We are getting spam from our member login area and they are able to create an account and show up as a member in our forums section. The spam personal information is minimal but able to set up a WWW link that of course links to a porn or prescription drug site.

What is the best practice for setting up a captcha at the member login screen? Is there another option besides captcha that you recommend? Which captcha would you recommend and know works correctly?

Hm, I am not sure that a CAPTCHA for logging in would make much sense.. wouldn’t using one when signing up be sufficient? Once a member spams, you just ban them. Or is that what you meant anyway, ie a CAPTCHA during the signup process?

it looks like we do have a captcha for the registration page. your’re right, it should suffice. How do I verify that it is working the way it should? If we are getting spammed on our forums, any idea on how this could be. What is the process or where is the documentation to delete this user from the forum? Does ‘banning’ mean the same as ‘delete from forum’?

trcpusa, when you set up your site registration, did you allow for persons registering to self activate?

I was not here from the inception and do not have that answer. Where can I go to find out and what needs to be done to change it if that is the case? Thank you in advance.

Go to CP > Admin > Members and Groups > Member Preferences > Require Member Account Activation?
You might want to turn on manual activation.

thank you for your prompt reply

yes, currently it is set to “self activation by email.” If I enable this setting so that account activation is set to manual, how does this work? What is the process I have to go through to ensure our new members are activated in a timely manner?

Will this eliminate our Spam issue in the forums? I see there are 4 points where captcha can be enabled; comment forms, photo gallery forms, tell-a-friend, and the registration form. Currently, we only have the registration form set up and it is using captcha. Through the process of elimination the leak is coming from it, right? And I shouldn’t have to make an mods to the captcha code because it come native with EE.

I think your suggestion, while valid, doesn’t make for a good solution because we want this process of registration automated so that we (the staff) do not have to do what our members could do for themselves. Plus, with the volume of new members we process this could be a time consuming and inefficient process.

any other suggestions?

trcpusa - 07 July 2008 01:49 PM

If I enable this setting so that account activation is set to manual, how does this work? What is the process I have to go through to ensure our new members are activated in a timely manner?

Currently, all a new member needs is a (throwaway) email address, to reply to the challenge EE sends.

Will this eliminate our Spam issue in the forums?

No gurantees. The point is you need to police the forums, and weed out (ban) spamming members. That does takes time and effort, yes, but there is no easy way around it.

I see there are 4 points where captcha can be enabled; comment forms, photo gallery forms, tell-a-friend, and the registration form. Currently, we only have the registration form set up and it is using captcha. Through the process of elimination the leak is coming from it, right?

Well, how many signups are you getting? There is no defense against manually signing up. If you suspect the CAPTCHA of being broken, you might want to try the Advanced CAPTCHA.

I think your suggestion, while valid, doesn’t make for a good solution because we want this process of registration automated so that we (the staff) do not have to do what our members could do for themselves.

Well, if all a spammer needs to do is recreate a different account, self-approved of course, this really might be an issue.

any other suggestions?

Not really. If you have trusted and longstanding members of the community, consider making a few of them moderators to help you police the forums.

Moving to Howto.