Getting hundreds of registrations per month that are fake. Used to get 3-5 per day, now nearly 50-100 per day.
They're not defacing the site, exept for the rare rogue, but I keep in touch with the userbase via email often, and managing all the emails is now cumbersome.
I change the spam question weekly, and have blocked dozens of domains, as well as require a valid email address (password emailed). I can't seem to keep them off the site, though - IP's are from everywhere.
Its getting to the point I may just ban all overseas IP's or require an EDU address (college related site).
Anyone having spam registration problems with 1.2? Using Captcha's for registration? Can Bad Behavior or Akismet work on the initial registration?
Thanks for any info, ideas.
NCM
Watch
GitHub Core
Show your support for Zikula! Sign up at Github account and watch the Core project!
GitHub Modules
Forum Activity
- bartl responded to »Zikula: Not Ready for Prime Time?« 04:46 AM
- krator responded to »Multiple Errors Migrating Dizkus 3,1 to Dizkus 3.2« 18. Jun
- mikebcoffee created topic »Convert modules to 'Gettext'« 18. Jun
- trichers created topic »Mobile Theme html5 and link with tel:« 18. Jun
- espaan responded to »Interesting jQuery Javascript projects...« 17. Jun
- incasas responded to »Migrating Postcalendar 6.2 to Postcalendar 8.0« 17. Jun
- krator responded to »Error converting RATINGS and WEBLINKS« 16. Jun
Login
Bad spam registration problem
-
- Rank: Helper
- Registered: Sep 16, 2004
- Last visit: Oct 21, 2009
- Posts: 731
Posted: Nov 29, 2010 - 08:56 PM
-
- Rank: Team Member
- Registered: May 03, 2004
- Last visit: May 31, 2010
- Posts: 515
Posted: Nov 29, 2010 - 09:23 PM
I checked your site and recognized that your anti-spam answer is a very common 4 letter term, this might be the problem.
In my experience the anti-spam question does work very well, even if not changed for years. The main trick is to chose a term which usually is not included in a dictionary, but easy to grab for humans. Example:
Write the word "human" in capitals, with dots between all letters. -> H.U.M.A.N
Give it another try!
Greetings,
Chris
--
an operating system must operate
development is life
my repo -
- Rank: Helper
- Registered: Sep 16, 2004
- Last visit: Oct 21, 2009
- Posts: 731
Posted: Nov 29, 2010 - 09:34 PM
I've tried 100 different variations, some complex, some math, some doing similar. It usually stops it for 2-3 days and then restarts again - as if someone updates their bots with the answer.
I updated it again with a longer response using dashes. I'll report how soon the bot registrations start again.
Edited by uheweb on Nov 30, 2010 - 02:38 AM. -
- Rank: Softmore
- Registered: Sep 30, 2008
- Last visit: May 29, 2010
- Posts: 201
Posted: Nov 30, 2010 - 01:42 AM
are all these registrations coming from the same person/computer? check ip's and stuff. -
- Rank: Helper
- Registered: Sep 16, 2004
- Last visit: Oct 21, 2009
- Posts: 731
Posted: Dec 01, 2010 - 04:53 AM
spam registrations started up again 8 hours later with a question of:
Type the word BIGBLUE with a dash after each letter.
The rate is about 25% of what it was, so it appears many of them might have been dictionary bots, with some others being updated by the spammer manually when I change the question.
They are not coming from the same IP - all over the place. There are a few different formats (ie, how the name/email is formatted and if there are links in the user info), leading me to believe there are only a few spammers that are using a botnet to send the actual registration requests.
I will just continue to use a harder anti-spam question and change it weekly. Might look into doing some type of captcha or second security question. Would be nice to have several questions that rotate. -
- Rank: Helper
- Registered: Sep 16, 2004
- Last visit: Oct 21, 2009
- Posts: 731
Posted: Dec 04, 2010 - 04:29 PM
Rate is up to 75% or so of before - looks like a few other bot handlers updated their bots. I'm going to change the question again.
Any suggestions on how to implement a few rotating questions? I haven't looked at the code yet.
- Moderated by:
- Support
