Bots, Spammers, fake registrations and SQLitening

Paul Squires · January 14, 2012, 08:32:04 PM

Over the past few days I have received a fake bot/spam registration on the SQLitening forum about every 5 to 10 minutes. It was very frustrating manually verifying each one against the Stop Forum Spam database. I decided to install a couple of SMF mods and so far, so good. Looks like it is handling the problem. Both mods are amazing and very professional. Relatively easy to install especially using SMF's Package Manager.

Here is what I am using:

(1) http:BL (HoneyPot)
http://custom.simplemachines.org/mods/index.php?mod=2155
http://www.snoopyvirtualstudio.com/tutoriales/index.php?estudio=httpBL_2

(2) MOD Stop Spammer
http://custom.simplemachines.org/mods/index.php?mod=1547

Both mods require you to manually register on the HoneyPot and/or Stop Forum Spam database in order to get the proper interface files. Very easy to do and you get the files immediately.

I have even set the Registration settings on the SQLitening site to simply "Email Activation" so I don't have to manually verify every registration.

Jose Roca, not sure if you are reading this post but if you install these two mods on your forum site then maybe you can re-enable registrations again.

I will report back here to let you guys know how effective these mods are against the bot/spam registrations.

Note: We don't have the problem in the FireFly support forums because these forums are hidden behind a sophisticated protection system and away from the prying eyes of bots/spiders.

Paul Squires · January 15, 2012, 11:17:55 PM

I wish I had installed these a long time ago!!!!

In one day the honeypot has caught 59 spambots and the stop forum spam mod has caught 56 spam registrations! It feels so nice being able to relax and not have to be constantly monitoring that site's registrations.

Gary Scott · January 16, 2012, 07:39:23 PM

Thank You for maintaining a clean forum !

José Roca · January 16, 2012, 08:11:11 PM

Paul,

Have you tried the verification options? Do they work?

Brian Chirgwin · January 16, 2012, 08:20:59 PM

Jose,

I tried verification which didn't work. I had to ask questions for sign up. This didn't work until I asked for answers to 3 out of 7 questions, where 3 of them are pricing. This seems to be working, but it may be preventing people from signing up.

I need to try the mod scripts.

Brian Chirgwin
www.egridpro.com

Paul Squires · January 16, 2012, 08:34:12 PM

The verification/CAPCHAs are worthless. I even tried adding a manually answered question like Brian did and that didn't work. These two mods are working very well. Installing them was pretty easy and went smoothly for me. I hope that they continue to function well because I was almost to the point of disabling registration like Jose had to do for his forum.

José Roca · January 16, 2012, 10:57:43 PM

Verification should work with spam bots, but unfortunatly they are also using human spammers. I usually had a dozen of fake registrations daily, but for some reason, one day they targeted my fourm and had more than 3000 in three days, and as many used malformed email addresses, I also had hundreds of email messages from the server saying that the reply that automatically sends the forum software could not be delivered. They did came faster that I was able to delete them, so I had no choice but to disable registation.

My forum was already rejecting registrations from many sites, specially those that provide disposable addresses, but that time were using gmail addresses, whose captcha system had also cracked!

Paul Squires · January 18, 2012, 01:17:13 PM

The spam bots have broken the CAPCHA thing a long time ago. Every time SMF changes or enhances there registration/capcha it is broken a short time later. Over the past year I would get a few registrations every few days for SQLitening. Nothing overly heavy to manage. Last week the site must have been targeted much like yours had been. I was getting a registration notification every 5 to 10 minutes or so! Way to many to manually verify against the Stop Forum Spam database.

The beauty of the above two mods is that they use information from two separate databases and those database are constantly being updated. If your spammer is not in one database then maybe it will be in the other. The mods also allow your site to contribute to adding spammers to the database. The HoneyPot mod is particularly cool because the spider never makes it to the registration screen at all!!! It follows the path until it reaches the honeypot warning web page. The spider can not then pass that page's questions so it's IP address gets automatically tagged and sent to the master honeypot database marked as a spammer. Future attempts by that spider to interact with your site are then automatically rejected.

For those spiders that do get through, whether they use human intervention or not, must still pass the normal registration process. At that point the second mod (Stop Forum Spam) kicks in and checks the registration details against its database of known spammers. I still have the option to manually approve each registration if I wish. If I find out later that the registration was fake (because of a post that was made) then I simply go into that members profile page, click a button that adds his info automatically to the Stop Forum Spam database, and then I simply delete the member from the site.

It is now Wednesday Jan 18... 286 spammers caught by the HoneyPot, and 175 caught by the Stop Forum Spam mod.

Jose - I urge you to try these mods. If they work as well for you as they have for me then it will make your life much easier administrating your forum. Likewise, it will allow a lot more real users for your site. I imagine many people don't register on your site now because all they get is the "registration disabled" message. I have had many FireFly customers who purchase and then try to get your includes only to come back to me complaining that they can not because of disabled registration on your site. That's why I asked to host your includes here as well in order to make it a little easier on them to get started using FireFly.

Elias Montoya · February 27, 2012, 02:18:39 AM

Jose, Paul... i can provide you (for free) with code to automate forum registration after Paypal Payment. I created that code along time ago in PHP but i can't use it because it requires SSL and i cant afford a certificte at the moment. This way, forget about fake registrations for good, either they pay and register and become genuine customers, or simply don't register. It works well with SMF.

Roger Garstang · March 08, 2012, 07:38:21 PM

Gotta make your own custom stuff. I have a contact us form on my companies page with just a simple dropdown that needs clicked on that prevents most. I added a few things in the backend side too like filtering web links and other content out or not allowing stupid things like more than 3 or so of the fields set to the same or repeating values. Some simple math problems work pretty good too.

I haven't fully verified it again, but I think your session cookies are messed up too. When I logout it removes them then just recreates them and keeps me logged in. The standard SMF forum doesn't do this, so something is modified. I do a lot of custom PHP stuff using session files if you need help.