A recurring question on this forum is how to deal with spam bots. And rather how to prevent them from registering.
The main solution is to add multiple layers of protection. Let the spammers jump through several hoops. Many roads lead to Rome. Below is the solution that I find optimal for my big board & sites. I rarely see spam. Opinions on the optimal solution will differ.
Spam-O-Matic
First install this one-stop-mod: http://www.vbulletin.org/forum/showthread.php?t=248042
Spam-O-Matic is probably the best modification that is highly effective against spammers. If you set up Spam-O-Matic well, then you will be able to block spam registrations. Spam-O-Matic requires some configuration. The support thread on vb.org is quite informative. Here is my configuration:
Spam-O-Matic - Askimet:
Most people would not agree with me, but I always disable askimet.
Spam-O-Matic - Automoderation
Auto-moderation should be turned on.
I do not allow any links to be posted if the user has under 50 posts.
Review the posts of your spammers and make a list of all words that frequently appear in spam posts. Add these words to the auto-moderation keywords.
Set auto-moderation URL count to: 0
Set 'Auto-Moderation: Post Action' to 'moderate post'
Over time you will need to keep adding keywords and removing keywords that cause false positives.
Spam-O-Matic - Stopforumspam
For StopForumSpam enable the IP check, username check and email check.
Desired action = log and block registration
Query Connection Errors: This is a tricky one. If you set this to block then you will block legitimate users. If you set it to allow, then spam bots may register when the service is off line
Remote expiry: 60
Data Fetching and Parsing - CURL: enable CURL if your PHP server has that.
proxy address and proxy port are not needed.
Data Fetching - Cache: 30
API Key: make sure to get a API key from SFS. Go to the forum here: http://www.stopforumspam.com/forum/ and register an account. Once you have a forum account you can log in and get a API key there. Enter that into your admincp
Auto-submit from Moderation Tools: YES. Not only does this protects other sites from the spammer, but it also prevents the spammer from trying again at your site.
Bad Behavior
Another very important addon is Bad Behavior, which greatly compliments SOM. It deals with spam bots, content scrapers, vulnerability scanners and other malicious bots, even before the registration process. Saves bandwidth costs, adds security and greatly lowers spam registrations.
Another consideration is that if you use measures to avoid spam bots from registering, then the bots will still keep trying and can hammer your server with a large number of attempts a second. So you are moving the problem instead of resolving it. This is where Bad Behavior helps out.
http://www.vbulletin.org/forum/showthread.php?t=261498
For Bad behavior: upload the files and import the product. Then you need to get a key from projecthoneypot. You sign up here: http://www.projecthoneypot.org/create_account.php
After that you will find a key in your account on that site. Enter that key into your admincp.
Newbie usergroup
Make sure that the first usergroup that newly registered members are in, has very limited permissions. If your site has reputation on and your members are actively giving it out, then this will help. You can add an automatic usergroup promotion after a few reputation points. The next usergroup can have more liberal permissions.
Moderating registrations
Then there is another possibility: moderating new members. I always thought this was way to labor intensive. But on my big board it turned out to reduce workload, because you stop the nonsense right at the door. For this to be successful you will need to add a number of profile fields where new members will need to fill in answers to questions that are relevant to your site. This allows you to easily spot if the applicant is seriously interested or not. Most spam bots will add links everywhere, so that easy.
Banning fake email domains
In 'admincp > settings > user banning options > banned email' enter this list of temporary & fake email domains:
I hope this helps people to secure their site from spammers.
The main solution is to add multiple layers of protection. Let the spammers jump through several hoops. Many roads lead to Rome. Below is the solution that I find optimal for my big board & sites. I rarely see spam. Opinions on the optimal solution will differ.
Spam-O-Matic
First install this one-stop-mod: http://www.vbulletin.org/forum/showthread.php?t=248042
Spam-O-Matic is probably the best modification that is highly effective against spammers. If you set up Spam-O-Matic well, then you will be able to block spam registrations. Spam-O-Matic requires some configuration. The support thread on vb.org is quite informative. Here is my configuration:
Spam-O-Matic - Askimet:
Most people would not agree with me, but I always disable askimet.
Spam-O-Matic - Automoderation
Auto-moderation should be turned on.
I do not allow any links to be posted if the user has under 50 posts.
