Over the last several weeks there has been an influx of registrations occuring on our site from China. Now this wouldn't be such a bad thing if it were not for the fact that most of them are spammer bots. Because we have legitimate users from China, blocking all IPs from China is not possible.
One of the things that really annoys me with these fake registrations is that I have to clean out their account from the database all the time.
So my question would be this. In the registration process, before a user record account is actually created in the database would it be better to have a temporary pre-registration table that would hold the data of a new registrar. The data would stay in the table until such a time as the real person registering the account has clicked the link in a confirmation email and passed a human challenge, then and only then would the Profile table be updated with the new user's account information.
This new temp table would not allow the user any rights or access to the site under the given user name and password. It is only a holding table for the data until the user has activated their account .
My idea would be this.
A new table in the database that would temporairly hold new account registration information. The new user would fill out the registration form as usual but the data in the form would then go to this temp table and send out the email confirmation request, instead of going to When the Confirmation email link is clicked on it takes them to a new page where they have to fillout another captcha and then click the button that would update the profile table in the database. This serves the function of not having your actual member account table being filled up with fake, false, or fraudulent accounts.
This temporary table could be set up in such a way as to let the admin manually clear out accounts that have not been confirmed and activated after a set time period has expired (72 hours), or possibly automatically with a new admin tool or something.
So what do you think? A good idea or not.
|
You are assuming that these spammer registrations are by bots. Odds are, they are real people. My opinions expressed on this site, in no way represent those of Boonex or Boonex employees. |
I think they are real people. Because I had one yesterday and they added multiple spam blogs - logged out and logged back in a few mins later to make sure their blogs were viewable by non members and members.
I just deleted their blogs
|
Well real people spamming can only be stopped by the admins catching them and removing their spam and accounts. Bots on the other hand could be countered by various measures.That being said the real goals behind this suggestion is
- to reduce the number of fake account registrations made by bots
- add a measure of registration security
- to keep the primary membership table "Profile" clean
- if the Profile table only has legitimate members in it then the membership count is more accurate
But I am glad to see that you are the first to post to this topic. Your Sig line was part of the inspiration for the topic title :-)
|
Fortunately for me, I have no interest in non-US members.
Can you send me the IPs of some of the offenders, and maybe an IP or two of legitimate users? I have a fraud detection account with Maxmind, and I'd be able to tell you if such an account would do you any good. I'd need some IP addresses to test it though. It would be a good test if you didn't tell me whether the IPs belonged to a spammer, or legit user, and see if I can pick out the spammers. My opinions expressed on this site, in no way represent those of Boonex or Boonex employees. |
To stop bots, anti spam questions are pretty effective. On a vBulletin site of mine, I once used the anti spam question, "What is the longest river in the US?" It stopped all the bots... trouble is, it stopped quite a few legit users also. You'd be surprised how many people don't know what the longest river in the US is. My opinions expressed on this site, in no way represent those of Boonex or Boonex employees. |
I had 3 users with email ...@yahoo.cn register last night but haven't confirmed their profile as yet.
Where do I find their IP address?
|
Install Deanos Tools. It has an IP Address Log. Someday, Someway. |
I got these IPs from 2 china spammers
124.160.102.138
60.177.201.8
|
I got these IPs from 2 china spammers
124.160.102.138
60.177.201.8
Maxmind reported a proxy score of 0.00 Lower is better, so zero is as good as it gets. It does tell you that the Chinese spammers are not accessing the internet though a proxy server.
The Maxmind service I use, is best for blocking registrations through anonymous or open proxy servers. Most people that access the internet in that manner do not have good intentions.
It's not an easy problem to solve, if you can't block China. There may come a time, where a person has to decide just how important those legit members are. If you think Chinese spammers are bad now, just wait another year or two. I have a feeling it's going to get a lot worse.
My opinions expressed on this site, in no way represent those of Boonex or Boonex employees. |
It's not an easy problem to solve, if you can't block China. There may come a time, where a person has to decide just how important those legit members are. If you think Chinese spammers are bad now, just wait another year or two. I have a feeling it's going to get a lot worse.Well for our company we have several partner groups and their affiliate partners that are part of our Asian division, (China, Japan, and Thailand), and represent a noteworthy percentage of our overall business. So in our specific instance blocking all China IP addresses is just not possible.
