Fork me on GitHub

Watch

GitHub Core

Show your support for Zikula! Sign up at Github account and watch the Core project!




GitHub Modules

Forum Activity

Forum feed

» Visit forum | » View latest posts

Bad spam registration problem  Bottom

  • Getting hundreds of registrations per month that are fake. Used to get 3-5 per day, now nearly 50-100 per day.

    They're not defacing the site, exept for the rare rogue, but I keep in touch with the userbase via email often, and managing all the emails is now cumbersome.

    I change the spam question weekly, and have blocked dozens of domains, as well as require a valid email address (password emailed). I can't seem to keep them off the site, though - IP's are from everywhere.

    Its getting to the point I may just ban all overseas IP's or require an EDU address (college related site).

    Anyone having spam registration problems with 1.2? Using Captcha's for registration? Can Bad Behavior or Akismet work on the initial registration?

    Thanks for any info, ideas.

    NCM
  • I checked your site and recognized that your anti-spam answer is a very common 4 letter term, this might be the problem.

    In my experience the anti-spam question does work very well, even if not changed for years. The main trick is to chose a term which usually is not included in a dictionary, but easy to grab for humans. Example:

    Write the word "human" in capitals, with dots between all letters. -> H.U.M.A.N

    Give it another try! icon_wink

    Greetings,
    Chris

    --
    an operating system must operate
    development is life
    my repo
  • I've tried 100 different variations, some complex, some math, some doing similar. It usually stops it for 2-3 days and then restarts again - as if someone updates their bots with the answer.

    I updated it again with a longer response using dashes. I'll report how soon the bot registrations start again.



    Edited by uheweb on Nov 30, 2010 - 02:38 AM.
  • are all these registrations coming from the same person/computer? check ip's and stuff.
  • I have come across, IP address is usually dynamic, with a calculation Formicula module certification breakthroughs are likely to be spam.
  • spam registrations started up again 8 hours later with a question of:

    Type the word BIGBLUE with a dash after each letter.

    The rate is about 25% of what it was, so it appears many of them might have been dictionary bots, with some others being updated by the spammer manually when I change the question.

    They are not coming from the same IP - all over the place. There are a few different formats (ie, how the name/email is formatted and if there are links in the user info), leading me to believe there are only a few spammers that are using a botnet to send the actual registration requests.

    I will just continue to use a harder anti-spam question and change it weekly. Might look into doing some type of captcha or second security question. Would be nice to have several questions that rotate.
  • Rate is up to 75% or so of before - looks like a few other bot handlers updated their bots. I'm going to change the question again.

    Any suggestions on how to implement a few rotating questions? I haven't looked at the code yet.

This list is based on users active over the last 60 minutes.