification

It actually isn't needed if you do my method.

 

[shreddedbullet]

Ask them to spell a word backward at registration. It works most of the time!

Ex. What is forum spelled backward?

Do you have it set so that your new members have to get an email verification

It actually isn't needed if you do my method.

I did have another bot register after the change, so I will do these questions that you suggested! 🙂
The questions I had set up were asking what color the sky is, etc.

 

[shreddedbullet]

I'm going to need to ask more complex questions. Spam bots are still getting through.

 

[Azareal]

Cloudflare. The thing is nigh omnipotent.

Also, I'll let you in on a little secret which isn't really a secret.
Spambots know how to use Google.

 

[Bryn]

I have admin approval on mine where all members are screened before they get in. If I see that a spambot tries to get in after having breached the security measures, it will be denied straight away. Besides, I can tell the difference between spambot and human anyway. It can be blatantly obvious.

 

[Page]

that's why I love IPB, they have an built in system for spambots. It will get stopped before they able to click the signup option. I had no spambots at all with IPB.

Feel free to google there blogs for details

 

[Azareal]

I have mod activation rather than admin activation, although in practice, it works out the same way. But, that's just me being paranoid before putting up more of the big gun spam defences.

I never really got why admin activation was a thing, it's nowhere near as scalable as when you let mods pore over the list. And if I recall, XenForo does that thing I do where I force the browser to run JavaScript to eliminate 99.99% of bots, although theirs might be slightly less sophisticated. Dunno about IPB.

Every hour, I generate an 80 character key on the server, this key plus the user's IP Address is hashed with sha256 to form a token which is delivered in the form of JavaScript and they have to present that token to the server to have a hope of a registration going through, not the only measure either.

The idea of using the IP in the token is to stop the bot from being able to reuse it's work for multiple registrations due to additional IP based ratelimits. The idea is to force the bot to use up as much resources possible firing a miniature browser, so that even if they get through, I'll have the last laugh.

 

[Page]

Dunno about IPB.

IPB supports Recaptcha2 by Google, meaning that in most cases your users don't even have to type in random letters. Google automatically determine if the user is human or otherwise, and also supports KeyCaptcha

"IPS Spam Defense service" It's built into the software that links to all IPB sites. That checks key data points against known spammers. And when it detect an new spam, it goes to the unwanted list.

If all that fail (can happen) and one get in as an spammer then "One Click CleanUp" simple as going to profile and click "Mark as Spammer". The user's account will be immediately banned, and all of their content will be removed. It's like they were never there.

There are an total so far 6446152 total spammers that got automatically blocked from IPS Spam Defense to date

 

[Azareal]

IPB supports Recaptcha2 by Google, meaning that in most cases your users don't even have to type in random letters. Google automatically determine if the user is human or otherwise, and also supports KeyCaptcha

"IPS Spam Defense service" It's built into the software that links to all IPB sites. That checks key data points against known spammers. And when it detect an new spam, it goes to the unwanted list.

If all that fail (can happen) and one get in as an spammer then "One Click CleanUp" simple as going to profile and click "Mark as Spammer". The user's account will be immediately banned, and all of their content will be removed. It's like they were never there.

There are an total so far 6446152 total spammers that got automatically blocked from IPS Spam Defense to date

Very interesting. That mark as spammer feature will be great for dealing with the GDPR 😛

I'm not sure how I would feel about sending data off to IPS or any service for that matter, it seems like a bit of a breach of privacy.

 

[Page]

IPB supports Recaptcha2 by Google, meaning that in most cases your users don't even have to type in random letters. Google automatically determine if the user is human or otherwise, and also supports KeyCaptcha

"IPS Spam Defense service" It's built into the software that links to all IPB sites. That checks key data points against known spammers. And when it detect an new spam, it goes to the unwanted list.

If all that fail (can happen) and one get in as an spammer then "One Click CleanUp" simple as going to profile and click "Mark as Spammer". The user's account will be immediately banned, and all of their content will be removed. It's like they were never there.

There are an total so far 6446152 total spammers that got automatically blocked from IPS Spam Defense to date

Very interesting. That mark as spammer feature will be great for dealing with the GDPR 😛

I'm not sure how I would feel about sending data off to IPS or any service for that matter, it seems like a bit of a breach of privacy.

true since it gets sent to there third party site. But keep in mind that it's not a human.

But already dealt with

Spam Defense
The IPS Spam Defense Service passes the email address and IP address of the registering member to the service to determine the likelihood a registering account is a spam source.
Privacy Policy

reCAPTCHA V2
This site uses a CAPTCHA to ensure humans are performing certain actions. The CAPTCHA provider may set a session cookie and get information about your internet browser and device accessing this website.
Privacy Policy

Quote from policy, stating the infor plus the links to the site. Read it might find it interesting

 

[Azareal]

It doesn't matter if they have a privacy policy. It's still a bit of a breach of privacy.
They just happened to write a document saying that they're allowed to do so.

And I don't mean privacy from a legal standpoint either.

 

[Corzhens]

One friend who handles a local forum uses captcha that is a picture puzzle. He said that it is a guard against spamming bots. The problem with bots is that they are automated so even if you block the IP address, it can get another as long as your web address is in its list of target. I guess the email verification is also one good way of screening the registrant if he is human or not.

 

[Azareal]

One friend who handles a local forum uses captcha that is a picture puzzle. He said that it is a guard against spamming bots. The problem with bots is that they are automated so even if you block the IP address, it can get another as long as your web address is in its list of target. I guess the email verification is also one good way of screening the registrant if he is human or not.

B-But, emails are personal information, I'll be violating the poor bot's privacy 😛