How to Reduce Spam and Registration Bots

Collapse
This is a sticky topic.
X
X
 
  • Time
  • Show
Clear All
new posts
  • Steve Machol
    Former Customer Support Manager
    • Jul 2000
    • 154488

    How to Reduce Spam and Registration Bots

    Most people are being hit with a lot of spam these days. Some things you can do to reduce this are:

    1. Moderate new registrations
    Admin CP -> Setting -> Options -> User Registration Options -> Moderate New Members -> Yes

    2. Activate email verification
    Admin CP -> Settings -> Options -> User Registration Options -> Verify Email address in Registration

    3. Upgrade to at least vBulletin version 3.7 or higher. These versions have several Human Verification Options.
    Admin CP -> Settings -> Human Verification Manager ->

    Image Verification:
    This is the same Images Verification Captcha as in older versions of vB, except that this now requires both GD and Freetype 2 to be installed in PHP.

    Question and Answer Verification
    This allows you to set up a Question and Answer verification during registration. If done correctly it will be almost impossible for bots to enter the correct answer.

    reCAPTCHA™ Verification
    This uses the reCaptcha service. You will need to register with them and get both a Public and Private key.

    *** Note: As per this announcement, we recommend using the Q&A method with multiple questions. ***
    After you have chosen the method you want to use and have set this up, then make sure the correct Human Verification options are set here:
    Admin CP -> Settings -> Human Verification Options

    And if you have chosen the Image Verification option then you need to choose either GD or ImageMagick here: Admin CP -> Settings -> Options -> Image Settings
    You can go back to the Human Verification Manager to make sure the image is showing correctly.

    Note: Both are equivalent. These are also required if you use thumbnails for attachments or wish to automatically resize pictures that are too large.

    4. Ban 'free' email domains many spammers use.
    Admin CP -> Settings -> Options -> User Banning Options -> Banned Email Addresses

    See this thread for a list of commonly banned email addresses:


    5. Set these options for the Unregistered, Users Awaiting and COPPA usergroups:
    Admin CP -> Usergroups -> Usergroup Manager -> Edit ->
    Can Use Email to Friend -> No
    Can Email Members -> No

    Require Human Verification on Configured Actions -> Yes


    6. Add a new required question to registration.
    Although there is a Q&A option in the Human Verification Manager, at this time these is no way to use this in conjunction with Image Verification or reCaptcha. However there is a workaround for this. You can create a required profile field to add Q&A to the registration process. To do so, follow these instructions: Add an extra question to the registration to prevent bot registrations.

    7. Restrict Email to Friend to Registered Users.
    Some people have reported that spammers are using the 'Send Email to Friend' function to spam others from your forums. To reduce this make sure that your Unregistered, COPPA and User's Awaiting groups have the 'Can Use Email to Friend' option set to 'No'.

    8. Stop bots spamming through the Contact Us link.
    Admin CP -> Settings -> Options -> Human Verification Options -> Check 'Contact Us' and 'Register'

    9. Enabling Spam Management.
    vBulletin supports managing spam through the Akismet and Typepad Anti-spam services. Both services require an API key to use. Here is how to obtain those keys.

    Akismet -
    To obtain an Akismet key, you need to sign up for a Wordpress.com account. This will give you a key to use within vBulletin. After signing up please see this page for instructions on retrieving your key:


    Typepad -
    Typepad also requires a key to be used. To get one go to this link here:


    Once you have your key, you need to enter it into your vBulletin Options under:
    Admin CP -> Settings -> Options -> vBulletin Options -> Spam Management -> vBulletin Anti-Spam Key Powered by Akismet

    Note: Either key goes into the same spot. On the same page set 'Anti-Spam Service' to the appropriate service. You can only use one service at a time.
    Last edited by Steve Machol; Sun 26 Jun '11, 7:36am.
    Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
    Change CKEditor Colors to Match Style (for 4.1.4 and above)

    Steve Machol Photography


    Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


  • Steve Machol
    Former Customer Support Manager
    • Jul 2000
    • 154488

    #2
    Note: Because of recent spam attacks, we strongly recommend that you combine one of the Image Verification options along with a Q&A as described in item #6 above.

