Seeking spam protection posibilities

[SpaceFanatic64]

[Topic splitted from Hypergiant star]

Spambot above, but it has already been reported.

[CM1215]

What do you mean by spam bot?

The user "Celestial Body" edited an off-topic link into his above post. It is of my opinion that no one should click that link.

It actually appears the post has been deleted, which is good.

[Anthony_B_Russo10]

I had thought it was my post.

[Lafuente_Astronomy]

The user "Celestial Body" edited an off-topic link into his above post. It is of my opinion that no one should click that link.

It actually appears the post has been deleted, which is good.

Some people are getting smart nowadays. If I recall, one merely copied a post by Janus concerning star updates, and because we haven't talked about that for a long time, we accepted the poster. It wasn't until either onetwothree or pirogronian (I forgot who actually discovered it) discovered that the post's words were copied word for word from Janus' posts, that we removed the poster.

[SpaceFanatic64]

Yes, unfortunately. This is mostly because this forum has weak protection against spambots, with nothing except the email verification which is easily bypassed by the spambot creator. In other words, there is no human verification here, making this forum an easy target for spambots.

[Anthony_B_Russo10]

Maybe reCAPTCHA can be used.

[pirogronian]

I checked it recently and we have reCAPTCHA. But Im not sure about email verification. So probably they're not spambots but oridinary paid spamers. Maybe banning by email would be a bit more efficient, but I see no such an option. Probably we have no email verification.

[SpaceFanatic64]

IP banning could also be used against the account.

[pirogronian]

Ip banning works for static IP only. In most cases ip is assigned dynamically by provider. In these cases it is not only ineffective but can block normal users, if they would get previously banned ip.

[Anthony_B_Russo10]

Maybe Norton security could help.
https://www.websecurity.symantec.com/theme/seal-transition

[Lafuente_Astronomy]

I checked the membership list, and I found out that many of the members starting from the forum's earliest years haven't even posted once. Perhaps we must remove those members from the start until this year, so as to at least clean up our membership lists for potential spammers?

Added after 27 minutes 5 seconds:
I've made this post global, as the spammer problem is much bigger than we thought.

[Sirius_Alpha]

I admin an exoplanet forum, and from my experience, the best way to deal with the problem is to do manual user-account activation. When users sign up, you can see their e-mail addresses. It's often pretty clear which e-mail addresses are "real" and which are spam bots. Something like khoward@[host].com is probably real, but something like xzoliueq@[host].com is probably fake.

In cases where that is ambiguous, you can do a quick internet search for the e-mail address. If they've posted spam topics in the past, they may show up in that search.

There will be many real users who create an account but who never post. These are probably people who sign up when they find the site, then forget about it later or lose interest after signing up. Not all users with zero posts are spam bots.

[Art Blos]

I checked the membership list, and I found out that many of the members starting from the forum's earliest years haven't even posted once. Perhaps we must remove those members from the start until this year, so as to at least clean up our membership lists for potential spammers?

I asked Alexell about complete removal of the account from forum. This function is not available to moderators, only to administrator.

[pirogronian]

When users sign up, you can see their e-mail addresses. It's often pretty clear which e-mail addresses are "real" and which are spam bots.

Also a good filter would be IMHO mandatory short descritpion of themself.

Not all users with zero posts are spam bots.

Indeed, but most probably they won't be hurt by their account's deletion, if they already forgot about it. And we will have more nicks for new users avaliable

[Janus]

Spam is a serious problem.
The first few months I had my personal fork forum was a mess, then I disabled e-mail sign up completely.
I had captcha with all the bells and whistles all the way up.
After the first few days, I was getting fifty (50) spam sign-ups a day.
Three months in it was up to spam sign-ups 100 a day.
For a while I tracked the IP addresses, which was entertaining, initially at least.
Eastern europe, RUSSIA!!!, middle east, china, EASTERN EUROPE!, africa, russia, CHINA!!!, eastern europe, and so forth.
Caps and ! for scale, focus changed weekly.

I shut sign-ups off to protect my sanity.
Now all there is is just an admin contact form, and I still get spam contacts through it several times a week.
Captcha can take care of the sign up bots, no problem.
The problem is the people making maybe a buck, likely less, per post or sign up, no matter where they manage it.
Once the sign up is done, there are script bots aplenty to do automated posts.


Janus.

[Lafuente_Astronomy]

Spam is a serious problem.
The first few months I had my personal fork forum was a mess, then I disabled e-mail sign up completely.
I had captcha with all the bells and whistles all the way up.
After the first few days, I was getting fifty (50) spam sign-ups a day.
Three months in it was up to spam sign-ups 100 a day.
For a while I tracked the IP addresses, which was entertaining, initially at least.
Eastern europe, RUSSIA!!!, middle east, china, EASTERN EUROPE!, africa, russia, CHINA!!!, eastern europe, and so forth.
Caps and ! for scale, focus changed weekly.

I shut sign-ups off to protect my sanity.
Now all there is is just an admin contact form, and I still get spam contacts through it several times a week.
Captcha can take care of the sign up bots, no problem.
The problem is the people making maybe a buck, likely less, per post or sign up, no matter where they manage it.
Once the sign up is done, there are script bots aplenty to do automated posts.


Janus.

Indeed, they will get frustrating by the moment. Hence, why we need more cybersecurity to stop them. And we should also have the power to permanently ban those spam accounts

[Janus]

@Lafuente_Astronomy

The problem is not individual accounts.
I kept track for the first month, and not a single repeat.
Checking names for phonetics works better, but even that is not foolproof.


Janus.

[Joey P.]

Is this the first time a spambot has been sighted in this forum?

[SpaceFanatic64]

No. Spambots have been seen many, many times before.

[pirogronian]

So, our reCapchta don't work at all? Otherwise, we have not spambots, just plain spamers At least during registeration.