Russian spam threads?

[manofwar95]

I've noticed a lot of these lately in the "general support" forum, I've translated a few of them and they are irrelevant and the links lead to Russian online shops for random things. Whats going on here?

[Schmoozerd]

dunno - they started to increase I think in december, most likely a new bot software that can handle the registration here, so most likely it won't get better until luda increases the obstacles for registration

Really annoying, but we cannot do more than bann&delete

[Xenithar]

You would think that this sort of thing would be illegal. Doesn't it break the TOS? As for stopping them however, have you got one of those "type the letters" things in place? (Captcha?)

[DaC]

there is an reCaptcha on the registration formula, looks like they can break it

[Senpuria]

I have messaged Luda about implementing confirm of email address before being able to use the forum.

That way if we do get any spam we have a genuine email to ban from the forums, at the moment users can register with any email they like.

[manofwar95]

What's even more confusing is why they would be spamming the English "getmangos.eu" forum and not the Russian "getmangos.org" forum o_O

[Senpuria]

Yeah it's quite weird.

At the moment its just to hard to stop them from spamming the forums unless TheLuda changes the board configuration.

Should be sorted soon anyway don't worry

[Unkle Nuke]

It's a never-ending tech battle. They must generate enough income to justify all the effort expended on creating these tools to circumvent anti-spam. I'm not so sure it's to get sales of product so much as it is harvesting information from those people that click the links. Data brokers make big bucks trading your private information.

There's also the possibility those sites have been compromised and this is an attempt to use "drive-by" downloading to infect your computer for whatever nefarious purposes they have in mind.

[manofwar95]

I've also noticed very english spam bots. This is getting pretty bad and more frequent.

[Patman128]

If you start filtering based on blacklists (i.e. http://www.stopforumspam.com/) you'll catch a lot more of them. I can almost guarantee most of the bots that hit here are on there.

[Senpuria]

If you start filtering based on blacklists (i.e. http://www.stopforumspam.com/) you'll catch a lot more of them. I can almost guarantee most of the bots that hit here are on there.

Yeah we could definitely do something like that.

It depends on how it works since in some cases it may stop users from registering to the forums.

Edit: It seems quite good we could use that.

[Xenithar]

I have seen some forums using short videos and then asking a question about the video to allow registration. The problem with that however, are users with slow connections. I like the email verification. Simply delete unverified accounts within a week and you keep your database clean as well.

[pcheddar]

Email verification is far from the perfect solution. I've run a website that has user registration for a number of years now. I found that so many bots could successfully respond to email verification that I eventually just turned verification off. Analyzing the registrations, I found that it was actual legitimate users that were the ones having trouble responding to the verification emails, either because of their junk folder rules, they were too lazy to complete the registration, or they used fake email addresses.

What solved the spam problem for me was a plugin I installed that uses 5 different sources to block spam registrations. I believe it uses blacklists, but it's been so long since I installed it, I don't even remember anymore (over two years ago). I still get new users registering and the odd bot from time-to-time, but nothing I can't handle. The plug-in has been a godsend. I suppose it's possible that legitimate users might get caught up in the net, but that might be a risk worth taking as the spam here is really bad.

As for the plug-in I use, I don't run the same platform that's used here, so it wouldn't apply. But I'm sure a popular platform like vbulletin has similar tools (I'm assuming this is a vbulletin forum, as it looks like one).

[Senpuria]

Yes email verification was just a temp solution until TheLuda gets around to installing the blacklist application.

[void513]

Im not sure how many ppl signing up up a day on this forum but setup so moderator got approve you after signing up.that way moderator check email and all before giving access to forum to help cut down on ppl spamming these adds

[Unkle Nuke]

With the ideas that Senpuria, Patman, and pcheddar have offered, it's just a matter of when TheLuda returns from his other obligations to implement a working solution.

Until then, we all just have to bear it with good grace while back-tracing their IPs and hunting the spammers like the disease-bearing vermin they are. ]

[void513]

ahere another idea i think it use in another forum during signing up you have to answer a question that req u to actualy google it to get answer.maybe can be random or mayby out set of question that randomly pick so not same or predictable say set 50 question the randomly have you answer one of question out of the 50 when you signup.and change the question every so often to make more dif for bots

[Auntie Mangos]

Let me jump in here:

• we do have a working reCAPTCHA,
  
• we do verify email addresses and do not let unverified users post,
  
• we use a random question upon registration, as I have written a module for that myself a while ago. It just might need more questions and answers to make it more "random".
  

If you guys and girls feel like it, come up with a few cool questions/answers, and I will add them. Also I will add and enable the blacklisting module.

[Senpuria]

I think if we come up with any questions they should atleast be WoW related, that way..people should know the questions when they register due to the nature of the forums but the spammers probably won't

[void513]

come with a couple sets of random questions so that you switch them up with every so often so the answer dont become predictable

say 20 or more how many want put in at time use those for a while example couple months then change the set question up with new set of 20 or more

that way the are never realy the same group of questions