Thread

Nice, missed the one.

Lisa, could you comment on the idea of a small extension (EE, not 3rd) to report to Stop Forum Spam?

Realistically, one of the better ways to stop forum spam is by pooling experience - and this seems like an easy way. As we know from looking at the spammers instructions (which they give away and sell), they tend to target MANY sites which use the same software, in this case EE. 

This seems like a really easy add-on…...even for the 1.x series!

If EE doesn’t do it, I’m likely to roll my own, but not being a real coder mine would not be good enough for anyone else to use….....

——-for those who don’t know, Stop Forum Spam is a website at:
http://www.stopforumspam.com/
which allows both the checking and the entry of emails, ip and usernames via their simple API.

It’s a great concept, but I think many more people take from it than give…...and every spammer that I delete and do not report is really a missed opportunity for others…...

Oh, and I don’t move SFS “hits” to banned - I just delete them instantly….never had a complaint yet. When it comes to spammers, it’s often just as well to shoot first and ask questions later - IMHO, anyway.

Lisa, could you comment on the idea of a small extension (EE, not 3rd) to report to Stop Forum Spam?

 

Comment in what way?  What kind of information are you looking for?  Here are the docs on the forum extension hooks.

Oh, I was wondering whether EE had this on the list to build into the actual software itself…....

I’m not sure it is limited to forums - rather it applies to any site which allows member signup (I assume)......

Anyhow, I just threw together a quick link using their API and tested it…so I can report easily now…...it’s a simple link, although it would be more elegant if someone who knew what they were doing hooked it in…...

Mine is simply:

<a href= "http://www.stopforumspam.com/add.php?username={screen_name}&ip;_addr={ip_address}&email;= {email}&api_key=theAPInumber">Add To Spam DB at SFS</a>

...and is located on a template which lists all the signups along with their bios and urls, etc…...so I can immediately chose to report them and then delete them - or look up their IP, etc…....it will work for me!

Oh, I was wondering whether EE had this on the list to build into the actual software itself…....

Not at the moment, Craig.  A third-party add-on would be a great idea though!

The problem is, talking about solutions in public might actually help spammers punch thru, but here goes… On our previous (in house) cms we use a combination of the following checks to reduce spam on contact forms, from tens a day to just a few.

Check referrer
Easy to manipulate, however sloppy spammers forge their own forms locally, and submit to your domain with the wrong referrer. Additionally, you could have pages for /member/register or /contact/form for easy user access, but redirect (302) real visitors to the real registration forms on a different url for tighter referrer control.

Submit DGHSRE5T67
Rename one of the required form fields, like the submit button itself, to substr(md5($_SERVER[‘REMOTE_ADDR’]),3,10).$salt.
After POST check if this REMOTE_ADDR field is isset/empty and discard. If you’re comfortable with requiring javascript on your site, you could also add some stuff onSubmit. Spammers don’t like cookies and sessions…

Strings attached
if ( @substr_count($msg, ‘http://’) > 4 ) To many links, bye, bye.

About a month ago, I added a required “community” field to my registration form. This works for me because my site serves a well-defined geographical area.

This dramatically cut the number of spam registrations and made the few remaining ones easy to spot.

I know that Ellis Lab has a lot on its plate right now, but I need to reiterate my insistence that they improve their member management system. It used to the be the best in the business. But now it’s showing its age and it’s only through a creaky layer of add-ons that I’m holding on against a flood of registration spammers. As user identity becomes more important for editorial, community, revenue, and security reasons, EE is falling further behind.

Just deleted 1500 spam members from a client’s forum.

I’d love the ability to deny users based on the domain name they use for email…

Anna

I’d love the ability to deny users based on the domain name they use for email…

Members > User Banning

Under “Banned Email Addresses” use something like *@gmail.com

Sweet. Never knew that was possible.

I also just change the URL for the forum.

That’ll keep them away for a little bit.

FYI… I send banned folks here:
http://www.webhamster.com/

Anna

About a month ago, I added a required “community” field to my registration form. This works for me because my site serves a well-defined geographical area.

My site is similar - users have to specify a location - which helps.
It’s pretty easy to spot those who attempt to fool it…..they may put LA or NYC or something folks in Thailand have heard of, but not likely where people buy woodstoves (my site content).....

My kludge system now works pretty dang good…...it takes about 3-5 minutes a day, which for me, considering pretty heavy traffic, is not too long.

My combo now includes the member utilities so that I get notified when bios or urls, plus a template which allows me to see all recent registrations and check IP, Stop Forum Spam, bios, URLS….all in one list.

Of course, these really the first lines of defense. We happen to have a great community and if an actual forum spammer (as opposed to simple registration info backlinks) posts on our forum, he or she will be found and reported almost instantly….lots of eyes looking out for the integrity of the place.

Without those eyes, I think it would quickly degrade…..

There will never be a final battle or victory against spammers and abusers, but the key is staying ahead of them and making them move on to easier targets.

Please note that changing the profile member trigger word causes a bug in the member profile templates. The member trigger word is NOT updated in these templates, causing error links.

I solved it by hacking the file profile_theme.php in line 190-199 (breadcrumb function), replace all “member/” instances by the new member trigger word.

Thanks for many good suggestions, I will try it.

As the popularity of community sites grows, registration spam increases across all platforms that have public member profile pages, including default installations of ExpressionEngine.  Spam is an icky, dirty marketing practice that seemingly will never go out of style and will never be completely thwarted.

Many of you are experienced with using ExpressionEngine’s tools to combat comment and forum spam, but I wanted to share with the community some ways to combat registration spam.

Onwards . . .

Hi!
A year has gone since this the post Fighting Registration Spam was published. I am curious on if the best practices of fighting registration spam today are the same as they were a year ago.

/David

Much the same for me. Extensive tweaks (no core hacks) for each install and I am spam free, relatively speaking with a forum and comments. Some things do remove liberty (no URL field in comments, no links in comment body, bbcode parsed at at template level) but it’s not caused a problem so far.

Everything I do could and should be part of the default installation and configurable, and it would be interesting to see how many links would be removed from the web or never created in the first place if EL were to take this seriously rather than paying lip service, by pushing out a release with better controls/defaults.

Not to mention the time spent cleaning it up of course. For every minute I don’t spend cleaning up spam, I spend it making my sites better.