So I go back to my original idea. Can you think of any reason why this wouldn't work? Good idea or not?
|
you can already do this to some extent from the control panel as most spammers do not confirm email once they have joined and find there is limited access all that is left to do is delete or if you have a lot of traffic allow the 6 days trial membership to expire and dolphin deletes automatically via cron job..
yep spam is bad for a lot of people you can make all sign ups confirm there email addy in admin control panel this appears to stop all but the most persistent ones you do this in admin settings Moderation Settings
only tick the middle box
happy thoughts
|
They register with different mail accounts... also with gmail,. So you don't know if they are from china. Only look in the profile they make. All fields are the same data. lol
I have done this on a another way to stop them. They can register, but to have write options I have made a special level. Oke I have to cehck the profiles and made some manual settings, but that not a problem. Kids first |
@mingle
you can already do this to some extent from the control panel as most spammers do not confirm email once they have joined and find there is limited access all that is left to do is delete or if you have a lot of traffic allow the 6 days trial membership to expire and dolphin deletes automatically via cron job..
My issue with doing this is, as it is currently when a user registers with the site, a record is generated in the Profile table of the database, along with the auto-incrementing ID field. Where as if the registration went to a temporary table and was held there until the user passed all of the human checks including the email confirmation, then and only then would the data being held in the temporary table be added to the primary Profile table. Thus helping to ensure that the people that are registering on your site are in fact people and not bots.
Now if after they have been approved/confirmed/authorized to join the site and they still spam the forums, comments, or blogs then you can ban or institue whatever your site policy is for such behavior.
If it were only 1 or 2 a week or even a day then manually deleting their account is not such a hassle, but when the number is approaching 15-20 a day or more then its a headache.
Manually/visually verifying IP addresses is also a royal pain. As admins most of us have much better ways to spend our time than checking each and every registration to ensure that it is a legitimate user. I will go so far as to say that it is not just China that has done a lot of site spamming, but a list of IP address shows they come from all over the palce
Here are the countries that registered on our site since yesterday.
| Country Name |
| Canada |
| United States |
| United States |
| United States |
| United States |
| Bulgaria |
| Germany |
| United Kingdom |
| Germany |
| France |
| France |
| Turkey |
| Lithuania |
| Germany |
| China |
| United States |
| Brazil |
| Thailand |
| United States |
| United States |
| United States |
| Philippines |
| Malaysia |
| China |
| China |
| Philippines |
| Philippines |
| Germany |
| United States |
| United States |
Not all of them are spammers ofcourse but the point remains that several of them are. Even a few from the USA.
We use a feature from StopForumSpam to catch many of our spamers and to date 1479 Spammers have been blocked thru today. But it takes a chunk of my time every day to deal with it. So I am looking for a much better way to do this. I came up with the idea listed in the opening post and am looking for some feedback on it.
|
An excellent idea, Boonex!!
In the registration process, before a user record account is actually created in the database would it be better to have a temporary pre-registration table that would hold the data of a new registrar. The data would stay in the table until such a time as the real person registering the account has clicked the link in a confirmation email and passed a human challenge, then and only then would the Profile table be updated with the new user's account information.
This new temp table would not allow the user any rights or access to the site under the given user name and password. It is only a holding table for the data until the user has activated their account .
My idea would be this.
A new table in the database that would temporairly hold new account registration information. The new user would fill out the registration form as usual but the data in the form would then go to this temp table and send out the email confirmation request, instead of going to When the Confirmation email link is clicked on it takes them to a new page where they have to fillout another captcha and then click the button that would update the profile table in the database. This serves the function of not having your actual member account table being filled up with fake, false, or fraudulent accounts.
This temporary table could be set up in such a way as to let the admin manually clear out accounts that have not been confirmed and activated after a set time period has expired (72 hours), or possibly automatically with a new admin tool or something.
There are none so blind as those that will not see. |
Considering the fact that these spammers are most likely real people, I don't think it will stop them. If they are making it through the email confirmation now, I don't see how this is going to make any difference. My opinions expressed on this site, in no way represent those of Boonex or Boonex employees. |
well your site sounds like its quite busy and I understand your point but using the above method with a promotional membership the script prunes the database when membership expires automatically !!(with the exception of the spy wall ) urggggggggg
so as far as i can see this cuts down on admin although you do have to manually up the real membership levels unless you make users of your site pay anyway
I am sorry that i can not answer your specific question But it appears in my ignorance you are trying to add more processes to your site and an already heavy data base reliant script when there are adequate ways already in place . the best way to beat these spammers is to remove all mentions of boonex out of the script I have dolphin on the back end of a video script that I have been using for years it has blogs and a forum and they bypass the front end of my site and head straight to the dolphin portion, so this spamming issue is very new to me although denial of service attacks are not ip denial in cpanel works at the core of the server if your traffic from asia is a part of your business i can not see a solution,as i said the promotional membership level prunes membership via cron after the amount of days you stipulate which sort of sounds like the temp place in the data base you are currently trying to build ...
you might look at this but the email side of it is not that viable due to spam :O) here
happy thoughts
|
@mingle
...the best way to beat these spammers is to remove all mentions of boonex out of the script...
