Thread

Awesome, Michael.  Thank you! =)

We are fighting this as well. All of the human readable/interaction solutions help somewhat but we have found that a group out of India has a staff of people processing spam members on EE sites. Many of which link back to Real firms in the US outsourcing SEO to this company.

We are still at a loss on how to solve this.

We are fighting this as well. All of the human readable/interaction solutions help somewhat but we have found that a group out of India has a staff of people processing spam members on EE sites. Many of which link back to Real firms in the US outsourcing SEO to this company.

We are still at a loss on how to solve this.

I think one has to be careful of trying too hard…that is, trying to trap people before they register as opposed to after.

My newest strategy is to let them register - of course, slowed down somewhat by the changing of the trigger word for the forum registrations.  Then I have two quick online reports I look at…..
1. the first is anyone who posted something in the bio or url section - I delete the offenders immediately.
2. the second has a list of ALL registrations in descending date order…..this offers me a quick look, and lookups, to check their IP and location (I have location as a field in the registration) against their claim AND to check them against the Stopforumspam.com database.

That is a nice db, BTW - it has caught a lot of the folks who I suspect.

I immediately delete any who are in India, China, Vietnam, etc. because that does not fit my forum profile - I immediately delete any who are in the stopforumspam db.

The entire process above takes less than 2-3 minutes per day, which is less than any other method I have used. This is for a forum with 20,000 members, so it is not too bad.

Also, as previously mentioned, removing the “Powered by ExpressionEngine” footprint from your profile themes goes a long way. I believe the files to edit are copyright.html and html_footer.html in the default profile theme.

also if you are using a Forum module consider:
http://ellislab.com/forums/viewthread/140259/
http://ellislab.com/forums/viewthread/85807/

The effectiveness of changing the member trigger word continues to decline as the spammers get either smarter or more numerous. I’ve hit upon another technique which is working for me and will work for some other community sites.

I’ve added a new required field to the registration page: “What community do you live in?” Anyone who lives in the (geographical) community I serve can answer this question easily, but it stops spammers cold.  I’ve noticed a drop-off in the number of registration spammers and the ones who go ahead and answer the question have been answering with obviously wrong answers.

Like I said, this won’t work for most sites, but it might work for yours.

I’ve been thinking about blocking IP addresses when we receive multiple registrants from the same IP. After the member status they’ll go to an ‘isolation’ status for manual approvement. When even more registrants come in, the IP address is blocked.

On the website itself, we actually need a module that comments by newbees are always moderated. Once they appear to be a comment spammers, the comments are deleted, their account is banner and their IP address is blacklisted (and shared with the community, like the Low NoSpam module).

Erwin

Absolutely.  I’ve blacklisted a ton of Asian and RIPE IP addresses which have been spamming me. I also moderate all new user comments. I change my member trigger word as soon as I get more than one spam on any day.  And I use Member Utilities—http://devot-ee.com/add-ons/member-utilities/—to isolate bad registrations daily.

And still they come.

EE’s membership system is in serious need of an overhaul.

...

EE’s membership system is in serious need of an overhaul.

That it is… 😊
To be honest, user registration is no longer automated but rather paid for as a cheap labor of ‘SEO Consultants’.

To be honest, user registration is no longer automated but rather paid for as a cheap labor of ‘SEO Consultants’

Agreed. I’ve been able to keep the bots and Asian boiler rooms from registering on my site. So, mostly I’m dealing with US-based small time SEO weasels. But this means more manual culling of memberships, and that’s why the tools need to be improved.

http://expressionengine.com/legacy_docs/changelog.html#v170

“Altered member profile fields to disallow HTML.”

Stumbled on this, but this helps.

More please.

Hey folks. Greg Salt released a freebie for EE 2.x called Barricade.

An extension for EE 2.x that checks member registrations against the stopforumspam.com database. If a check is positive then that member is immediately moved into the banned group.

Nifty. =)

It would be great if:
1. He could do it for the 1.7 version
2. It would also REPORT people through the Stop Forum Spam API….although not automatically…....but when you delete, you could delete with prejudice.

That way, we all become part of the solution!

FYI, I checked out some basic stats on the number of my forum registrations which are both SPAM and also in the STOP FORUM SPAM db.

It is probably about 10%. Maybe lower.

I am posting this as another piece of the puzzle - what is really needed is a mod (plug-in, template, etc.) which both checks and reports to Stop Forum Spam, because it appears many spammer tend to visit the same CMSs…that is, if some EE members start reporting into SFS, the other would benefit.

It is certainly too slow to enter the spammers by hand.

Maybe Greg or the EE crew or someone else will have some spare time on their hands. I could hack such a template together, but it would not be pretty!
:lol:

What is EllisLab doing to help?

We hate spammers, and are keenly aware of the ongoing battle with registration spammers.  Being a popular ExpressionEngine-based site ourselves, we are affected by them as well.  As spammers continue to change their tactics, so will ExpressionEngine, empowering you with more effective ways to combat this new breed of spammer.  Rest assured that we do take this seriously and understand the ongoing need to strengthen anti-spam controls.

Any news on what EL is doing?

Cheers
Lee

Well one recent example of something that we’ve done was in 2.1.1:

Altered member profile fields to disallow HTML.

And we’ll continue to see what improvements can be made to help alleviate this issue.