: Chinese bots in my forum I have a small community forum that doesn't really get posts or any real traffic. The only thing that happens on the regular is bots with Chinese IPs signing up gibberish
I have a small community forum that doesn't really get posts or any real traffic. The only thing that happens on the regular is bots with Chinese IPs signing up gibberish usernames. Most bots don't make it past the captcha but some do. I try to stay on top of this by banning IPs and ranges of IPs but it doesn't really seem to help.
The bots never post anything so what are they doing? Should I be worried? Should I keep banning IPs or is it futile?
More posts by @Tiffany637
5 Comments
Sorted by latest first Latest Oldest Best
The SMF sites I manage use both Project honeypot to prevent the bulk of nasty signups, and the ones that get past that I use a mod to to check against stopforumspam.com very few slip through, and false positives are extremely rare
I would be tempted to email anyone who has signed up and not posted to ask them if they are having trouble - good customer service! - and if their email addresses bounce, or they respond with junk then delete their accounts.
I +1 mikey_w because on a reasonable size discussion forum (1,000+ posts a day) I have worked with, I do indeed find that spam bots sign up as sleepers. Sorry if that ruins the joke ;)
You don't mention what software you use, but keep an eye on how many IPs you ban, as with phpbb I have seen pages run slow because of a massive ip ban list, it gets cached in a good set up, but I have noticed requests where 90% of the build time was checking for banned ip.
I am never entirely comfortable banning by country, especially since learning as much as 40% of dodgy traffic comes from the USA (on the discussion forum I work with, YMMV)
Instead of just checking by country, check out Project Honeypot they have an api you can use to find known spammers by ip, they will return a score and often a comment like "known comment spammer" that way you can ban bad ips rather than black marking entire countries.
Project Honeypot gave birth to CloudFlare which is a CDN that sits in front of your site and provides speed and security upgrades; it is well worth a look at it or similar solutions (I don't work for CF but am a fan). Using either of these methods you can stop them even getting to your site. You don't say if you pay for data transferred but CF's bandwidth is free so it helps with that too.
The bots are probably harmless. But I like to think that I'm starring in a Tom Clancy novel and it's a sleeper cell waiting to unleash a tidal wave of spam that could ultimately compromise national security. So I recommend deleting them on a routine basis. ;)
When a user signs up, determine what country they're from. I find that MaxMind's GeoIP web service data is the most accurate and easiest to use - www.maxmind.com/en/web_services. for 200,000 lookups but you can get at least 1,000 lookups for free, if I recall correctly. You can install their DB locally and use it for free but the webservice is easier to manage.
If the user is from a suspicious country (China in your case; most spam on my boards comes from India) put their account into a queue that (1) requires a unique, verified email address; and (2) requires moderator approval before they can participate freely.
You can potentially insert a "challenge question" (either a one word question or a 3-4 sentence "essay") to explain why they want to join at this step and use that in the review process. It's possible to game this question and a determined spammer will figure out what to say here. Therefore, I recommend a review of their first actual contributions to the forum before green lighting the user.
When they make their first post, I think it's best to show an "Account under review. Mod must approve your first post" error message. Add the content to a moderator queue. Check the content for links. (If the content contains links and its the user's first post and they're from a spam happy country, the post is probably spam....) Regardless, if the user has never posted before and they're from a spammy country put that content into a queue that requires moderator approval before the content goes live.
This approach gives some control to the forum operator about what gets posted but it doesn't antagonize legit users.
I have this on some of my sites, whilst not a perfect solution I used MaxMInd GeoIP to block countires in Eastern Europe & China. This reduced the number of bad signups by over 90% for me.
GeoIPEnable On
GeoIPDBFile /path/to/GeoIP.dat
SetEnvIf GEOIP_COUNTRY_CODE CN BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE RU BlockCountry
# ... place more countries here
Deny from env=BlockCountry
Take a look at dev.maxmind.com/geoip/legacy/mod_geoip2/ if you think this solution would work for you.
My guess would be that they're crawlers which haven't received a particular order to sign up for your site, just sites in general. I can't imagine why they would sign up and then never post anything; perhaps your post button/form is oddly set up so that they can't use it? If you want to prevent them from registering (the ones which get past the captcha), you can take additional measures such as using a Javascript form or email verification as detailed in this post. In regards to your question about IP banning, it certainly can't hurt, but it might not help much either.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.