Mobile app version of vmapp.org
Login or Join
Turnbaugh106

: How are spambots registering on my website? I have a forum that's getting a bunch of spam bot registrations. Here's what's happened: lots of spambots added static logic question (as a picture),

@Turnbaugh106

Posted in: #Botattack #Spam

I have a forum that's getting a bunch of spam bot registrations.

Here's what's happened:


lots of spambots
added static logic question (as a picture), static math question, honeypot field
still lots of spambots
added a built-in CAPTCHA
still lots of spambots
banned a bunch of known spam domain emails like @spam .xxx
spam cut in half, but still lots of spam from spambots on other domains I don't want to block (like gmail, yahoo)


I'm really, really baffled at how spambots are still getting through my measures and registering. How is this happening?

Here's my registration page:

10.02% popularity Vote Up Vote Down


Login to follow query

More posts by @Turnbaugh106

2 Comments

Sorted by latest first Latest Oldest Best

 

@Shanna517

Take a look at the IPs connected to the spam posts. Secondly, filter your logs for that IP. Then you'll be able to see exactly what the bots are doing and find patterns.

It may be that the spam bots are even circumventing your anti-spam mechanisms completely. What forum software are you using? Is the software up to date?

Also, you could stop new users from posting links or URLs and enable peer moderation (or at least let users flag posts as spam). This won't keep spam out completely, but should keep spam levels down to a minimum. Also, you can use PHP to generate images from text, so you can just generate a random math problem each time.

Finally, where are you implementing the anti-bot mechanisms? Just on sign up? What is the average post count of the spam accounts? If the post counts are high, then your moderators aren't doing their job, and the spammer is able to sign up for 1 or 2 accounts manually and then spam away.

10% popularity Vote Up Vote Down


 

@Sarah324

... added static logic question (as a
picture), static math question ...


Is that to say that the question is always the same? It won't help, if so - consider that whomever is operating the spam bots is likely looking at your registration form and adjusting the spam bots' operations accordingly.

Without seeing the underlying code (plus your server logs and settings) it's hard to say exactly what's going on, but you might consider that whomever is operating the spam bots is aware of an exploit in the software you are using (ala PHP's register_globals) as well.

Consider looking up potential exploits for the software you are using, updating with any and all available patches (to include patches for plugins), and implementing reCAPTCHA.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme