My forum is just a month old and our new members numbers never stop increasing, but my biggest worry are spammers which make up to 10%.

These guys are just too clever for me, i keep banning them but they keep coming back with a different IPs and host names how?

If may ask what are the spammers using to get a new IP and host name because i need to figth them to the end, they are ruinning by forum image by posting pornos and viagra stuffs.

From my investigation there email address finish with .cn and .ru which mean China and Russia, and there host names come from different countries which give me the impression that they connect to innocent people computer and send there spamming post from there.

My forum is a SMF.

Webmasters in here should help me out, Thanks.

Regards.

they are using a thing called a proxy

they are using a thing called a proxy

Some explanation please?

they pass through another system, which relays data between them and you in order to post , therefore the IP shown is the one of the other system (the proxy) not them

I find it difficult to understand you.

Ok, how do i figth them?

Thanks for the link jbennet, i hope it will be useful

Disable posting live links, disable signature.

Dear,

Spamer are not your individual problem. It is global.

1) You can save your forum by following ways.
Use keyword sensor = In your blog there is keyword sensor if any one use bad word sesor will replace / show as good word. make a list of the all spammeres frequently using words so all words will be repaced. even in there link/url bad word will be replaced.

2) Your visitor = Check Your forum contain and your traffic comes from . If traffic comes search engine from porn words. or you advertising your site from adult sites .


3) Daily check of forum/ site and delete which is not useful.

4) Disable live link / file upload

5) Back up site daily or frequently.

Try it you will guided your own too,

CBclickbank.com

Disable posting live links, disable signature.

You can't disable signature in your forum, how do you encourage new members to register in your forum if you disable signature? all the top webmasters forums do allow signatures, it's another way of increasing your members.

I'm not sure if SMF supports this, but if you want them to stop keeping them from coming back, make it harder for them to re-register.

Make sure that no one can post unless they supply a unique, valid email address. Make them click on a link in their email before their accounts are activated, in order to make sure the email address is valid.

Also, use CAPTCHA images during the registration form. If they're using bots, this will prevent the bots from reregistering.

I think i have found a solution, in a bid to increase the numbers of new members in my forum, i disable the visual verification image because new members are too lazy to type in the letters, this open the door for spammers who use an automated bot to register.

Since i re- activate the visual verification image, spammers have disappear.

Yup ... the visual verification image, or CAPTCHA :)

thanks for your time sister.

Spammers are a challenge for everybody.

There are very productive ways to identify bots and reject them. The problem is with humans. If you ban their IP they can connect through proxy and get back to you. If you save a cookie on their computer, they can erase it and are back to you.

One solution that we are working on right now is to identify the computer name or network card number from the computer that connects to your website, and use that to ban the access.

Hopefully that will solve 99% of the problem.

Chris.

Spammers are a challenge for everybody.

There are very productive ways to identify bots and reject them. The problem is with humans. If you ban their IP they can connect through proxy and get back to you. If you save a cookie on their computer, they can erase it and are back to you.

One solution that we are working on right now is to identify the computer name or network card number from the computer that connects to your website, and use that to ban the access.

Hopefully that will solve 99% of the problem.

Chris.

Wao that will be great, when is't coming out?

Well, we are working on it. There are still some tests we have to run.

Another way to flag potential spammers is to check their time on the computer vs. the time from the location of the IP address. If they don't match, it is a question mark.

Chris.

I'm waiting for the release.

CAPTCHA codes work very well for me, also the more difficult they are the less you get through the doors so to speak.
Unfortunately the more difficult ones I struggle to read, lol so it's a balance really

*

Well, we are working on it. There are still some tests we have to run.

Another way to flag potential spammers is to check their time on the computer vs. the time from the location of the IP address. If they don't match, it is a question mark.

Chris.

While I can see the objective is to catch people who use proxies, I don't think this is an ideal solution. What about professional forums that target business people who frequently take business trips? It's very likely they're not going to be adjusting the clocks of their laptops every other week.

Unfortunately the more difficult ones I struggle to read, lol so it's a balance really

*

I agree, Sometimes I get frustrated at not being able to successfully type the right characters and just leave with web site. Result: they just lost a member.

That was why i set my catcha to low.

the simple fact is that many businesses and educational use proxies for security reasons, so if you ban access to people using proxies, then you will lose a hige segment of your audience

The US government often uses proxies so banning them would wip out millions of potential good members (what's what I used when I first joined DaniWeb)

I agree, Sometimes I get frustrated at not being able to successfully type the right characters and just leave with web site. Result: they just lost a member.

But you can see the flip side where not using CAPTCHA just made the forum instantly unusable and overrun with spam.

yeah

i dont mind capthcas but i will leave the site if i do not get it on the first attempt

case sensitive ones piss me off bigtime

That was the reason i disable the catcha, but that open's doors for spammers. I have to reactivate it fast.

While I can see the objective is to catch people who use proxies, I don't think this is an ideal solution. What about professional forums that target business people who frequently take business trips? It's very likely they're not going to be adjusting the clocks of their laptops every other week.

You don't have to ban the access to your forum for the users that are raising question marks if their computer time does not match the time from IP. You let them register - if they pass the other steps -, but you mark them and watch every move they make on your forum.

If you have a forum and you watch the move of every spammer that joined it, I am sure you can find similarities and create a general profile for their behavior, and based on that change your tactic.

CAPTCHA is a solution, but something they are so difficult that even a human being has a hard time reading it (like somebody else mentioned here). Also, sometimes they are case sensitive, but in the registration page it is not mentioned that, so you try 3 times without being able to register and then they ban your access. You just loose people like that.

Our vision is to change the tactics dynamically and create algorithms to check the trust of the new user. For example:
1. Did the user came directly to the registration page or came from another one in your website? If they came directly that is a flag (which human being would do that?).
2. Set the CAPTCHA reasonable, so people would be able to read it. :)
3. In the registration form create an entry field called "company_name", or something like that, and then hide it from an external CSS file. You know that there's no way for a human being to see that field. If that field is filled in when the page is posted to your server that's another question mark. You can even ban them directly because of that.
4. Check their request method: is it GET or POST?
5. Check their browser model?
6. Check their session id
7. If you use one of these open source forums, try to change the name of the registration fields. Usually they have robots that have for all these field names associated a value. If you change their name they might not be able to register automatically.
8. You can “adjust” nr 7 and keep the name for the fields the same, but you reverse the name for the field that requires the e-mail address with the field that requires the username. On the server, you know that the fields were reversed, but the robot doesn't know. So, if you have an e-mail address in the field for the e-mail that should have the username, you flag that account again.
9. etc

This is a game. You have to be pro-active in order to get these people and keep your forum clean. :)

Let me know if you have any questions.

Chris.
CRT Business Solutions

That's too much job for a forum admin, who need to spend most of his time promoting his forum replying to posts, exchanging links, optimising etc...

The best is to set the CAPTCHA correctly and let the CAPTCHA do his job.

That's too much job for a forum admin, who need to spend most of his time promoting his forum replying to posts, exchanging links, optimising etc...

The best is to set the CAPTCHA correctly and let the CAPTCHA do his job.

not so.

It shoud be your job as forum admin to make sure the forum is setup so it is secure and you have proper people signing up. If you think it is too much to ensure this then you should never set a forum up. It takes time, effort and modifications to ensure it is popular and also secure against spammers and other such malicious users

*

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.