Lisa Wess
Lisa Wess
VP of Operations

Fighting Registration Spam

May 10, 2010 Permalink Discuss

As the popularity of community sites grows, registration spam increases across all platforms that have public member profile pages, including default installations of ExpressionEngine.  Spam is an icky, dirty marketing practice that seemingly will never go out of style and will never be completely thwarted.

Many of you are experienced with using ExpressionEngine’s tools to combat comment and forum spam, but I wanted to share with the community some ways to combat registration spam.

First Party Options

There are many first-party options that can hinder spammers or limit their damage.  These are well covered under Spam Protection in our docs.

Specific to Member Registration, Rank Denial makes it so that any user inputted links do not get any “referrer juice”.  If this option is turned on, any user inputted links, when clicked, will look on the target site as though the URL was entered directly into the URL bar in the browser.  That is, no referrer is sent.

The Blacklist also affects all front-end forms, including profile form submissions.  This means that you can ban certain keywords, and users entering those in their bios,  or signatures, or other member fields will fail the form submission.

Changing the Member Profile Trigger Word can hinder spammers that are using automated tools to look for example.com/index.php/member/register.  An obfuscated trigger word can be useful if you don’t run a membership site at all, and such a site would also want to simply disable new member registrations.

Furthermore, you can stop your member list pages being indexed by turning off the Guest Member Group’s ability to view Public Profiles.

For ExpressionEngine 1.x, the Advanced CAPTCHA extension is a great addition.

Third Party Options

There are also third-party options that can effectively slow down spammers.

• Greg Salt’s Member Utilities (EE 1.6.9)

• Brandon Jones’ reCAPTCHA (EE 2.0)

It is also possible to use ExpressionEngine’s member registration hooks to tie into services such as Defensio and Akismet.

What is EllisLab doing to help?

We hate spammers, and are keenly aware of the ongoing battle with registration spammers.  Being a popular ExpressionEngine-based site ourselves, we are affected by them as well.  As spammers continue to change their tactics, so will ExpressionEngine, empowering you with more effective ways to combat this new breed of spammer.  Rest assured that we do take this seriously and understand the ongoing need to strengthen anti-spam controls.