Review the posts of your spammers and make a list of all words that frequently appear in spam posts. Add these words to the auto-moderation keywords.
Set auto-moderation URL count to: 0
Set 'Auto-Moderation: Post Action' to 'moderate post'
Over time you will need to keep adding keywords and removing keywords that cause false positives.
Spam-O-Matic - Stopforumspam
For StopForumSpam enable the IP check, username check and email check.
Desired action = log and block registration
Query Connection Errors: This is a tricky one. If you set this to block then you will block legitimate users. If you set it to allow, then spam bots may register when the service is off line
Remote expiry: 60
Data Fetching and Parsing - CURL: enable CURL if your PHP server has that.
proxy address and proxy port are not needed.
Data Fetching - Cache: 30
API Key: make sure to get a API key from SFS. Go to the forum here: http://www.stopforumspam.com/forum/ and register an account. Once you have a forum account you can log in and get a API key there. Enter that into your admincp
Auto-submit from Moderation Tools: YES. Not only does this protects other sites from the spammer, but it also prevents the spammer from trying again at your site.
Bad Behavior
Another very important addon is Bad Behavior, which greatly compliments SOM. It deals with spam bots, content scrapers, vulnerability scanners and other malicious bots, even before the registration process. Saves bandwidth costs, adds security and greatly lowers spam registrations.
Another consideration is that if you use measures to avoid spam bots from registering, then the bots will still keep trying and can hammer your server with a large number of attempts a second. So you are moving the problem instead of resolving it. This is where Bad Behavior helps out.
http://www.vbulletin.org/forum/showthread.php?t=261498
For Bad behavior: upload the files and import the product. Then you need to get a key from projecthoneypot. You sign up here: http://www.projecthoneypot.org/create_account.php
After that you will find a key in your account on that site. Enter that key into your admincp.
Newbie usergroup
Make sure that the first usergroup that newly registered members are in, has very limited permissions. If your site has reputation on and your members are actively giving it out, then this will help. You can add an automatic usergroup promotion after a few reputation points. The next usergroup can have more liberal permissions.
Moderating registrations
Then there is another possibility: moderating new members. I always thought this was way to labor intensive. But on my big board it turned out to reduce workload, because you stop the nonsense right at the door. For this to be successful you will need to add a number of profile fields where new members will need to fill in answers to questions that are relevant to your site. This allows you to easily spot if the applicant is seriously interested or not. Most spam bots will add links everywhere, so that easy.
Banning fake email domains
In 'admincp > settings > user banning options > banned email' enter this list of temporary & fake email domains:
ajaxapp.net
amiri
anonymail
blogmyway
blogos
bluebottle.com
bobmail
bofthew
bugmenot
bumpymail
buyusedlibrarybooks
centermail
choicemail1
dandikmail
deadspam
despam
discardmail
disposeamail
dispostable
docmail
dodgeit
dodgit.com
dontreg
dontsendmespam
dotmsg
dumpandjunk
dumpmai
e4ward
emaildienst
emailias
emailmiser
emailto.de
emailwarden
emailxfer
emz.net
enterto
etranquil
explodemail
fakeinformation
fakemailz
fastacura
fastchevy
fastchrysler
fastermail.com
fastkawasaki
fastmazda
fastmitsubishi
fastnissan
fastsubaru
fastsuzuki
fasttoyota
fastyamaha
footard
forgetmail
front14
fux0ringduh
