How to Reduce Spam and Registration Bots

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Steve Machol
    Former Customer Support Manager
    • Jul 2000
    • 154488

    [vB 3.7] How to Reduce Spam and Registration Bots

    Most people are being hit with a lot of spam these days. Some things you can do to reduce this are:

    1. Moderate new registrations
    Admin CP -> vBulletin Options -> User Registration Options -> Moderate New Members -> Yes
    2. Activate email verification
    Admin CP -> vBulletin Options -> User Registration Options -> Verify Email address in Registration
    3. Upgrade to the latest version of 3.7. In 3.7 there are 3 separate Human Verification Options.
    Admin CP -> vBulletin Options -> Human Verification Manager ->

    Image Verification:
    This is the same Images Verification Captcha as in older versions of vB, except that this now requires both GD and Freetype 2 to be installed in PHP.

    Question and Answer Verification
    This allows you to set up a Question and Answer verification during registration. If done correctly it will be almost impossible for bots to enter the correct answer.

    reCAPTCHAâ„¢ Verification
    This uses the reCaptcha service. You will need to register with them and get both a Public and Private key.
    Afeter you have chosen the method you want to use and have set this up, then make sure the correct Human Verification options are set here:
    Admin CP -> vBulletin Options -> Human Verification Options
    And if you have chosen the Image Verification option then you need to choose either GD or ImageMagick here:Admin CP -> vBulletin Options -> Image Settings
    You can go back to the Human Verification Manager to make sure the image is showing correctly.

    Note: Both are equivalent. These are also required if you use thumbnails for attachments or wish to automatically resize pictures that are too large.
    4. Ban 'free' email domains many spammers use.
    Admin CP -> vBulletin Options -> User Banning Options -> Banned Email Addresses

    See this thread for a list of commonly banned email addresses:

    5. Set these options to 'No' for the Unregistered, Users Awaiting and COPPA usergroups.
    Can Use Email to Friend
    Can Email Members
    6. Add a new required question to registration.
    Although there is a Q&A option in the Human Verification Manager, at this time these is no way to use this in conjunction with Image Verification or reCaptcha. However there is a workaround for this. You can create a required profile field to add Q&A to the registration process. To do so, follow these instructions: Add an extra question to the registration to prevent bot registrations.

    7. Restrict Email to Friend to Registered Users.

    Some people have reported that spammers are using the 'Send Email to Friend' function to spam others from your forums. To reduce this make sure that your Unregistered, COPPA and User's Awaiting groups have the 'Can Use Email to Friend' option set to 'No'.

    8. Stop bots spamming through the Contact Us link.
    Admin CP -> vBulletin Options -> Site Name / URL / Contact Details -> Allow Unregistered Users to use 'Contact Us' -> Yes, but Verify Image

    9. Enabling Spam Management.
    vBulletin supports managing spam through the Akismet and Typepad Anti-spam services. Both services require an API key to use. Here is how to obtain those keys.

    Akismet -
    To obtain an Akismet key, you need to sign up for a Wordpress.com account. This will give you a key to use within vBulletin. After signing up please see this page for instructions on retrieving your key:


    Typepad -
    Typepad also requires a key to be used. To get one go to this link here:


    Once you have your key, you need to enter it into your vBulletin Options under:
    Admin CP -> vBulletin Options -> vBulletin Options -> Spam Management -> vBulletin Anti-Spam Key Powered by Akismet

    Note: Either key goes into the same spot. On the same page set 'Anti-Spam Service' to the appropriate service. You can only use one service at a time.
    Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
    Change CKEditor Colors to Match Style (for 4.1.4 and above)

    Steve Machol Photography


    Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


  • Steve Machol
    Former Customer Support Manager
    • Jul 2000
    • 154488

    #2
    Note: Because of recent spam attacks, we strongly recommend that you combine one of the Image Verification options along with a Q&A as described in item #6 above.

    In addition banning free email accounts (#4) will be a major help as well.
    Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
    Change CKEditor Colors to Match Style (for 4.1.4 and above)

    Steve Machol Photography


    Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


    Comment

    • Steve Machol
      Former Customer Support Manager
      • Jul 2000
      • 154488

      #3
      From this post:

      It does appear that a certain spam program has released an update in the last few days that is able to decipher the image captchas of gmail, Invision, PHPBB, and vBulletin. Since gmail is broken, the script can automatically create email addresses for email verification.

      The update for this program states that it hasn't broken recaptcha, but it is only a matter of time (short time at best) before it is broken as well.

      To continue to devise an image captcha, that is increasingly difficult for humans to decipher, leads to a captcha that only a computer can decipher. This is why I built the image captcha to be configurable by the end user.

