Thread

Recently, our site went a little more public and opened up member registration to the world. It’s been great. We’ve had lots of Toms, Sallys and Janes. But we’ve also see many CIALIS, TRAMADOL and VIAGRA. :( I’ve done some research and there are really no automated options (plugins, modules) to prevent this from happening. But there are some really nice tools built-in to ExpressionEngine, in particular the User Banning feature.

At first, I was merely deleting any new account deemed “spam”. But they would be added back into the system within 10 minutes. So I started assigning them to the Banned group. This helped prevent the duplication process, but other unique spam registrations just keep on coming. I blacklisted a few IP addresses, but they ALL seem unique, so it feels a bit useless. However, the usernames or screen names generally include some reference to a drug. I’d say about 70-80% of the time that is the case. So I looked into using wildcards in the restricted username/screen name list and it appears that it should work for me to create a list of wildcards.

Long story short, I am wondering if there is any sort of “base” list for known IP addresses or usernames or screen names that I could start with. So far I have a few IPs and the following list:

*TRAMADOL*
*CIALIS*
*VIAGARA*
*VIAGRA*

Also, I have banned one domain via email address banning:

*@8nfoblog.cn

I really don’t like banning email domains though, as I’d hate to lock out someone with a genuine interest in our site using the same mail service. Of course, in some cases it’s not going to conflict as it’s obviously a domain set up for the purpose of spam.

Is this process my best bet? I feel like I lose hours a day combating this nonsense and it’s starting to drive me nuts. I hope the wildcards help. Anyone have a more comprehensive list that works for them? Anyone have a more streamlined process?

One idea I had was to have some sort of “Quick Ban” link listed in the email to administrators with each member registration. That way, if we see a username appear that is blatantly spam, we could immediately get the account banned without the need to access the CP. (I like this idea in particular because I can address the issue from my mobile phone on the go.) I realize the solution would have to be tightened against potential security issues, but it’s an idea.

Any feedback on this is greatly appreciated!

David, have you tried using the Blacklist module with the feature of downloading ExpressionEngine.com’s blacklist, and letting it write to your .htaccess file?  That can help with a lot of the pharmaceutical nonsense.  You can also use ip2nation.com to determine the region.  Unless your site is truly international, you can generally bet that it’s safe to ban IPs from heavy-spamming areas.  Sad to say, but the hot pockets right now are west Africa, India, and China.  Depending on your site’s needs, you can ban a range of IPs from the areas you’re getting hit from that are not likely to have legitimate site visitors, and that may help as well.

Derek - I had no idea that the Blacklist module pulled in rules from a central place! That sounds awesome! I’ll get it set up immediately.

As far as international, we really want to be as open as possible with our site. Locking out regions of the world because spammers originate there is really not something we want to do. I’d actually rather combat it and hope for one or two real connections from those areas than to deny all. But that’s just our perspective for our sites and I can totally understand the option working well for others in a different situation.

Thanks so much for your response.

No problem, David.  Definitely that solution is not one that would work for all sites and communities, but I thought I’d throw it out there since it’s been effective for some.

And now my .htaccess file is 31kb. 😊 Fingers crossed.