garliclife
getonemail
ghosttexter
gishpuppy
gowikibooks
gowikicampus
gowikicars
gowikifilms
gowikigames
gowikimusic
gowikinetwork
gowikitravel
gowikitv
greensloth
greensloth.com
gsrv.co.uk
guerilla
h8s.org
haltospam
hatespam
hidemail
iheartspam
imstations
ipoo
irish2me
iwi.net
jetable
kasmail
kaspop
key-mail
killmail
klassmaster
lawlita
lifebyfood
link2mail
lortemail
lovemeleaveme
lr78.com
mail2rss
mail333
mailbidon
mailblock
mailcatch
maileater
mailexpire
mailfreeonline
mailin8r
mailinater
mailinator
mailinator.com
mailinator2
mailincubator
mailmoat
mailnull
mailquack
mailshell
mailsiphon
mailslapping
mailzilla
meinspamschutz
messagebeamer
mintemail
mt2009
myspaceinc
myspacepimpedup
myspamless
mythrashmail.net
mytrashmail
mytrashmail.com
neomailbox
nervmich
nervtmich
netmails
netzidiot
nobulk
noclickemail
nospamfor
nospamfor.us
nurfuerspam
oneoffemail
oneoffmail
oopi.org
otherinbox
ourklips
outlawspam
pancakemail
pimpedupmyspace
poofy.org
pookmail
privy-mail
punkass.com
recyclemail
rejectmail
rklips
safersignup
saynotospams
shiftmail
shortmail
sibmail
slaskpost
sneakemail
sofort-mail
sogetthis
soodonims
spam
tempe-mail
tempemail
tempinbox
temporarily
temporaryforwarding
temporaryinbox
thisisnotmyrealemail
thrashmail
trash-mail
trash2009
trashdevil
trashmail
trashymail
turual
twinmail
upliftnow.com
uplipht
venompen
viditag.com
viewcastmedia
w3internet
walala.org
wegwerfadresse
wetrainbayarea
wh4f.org
whopy.com
wilemail
willhackforfood.biz
willselfdestruct
winemaven
wuzup.net
wwwnew
xagloo
xemaps.com
xents.com
xmaily
yep.it
yogamaven
yopmail
z1p.biz
zoemail
amiri
anonymail
blogmyway
blogos
bluebottle.com
bobmail
bofthew
bugmenot
bumpymail
buyusedlibrarybooks
centermail
choicemail1
dandikmail
deadspam
despam
discardmail
disposeamail
dispostable
docmail
dodgeit
dodgit.com
dontreg
dontsendmespam
dotmsg
dumpandjunk
dumpmai
e4ward
emaildienst
emailias
emailmiser
emailto.de
emailwarden
emailxfer
emz.net
enterto
etranquil
explodemail
fakeinformation
fakemailz
fastacura
fastchevy
fastchrysler
fastermail.com
fastkawasaki
fastmazda
fastmitsubishi
fastnissan
fastsubaru
fastsuzuki
fasttoyota
fastyamaha
footard
forgetmail
front14
fux0ringduh
garliclife
getonemail
ghosttexter
gishpuppy
gowikibooks
gowikicampus
gowikicars
gowikifilms
gowikigames
gowikimusic
gowikinetwork
gowikitravel
gowikitv
greensloth
greensloth.com
gsrv.co.uk
guerilla
h8s.org
haltospam
hatespam
hidemail
iheartspam
imstations
ipoo
irish2me
iwi.net
jetable
kasmail
kaspop
key-mail
killmail
klassmaster
lawlita
lifebyfood
link2mail
lortemail
lovemeleaveme
lr78.com
mail2rss
mail333
mailbidon
mailblock
mailcatch
maileater
mailexpire
mailfreeonline
mailin8r
mailinater
mailinator
mailinator.com
mailinator2
mailincubator
mailmoat
mailnull
mailquack
mailshell
mailsiphon
mailslapping
mailzilla
meinspamschutz
messagebeamer
mintemail
mt2009
myspaceinc
myspacepimpedup
myspamless
mythrashmail.net
mytrashmail
mytrashmail.com
neomailbox
nervmich
nervtmich
netmails
netzidiot
nobulk
noclickemail
nospamfor
nospamfor.us
nurfuerspam
oneoffemail
oneoffmail
oopi.org
otherinbox
ourklips
outlawspam
pancakemail
pimpedupmyspace
poofy.org
pookmail
privy-mail
punkass.com
recyclemail
rejectmail
rklips
safersignup
saynotospams
shiftmail
shortmail
sibmail
slaskpost
sneakemail
sofort-mail
sogetthis
soodonims
spam
tempe-mail
tempemail
tempinbox
temporarily
temporaryforwarding
temporaryinbox
thisisnotmyrealemail
thrashmail
trash-mail
trash2009
trashdevil
trashmail
trashymail
turual
twinmail
upliftnow.com
uplipht
venompen
viditag.com
viewcastmedia
w3internet
walala.org
wegwerfadresse
wetrainbayarea
wh4f.org
whopy.com
wilemail
willhackforfood.biz
willselfdestruct
winemaven
wuzup.net
wwwnew
xagloo
xemaps.com
xents.com
xmaily
yep.it
yogamaven
yopmail
z1p.biz
zoemail
Comment