Anti-Spam by CleanTalk

Started by WAS, June 12, 2018, 06:35:31 PM

Previous topic - Next topic

WAS

Maybe this will help here? It's popular on several forum softwares

http://custom.simplemachines.org/mods/index.php?mod=3851
https://cleantalk.org/install?platform=smf

It's free for a 7 day trial to see it works, but than has a small yearly price (8 a year for one website).

Also is account verification active?

Some of these spammers are spreading some very dangerous websites.

Oshyan

We have several anti-spam systems already active, they block literally 100s of bad accounts per day (judging by the logs). No system is perfect, some will always get through. I will look into the recommendation though and see if it would be better than what we have.

- Oshyan

WAS

#2
Quote from: Oshyan on June 13, 2018, 01:30:21 AM
We have several anti-spam systems already active, they block literally 100s of bad accounts per day (judging by the logs). No system is perfect, some will always get through. I will look into the recommendation though and see if it would be better than what we have.

- Oshyan

From what I see you're using two systems that have long since been worked around by bots. You're using basic CAPTCHA (not something more modern and maintained like reCAPTCHA) which is very vulnerable to optical character recognition. You're than using a textual question, which only asks for a numerical input which is a single numerical input in the low range of incremental attempts (the second attempt). Additionally questions tagged "How many" narrow down the input given.

I don't mean to be rude, but while more basic bots may be getting fooled, for modern bots, it's really an easy task.

While I may be no good at Terragen, I've been developing websites for 15 years and have worked with some pretty top notch companies and entities, as well as my own projects, and have specialized in forum security, having helped develop Invision Power Board and later work with VB plugins. Spam is really a thing of the past on properly configured forums, bot spam, that is. Honestly wish forums were still popular so I could make some marginal income for my son, but the scene is quite dead. I love forum software, and miss those days.

Oshyan

The registration form protection is not sufficient, at least for SMF. We use several back-end systems, including a honeypot, to detect a majority. There has admittedly been a bit more getting through lately though. reCAPTCHA was problematic in the SMF plugin last time I tried it, but I'll look at it again. If we can get that going it would make a nice end-to-end system. Like I said it's not that we're not aware of it, it just didn't work well in the SMF implementation last we tested.

- Oshyan

WAS

#4
It may also help to maybe not except VPNs during registration. While many use VPNs nowadays, it isn't needed for a HTTPS registration here, and also would prevent a majority of modern bots piggy-backing on free VPN services posing as legitimate locations as well ISPs/Hardware.

SMF is really really outdated these days, more maintained than active development. It's a good base for heavily customization but as is, without good plugins or custom hooks, it's pretty plagued with issues.

Additionally maybe just adding the simpler user group privileges scheme might do wonders. Ask users to introduce themselves in a specific forum before moving them to "Members", where they are allowed to create threads and replies with the rest of the forum. Effort on the administration side is drastically reduced, easier to cleanup, and doesn't effect where active members are interacting.

Oshyan

We already use a well-maintained blacklist-based system that deals with VPN registrations and other things. Although we've had a few spammers get through recently (one notably bad one, of course), in the grand scheme of things it's not a massive issue. We've now implemented reCAPTCHA (thanks for reminding me to look at it again!), so that should help a bit more. We find things like formal introduction threads, etc. to be further limiting to activity and non-ideal, so we avoid that and other member group-based limitations. I don't think they're necessary anyway.

Thank you for the help and advice, I think we're good now.

- Oshyan