When you say remove all mentions of boonex from the script, are you saying to go thru some several thousand files and remove all instance of the string "boonex" as well as the text "boonex"? I'm thinking you mean something else but am not sure what it would be? Please elaborate.
|
No i am not saying remove all but try some google searches for your site with boonex in the search is all i will suggest you have this facility on your site :O) houstonlively did a post a few days ago about boonex search strings, but i can not seem to find it .... all i will say is it is eye opening ..
or alternatively do open google search for the sites in china that are giving lessons on targeting boonex dolphin sites for the purposes of spamming they use specific text strings orca forums included . there are lots but not thousands. spam Its a pain and there is NO quick fix ,, but on the bright side I know a cheap place to buy ugg boots now :O)
as I said your data idea is worth a thought but in reality this system is in place already.. wood and trees come to mind ...
happy hunting :O)
|
I'm working on a possible solution!
I have a forum on one of my sites with 120,000 members and a hand full of mods. Last year we started getting spammers bypassing the human verification system on signup. A few months later we were being hit with about 400 new spammers joining every day. Yes they seem to be human. My moderators were working flat out to keep on top of spam deletion and ban spammer accounts. I asked them to list all IPs, emails and user names used by the spammers so we could see if a pattern imurged. I was hoping they would all be from Delhi, India as that had become spammer capital of the world, and I could have blocked users by IP. There was no pattern though. The spammers IP's were world wide, including USA, UK etc. A human eye could often identify a user name or email as that of a spammer, and my mods were getting good at banning spammers before they had a chance to post.
The moderators were really suffering exhaustion from all this. In the end I found a free forum spammer database where loads of forum admins report spammers. The service has an API that you can use to query IP, username and email address. So I got an API key and set about coding a script to go in my registration code.
The great, and very powerful thing about the API is that it returns a score based on number of reports for the IP, username & email individually. So I set about to use the score from all three. I knew that an IP that had a score of < 5 could be a shared IP, and you could inadvertently block genuine users if you blocked that based on a low score. Also a username that has a score may just be a popular username. So I used the 3 scores in order of prefference to filter out the spammers. I also set my script up to send me an email containing IP, IP score, username, username score, email and email score for each registration that got blocked, and one for each that paseed in addition to the standard email that vBulletin sends when a new user registers.
As soon as I set it live the impact was instant. I monitoed the emails and was checking the blocked ones to see who was getting blocked and why. The effect on the site was just instant. Literally no more spam, well, just the odd one from time to time, but not the continual bombardment that we'd been having to deal with before. Interestingly of the ones that passed but to a human eye were obviously spammers, most failed the registration completion due to incorrect username format or other incompitance. Mean while all genuine users where getting through and registering as usual.
I can not emphesize enough what an imediate, fantastic and site saving result this had! The database it queries is well maintained and reported to by 1000s of forums. So many in fact that normally by the time a spammer gets to my forum, they have already aquired a string of reports and thus, get blocked, leaving very few that actually get through. In real figures I would say 99.8% in spam reduction. A huge impact!
Any how, I'm assuming those same spammers would also be the spammers that will hit a dolphin community. So I am planning to impliment this on my dolphin site to block spammers registering when I update it shortly. If it has the desired effect I will post a hack and instructions on how to impliment it on your sites!
|
Thx Slix, hope to hear from you soon. How is you progress?
Best regards, Eru - http://www.zoopal.org |
This might help if you are getting a lot of spam?? Worth a try.
Go Here
|
This might help if you are getting a lot of spam?? Worth a try.
Go Here
Problem is spammers are cleverer than that, and they aren't just from china. If you look at your spammer's details you will see that their IP addresses resolve to countries all over the world, including USA, UK etc. IP blocking is fruitless. When I have more time I will code my system to work on dolphin - only I don't really need it on my own dolphin site as I have it setup so all users have to pay to join which blocks the spammers any way. So in the mean time if you are having serious problems with spammers contact me and I'll be happy to set it up on your site for a small fee.
|