      If you are using the image captcha, change the fonts and the backgrounds. In your forums/images/regimage directory, you will find a fonts/ and a backgrounds/ directory. Remove all of the default fonts in the fonts directory and add a collection of your own .ttf fonts. You can get freeware fonts all over the web. Pick some that are a bit strange but still readible and stick them in the directory. The backgrounds are 201x61 jpg images. Create your own, I suggest putting some text on them, that will really confuse the script, just do it so that when the captcha text is added to it by vBulletin, it doesn't confuse your registrees. The system will automatically use the fonts and images that you add to the appropriate directories.

      When using the QA system, don't create questions like these:

      What is 2 + 2?
      Please enter the word "brown".

      The nefarious script at work here can most likely handle those questions. You must ask a question that doesn't give the answer in the question. I suspect something like "If you have three apples and eat one, how many do you have left?" would work.

      Adding required fields will also no longer work. The script can handle the "required field missing" errors and resubmit with those fields filled in.
      __________________
      Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
      Change CKEditor Colors to Match Style (for 4.1.4 and above)

      Steve Machol Photography


      Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


      Comment

      • Floris
        Senior Member
        • Dec 2001
        • 37767

        #4
        From the feedback from our customers it appears the Question & Answer option is blocking the spam for 99% - If you are not using it, I recommend to switch to it and give it a go.

        A bad question: What is 2+2?
        A bad question: Color of sky?

        The Q+A Human Verification System Allows you to be creative with your questions and answers, a few examples:

        Some good questions:

        If one is actually five, and you add three, how much do you have? (8)
        If you eat half a dozen of apples, but put three back, how many do you have left? (9)
        What would my fathers' brother be to me? (uncle)
        What is the third letter from the left in the logo of this web site? (u)
        Which letter from alphabet can you drink? (t)
        Last edited by Floris; Fri 3 Oct '08, 7:58pm.

        Comment

        • Steve Machol
          Former Customer Support Manager
          • Jul 2000
          • 154488

          #5
          We have had confirmation from one forum that a human registered, then turned over the Q&A info to a bot which then rapidly added new registrations to began spamming.

          At this time I recommend using the Q&A verification with as many different Q&As as possible which will be randomly applied for each registration.

          Meanwhile the Devs are looking at stronger measures but unfortunately when you have a person doing something like this, then there is no easy way to stop this. If you are being hit, you should consider moderating new members.
          Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
          Change CKEditor Colors to Match Style (for 4.1.4 and above)

          Steve Machol Photography


          Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


          Comment

          • Steve Machol
            Former Customer Support Manager
            • Jul 2000
            • 154488

            #6
            More information is here: Right back at ya, CAPTCHA: bad guys crack Gmail, Hotmail


            Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
            Change CKEditor Colors to Match Style (for 4.1.4 and above)

            Steve Machol Photography


            Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


            Comment

            • Wayne Luke
              vBulletin Technical Support Lead
              • Aug 2000
              • 73927

              #7
              How to automatically moderate the posts and threads from new users:
              Translations provided by Google.

              Wayne Luke
              The Rabid Badger - a vBulletin Cloud demonstration site.
              vBulletin 5 API

              Comment

              • Floris
                Senior Member
                • Dec 2001
                • 37767

                #8
                While we can not provide support or suggest unofficial modifications to vBulletin, we do want to give you the options. If you are on vBulletin 3.6 and can not upgrade (yet) to 3.7, you could get some 3.7 functionality via product/plugins; or if you are on 3.7 and wish to extend anti spam functionality: You could consider some vBulletin.org releases - again - I want to stipulate that we do not recommend any unofficial release, and will not support it. So make a 100% backup of your database and files before customizing your board, so you can revert back to a working instance if you run into problems.

                Comment

                • Floris
                  Senior Member
                  • Dec 2001
                  • 37767

                  #9
                  Here is an announcement with some information about the issue relating to the vBulletin software: http://www.vbulletin.com/forum/showthread.php?t=288234

                  Comment

                  • Wayne Luke
                    vBulletin Technical Support Lead
                    • Aug 2000
                    • 73927

                    #10
                    Obtaining an Akismet or Type Anti-spam Key.

                    Akismet -

                    To obtain an Akismet key, you need to sign up for a Wordpress.com account. This will give you a key to use within vBulletin. After signing up please see this page for instructions on retrieving your key:


                    Typepad:
                    Typepad also requires a key to be used. To get one go to this link here:
                    Translations provided by Google.

                    Wayne Luke
                    The Rabid Badger - a vBulletin Cloud demonstration site.
                    vBulletin 5 API

                    Comment

                    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                    Working...