prevent spam

Topic: prevent spam (Read 2233 times) previous topic - next topic

0 Members and 1 Guest are viewing this topic.

prevent spam

December 17, 2016, 01:46:27 am

Hi,

New elkarte user here ... wondering what y'all do to prevent spam on your forums.

Getting ready to set mine up and would like to nip this in the bud right away

thanks in advance, I look forward to using elkarte

Re: prevent spam

Reply #1 – December 17, 2016, 08:27:14 am

i just use the default one in elk and it works great. i can count with my fingers all bot spammer that succeeded to register and spam my forum.

the annoying one are the human spammer.

Re: prevent spam

Reply #2 – December 17, 2016, 08:59:39 am

Hi and welcome to ElkArte

0) Don't run a forum

just kidding, spam is inevitable but there are lots of things you can do to make it really tough on the spammers and the spam bots.

1) When you signed up here, you encountered one of the easiest and often most effective spam solutions. It is the question and answer during the registration,

I think there are a couple of question we use here. One is "We use github to host our repo. Where is ElkArte's repo hosted?:" the question has the answer to make it easy for users to register. Just make one up that pertains to your site. This is effective as most (not all) but most spam is done with bots, and bots need an easy way to register, so unless they are specifically targeting your site, they will not have the simple answer for that form.

2) Moderate all first posts from users. You can easily set up the site such that new users with no posts, must have their first post approved by the moderation team. They are not many spammers that will make a legit first post only to then spam.

3) Enable bad behavior (it is built in) and sign up for a key from the http:BL service provided by Project Honey Pot. Bad Behavior ensures web requests are well formed, and the http:BL (black list) service is a good list of IP's that need to be temporarily blocked.

4) Don't allow guest posting

5) If you use captcha also enable the empty field verification. Captcha's are unfortunately very easy for bots to fill in so the extra field is a hidden field that only a bot would see and fill in since thats what they do. Really captchas are just a bad user experience that IMO you should avoid, but its there if needed.

6) There are some other built in anti bot things including a time gate which prevents filling in the reg form to fast and to often, that slows bots down and makes the site less tasty.

7) There is a anti disposable email addon, this help stop users from signing up with one time emails, generally an indication they are up to no good vs just paranoid.

So there is a start, I'm sure folks will have some other suggestions as well.

Re: prevent spam

Reply #3 – December 17, 2016, 10:20:25 am

This is an idea that I want to try to implement, block registration if not from whitelisted country. If the forum theme is very specific and using local language there is very small possibility that a valid user register from another country.

Re: prevent spam

Reply #4 – December 17, 2016, 02:20:27 pm

That is also quite effective.

There are server modules (geoip) for Nginx for sure and I believe Apache. Those use max mind geoip files (free) that you must update monthly due to the way IP's move about.

Anyway the module + files will use the IP to id the country of origin, and you can easily only pass certain county codes. I've done this on Nginx and it was quite easy.

Re: prevent spam

Reply #5 – December 17, 2016, 03:38:33 pm

Will this still work with IPv6?

Re: prevent spam

Reply #6 – December 17, 2016, 04:28:34 pm

I am using what Spuds suggested on points 1) 3) 4) 5) and I banned the most common domains with disposable emails. There is almost a year since I am not getting a spammer. The badbehavior addon included into elkarte works very well and only this is blocking a lot of spammers. Questions and answers will block the bots that passed through badbehaviour, I suggest you to set questions and ansers regarding your forum niche. You can set more than one, I usually set 5 q/a but only use two randomly.

Also don't let your users registering to your forum without confirming their email address.

Re: prevent spam

Reply #7 – December 17, 2016, 05:18:51 pm

Quote from: emanuele – December 17, 2016, 03:38:33 pmWill this still work with IPv6?

It will ... MaxMind does have ipv6 databases available, and at least the Nginx module will work with them. That module will use IPv4 addresses looked up as IPv4-mapped IPv6 address, so both both ipv4 and ipv6 work with the same database.

GeoIp can be a bit flaky if you want city level accuracy, but its generally very accurate for country level decisions, perfect for firewalls.