    In addition banning free email accounts (#4) will be a major help as well.
    Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
    Change CKEditor Colors to Match Style (for 4.1.4 and above)

    Steve Machol Photography


    Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


    Comment

    • Steve Machol
      Former Customer Support Manager
      • Jul 2000
      • 154488

      #3
      From this post:

      It does appear that a certain spam program has released an update in the last few days that is able to decipher the image captchas of gmail, Invision, PHPBB, and vBulletin. Since gmail is broken, the script can automatically create email addresses for email verification.

      The update for this program states that it hasn't broken recaptcha, but it is only a matter of time (short time at best) before it is broken as well.

      To continue to devise an image captcha, that is increasingly difficult for humans to decipher, leads to a captcha that only a computer can decipher. This is why I built the image captcha to be configurable by the end user.

      If you are using the image captcha, change the fonts and the backgrounds. In your forums/images/regimage directory, you will find a fonts/ and a backgrounds/ directory. Remove all of the default fonts in the fonts directory and add a collection of your own .ttf fonts. You can get freeware fonts all over the web. Pick some that are a bit strange but still readible and stick them in the directory. The backgrounds are 201x61 jpg images. Create your own, I suggest putting some text on them, that will really confuse the script, just do it so that when the captcha text is added to it by vBulletin, it doesn't confuse your registrees. The system will automatically use the fonts and images that you add to the appropriate directories.

      When using the QA system, don't create questions like these:

      What is 2 + 2?
      Please enter the word "brown".

      The nefarious script at work here can most likely handle those questions. You must ask a question that doesn't give the answer in the question. I suspect something like "If you have three apples and eat one, how many do you have left?" would work.

      Adding required fields will also no longer work. The script can handle the "required field missing" errors and resubmit with those fields filled in.
      __________________
      Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
      Change CKEditor Colors to Match Style (for 4.1.4 and above)

      Steve Machol Photography


      Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


      Comment

      • Floris
        Senior Member
        • Dec 2001
        • 37767

        #4
        From the feedback from our customers it appears the Question & Answer option is blocking the spam for 99% - If you are not using it, I recommend to switch to it and give it a go.

        A bad question: What is 2+2?
        A bad question: Color of sky?

        The Q+A Human Verification System Allows you to be creative with your questions and answers, a few examples:

        Some good questions:

        If one is actually five, and you add three, how much do you have? (8)
        If you eat half a dozen of apples, but put three back, how many do you have left? (9)
        What would my fathers' brother be to me? (uncle)
        What is the third letter from the left in the logo of this web site? (u)
        Which letter from alphabet can you drink? (t)

        Comment

        • Steve Machol
          Former Customer Support Manager
          • Jul 2000
          • 154488

          #5
          We have had confirmation from one forum that a human registered, then turned over the Q&A info to a bot which then rapidly added new registrations to began spamming.

          At this time I recommend using the Q&A verification with as many different Q&As as possible which will be randomly applied for each registration.

          Meanwhile the Devs are looking at stronger measures but unfortunately when you have a person doing something like this, then there is no easy way to stop this. If you are being hit, you should consider moderating new members.
          Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
          Change CKEditor Colors to Match Style (for 4.1.4 and above)

          Steve Machol Photography


          Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


          Comment

          • Steve Machol
            Former Customer Support Manager
            • Jul 2000
            • 154488

            #6
            More information is here: Right back at ya, CAPTCHA: bad guys crack Gmail, Hotmail


            Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
            Change CKEditor Colors to Match Style (for 4.1.4 and above)

            Steve Machol Photography


            Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


            Comment

            • Wayne Luke
              vBulletin Technical Support Lead
              • Aug 2000
              • 73927

              #7
              How to automatically moderate the posts and threads from new users:
              Translations provided by Google.

              Wayne Luke
              The Rabid Badger - a vBulletin Cloud demonstration site.
              vBulletin 5 API

              Comment

              • Floris
                Senior Member
                • Dec 2001
                • 37767

                #8
                While we can not provide support or suggest unofficial modifications to vBulletin, we do want to give you the options. If you are on vBulletin 3.6 and can not upgrade (yet) to 3.7, you could get some 3.7 functionality via product/plugins; or if you are on 3.7 and wish to extend anti spam functionality: You could consider some vBulletin.org releases - again - I want to stipulate that we do not recommend any unofficial release, and will not support it. So make a 100% backup of your database and files before customizing your board, so you can revert back to a working instance if you run into problems.

