MASSIVE Spam Problems! Server Being Shut Down Daily - HELP!

If you're having spam trouble try the following-

We have determined the most effective "Human Verification" currently built into vBulletin is "Question and Answer" verification.

To enable this go to your Admin CP -> Settings -> Human Verification Manager. (In VB 3.x it is Admin CP -> vBulletin Options -> Human Verification Manager)

Click on this link.

On the new page choose the option for "Question & Answer Verification."

If this is the first time you are using it you will need to add one or more questions and answers. To add your first question click on the "Add New Question" near the bottom center of the page.

On the next page enter a question. Do not make this a math question (what is 2+2?)- Math questions are absolutely worthless. If your forum is about a specific topic try to make the question something someone interested in your niche would likely know. If not still make a question that requires a human to answer- creativity helps here.

An example question would be: If there are three people in a room how many total toes are likely in the room?

Leave the box for "Regular Expression" blank. Use it only if you understand Regular Expressions.

Hit "Save"

On the next page there will now be a button "Add New Answer" - Press It.

The next page is one simple box marked "Answer." Enter the answer to the question. Questions can have multiple correct answers.

Answers are NOT case sensitive so if you put "thirty" in as an answer both "Thirty" and "THIRTY" will also work.

Enter "thirty" as the answer (without quotes.)

Save.

Now you will be back on the page where you can press the "Add New Answer" again, press it.

This time add the answer: 30
And hit "Save" again.

If your forum is multi-lingual you may want to continue adding answers to cover the word "thirty" in different languages.

When you believe you have set every possible correct answer you can click on the Admin CP Menu to go back to "Human Verification Manager" and repeat the process to add additional questions.

The more questions you have the better you will be- five is a good minimum, 10 or more is better.

We have found forums that implement good Q&A questions stop nearly all "bot" spam. (We have documented drops of a 90% reduction in registrations, all of which were spammers.) There will always be spam created by humans though who cannot be blocked by easy questions. If you feel you still have too much spam to handle please check out various "anti-spam" mods available on vBulletin.org:

Glowhost Spam-o-Matic
KeyCaptcha
vB Bad Behavior.

Please note like all vBulletin modifications we do not provide official support for 3rd party mods, you will need to ask for help in the threads of the mod in question if you need help installing, configuring, or using the mod.

Overall the best defense against spam is to have an active and vigilant moderator staff able to find and delete spam quickly. Educate forum users on how to use the "Report Post" button to report spam. Do not let the forum run without a moderator or administrator making regular visits to keep an eye on things.

Helpful info here - http://www.vbulletin.org/forum/showthread.php?t=276547

Thank you both for the information. A few things I neglected to mention...

First, I have already implemented a Q & A finding it works way better than any CAPTCHA code.

Second, The problem isn't with these bots logging in to the forum, the issue is that I have THOUSANDS of connections from the same IP's roaming the forum as "Unregistered", many of which are hitting the register.php page over and over again. It is this drain of server resources that has my web host company shutting me down.

Thanks!
Matt

Also, I am using 4.1.1 - The solutions above don't seem to be used for 4.1.1 or are methods I have used.

I would suggest these two out of my suggestions in that case:

Glowhost Spam-o-Matic
vB Bad Behavior.

Both should work with 4.1.1. You have a problem with spam bots, these should help cut them right down.

With Spam-O-Matic, configure it NOT to check usernames - I find this blocks too many genuine users.

Thanks Mark, but the Glowhost is to prevent registrations from known spammers and rhe Vb Bad Behavior links to some post about moderators having the ability to edit signature lines.

Oops there was a digit missing off my link somehow...try the links again, I have fixed them.

Another really good one for bots is this:

You set it to detect how quickly they are registering and if it's inhumanly fast, they get blocked.
I have a pretty small site and it has prevented 7,000 bot registrations in the last month and a half.
I also have Glowhost, and simple questions / answers and I get an email for each new account. I look at them all the day the register, then about a week later.
Spammers are vile people, I work hard to keep my site clean.

Thanks Mark. When I download the Bad Behavior mod I see files that look like its for WordPress and I don't find the Upload" folder as part of the download. I'm sure im doing something wrong but can't seem to figure it out.

Thanks!

- - - Updated - - -

Thanks! I looked for the download but can't find it. Not having much luck. lol

I work hard to prevent spam on my forums also, lately it seems like a never ending battle. I find myself watchign the "Who's Online" page questioning every IP.

Not sure what you mean you can't find the download, it's in the link I posted.

Have you registered on that site? You need to register with the same info you registered here and you'll be able to download modifications.

That's what it was, I didn't realize I had to register on that site. It sure is a busy page! I will post how it goes.

Thanks again!

Sounds like you're getting a DDoS attack..

As said above, this sounds like a Denial of Service attack, not spam. Unless you allow unregistered users to post on your site.

First thing to do is to work with your hosting provider and have them ban these IP addresses at the router. Ban entire continents if you have to. Once things start leveling off you can re-open those bans. If it is all the same IP address, ban them at the server level. You can then use tools like mod_security to limit their access based on their activity so instead of getting through, if there are too many requests the server will start denying them access.

Can be very frustrating to work through a DOS attack but if you have a competent hosting provider, they can help.

That mod is very nice! Works sweet!!

- - - Updated - - -

That makes sense. I was getting spam mixed in and thought it was all connected. I banned many IP addresses and countries in the htaccess and added the sweet mod "Dilbert" sent me the link for here: http://www.vbulletin.org/forum/showthread.php?t=289463. I also added security questions.

Spam? What spam?

Problem solved! Thank you everyone!!!!!
Merry Christmas!!