                Comment

                • Floris
                  Senior Member
                  • Dec 2001
                  • 37767

                  #9
                  Here is an announcement with some information about the issue relating to the vBulletin software: http://www.vbulletin.com/forum/showthread.php?t=288234

                  Comment

                  • Wayne Luke
                    vBulletin Technical Support Lead
                    • Aug 2000
                    • 73927

                    #10
                    Obtaining an Akismet or Type Anti-spam Key.

                    Akismet -

                    To obtain an Akismet key, you need to sign up for a Wordpress.com account. This will give you a key to use within vBulletin. After signing up please see this page for instructions on retrieving your key:


                    Typepad:
                    Typepad also requires a key to be used. To get one go to this link here:
                    Translations provided by Google.

                    Wayne Luke
                    The Rabid Badger - a vBulletin Cloud demonstration site.
                    vBulletin 5 API

                    Comment

                    • BirdOPrey5
                      Senior Member
                      • Jul 2008
                      • 9613
                      • 5.6.3

                      #11
                      We have determined the most effective "Human Verification" currently built into vBulletin is "Question and Answer" verification.

                      To enable this go to your Admin CP -> Settings -> Human Verification Manager. (In VB 3.x it is Admin CP -> vBulletin Options -> Human Verification Manager)

                      Click on this link.

                      On the new page choose the option for "Question & Answer Verification."

                      If this is the first time you are using it you will need to add one or more questions and answers. To add your first question click on the "Add New Question" near the bottom center of the page.

                      On the next page enter a question. Do not make this a math question (what is 2+2?)- Math questions are absolutely worthless. If your forum is about a specific topic try to make the question something someone interested in your niche would likely know. If not still make a question that requires a human to answer- creativity helps here.

                      An example question would be: If there are three people in a room how many total toes are likely in the room?

                      Leave the box for "Regular Expression" blank. Use it only if you understand Regular Expressions.

                      Hit "Save"

                      On the next page there will now be a button "Add New Answer" - Press It.

                      The next page is one simple box marked "Answer." Enter the answer to the question. Questions can have multiple correct answers.

                      Answers are NOT case sensitive so if you put "thirty" in as an answer both "Thirty" and "THIRTY" will also work.

                      Enter "thirty" as the answer (without quotes.)

                      Save.

                      Now you will be back on the page where you can press the "Add New Answer" again, press it.

                      This time add the answer: 30
                      And hit "Save" again.

                      If your forum is multi-lingual you may want to continue adding answers to cover the word "thirty" in different languages.

                      When you believe you have set every possible correct answer you can click on the Admin CP Menu to go back to "Human Verification Manager" and repeat the process to add additional questions.

                      The more questions you have the better you will be- five is a good minimum, 10 or more is better.

                      In general avoid any questions where the answers may be common among may sites even if the question is different- That is to say no matter how hard the question is if the answer is "3" or "Blue" avoid the question. Spam bots may try common answers even if they can't understand the question just to see if they get lucky. Avoid answers that are low or common numbers, colors, and the like.

                      We have found forums that implement good Q&A questions stop nearly all "bot" spam. (We have documented drops of a 90% reduction in registrations, all of which were spammers.) There will always be spam created by humans though who cannot be blocked by easy questions. If you feel you still have too much spam to handle please check out various "anti-spam" mods available on vBulletin.org:

                      VB 5.x Anti-Spam Mods:


                      VB 4.x Anti-Spam Mods:


                      VB 3.8 Anti-Spam Mods:


                      Please note like all vBulletin modifications we do not provide official support for 3rd party mods, you will need to ask for help in the threads of the mod in question if you need help installing, configuring, or using the mod.

                      Overall the best defense against spam is to have an active and vigilant moderator staff able to find and delete spam quickly. Educate forum users on how to use the "Report Post" button to report spam. Do not let the forum run without a moderator or administrator making regular visits to keep an eye on things.

                      Comment

                      widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                      Working...