Is it possible to institute some sort of restriction on first time posters? What I have in mind is a limit on the number of posts that can be sent in the first half hour or a reinstatement of the ban on URLs in a first post. Lately spammer activity has become really ridiculous with a dozen or more threads getting replies at the same time.
Bob S.
spam
Re: spam
Hi Bob,
You're right that the spammers have been enthusiastic visitors recently. Sadly I can't do either of the things you suggested, but I have run through the settings and made things as inconvenient as I can for them without (I hope!) messing things up for the rest of us. Let me know if you see any problems.
Cheers, Paul
You're right that the spammers have been enthusiastic visitors recently. Sadly I can't do either of the things you suggested, but I have run through the settings and made things as inconvenient as I can for them without (I hope!) messing things up for the rest of us. Let me know if you see any problems.
Cheers, Paul
-
Citroen
- SpamTeam
- Posts: 8063
- Joined: March 16th, 2006, 3:28 pm
- Location: A small cave in deepest darkest Basingstoke, UK
Re: spam
We had a ban on the old phpBB2 version of this forum. I made it so that you had to post three times before you could include an URL.
That modification to the phpBB3 code disappeared with the upgrade.
Best bet with the spammers is a seconday registration challenge like
http://research.microsoft.com/en-us/um/ ... ts/asirra/
because Google's reCAPTCHA is too easy to defeat.
For a board with a small geographic area (the UK board normally gets UK, IE, AU, ZA and US plus a few western Europeans like NL and DE) you could do stuff like GeoIP to find where they've arrived from and have anyone outside your designated area forced onto a pre-registration list. Some of the spammers are coming from addresses that don't have reverse look-up for their domain name, I'd block those for a day after one (maybe two) hit(s).
I'd also have it that when you've have the fifth fetch of the registration page from IP address w.x.y.z you silently block it for a half hour, if the same client address comes back another five times you block for an hour, then another five and the block extends to two hours. That rapidly gets to a point where the delay exceeds the value of success.
You could also have the same for posting, the board can give an average number of posts/day by the average user (probably not including me, Henry and definitely not Ranger), when you've exceeded the daily average, you're blocked for fifteen minutes, then 30, then 60 getting streadily longer blocks until the spammer goes away bored of the whole experience. Those sorts of thing would expire when your ID has been registered for a week or two or perhaps with a moderator approval process (when a moderator sees a new user with a sensible rowing related post they could have a button to move the user to the approved users group).
That modification to the phpBB3 code disappeared with the upgrade.
Best bet with the spammers is a seconday registration challenge like
http://research.microsoft.com/en-us/um/ ... ts/asirra/
because Google's reCAPTCHA is too easy to defeat.
For a board with a small geographic area (the UK board normally gets UK, IE, AU, ZA and US plus a few western Europeans like NL and DE) you could do stuff like GeoIP to find where they've arrived from and have anyone outside your designated area forced onto a pre-registration list. Some of the spammers are coming from addresses that don't have reverse look-up for their domain name, I'd block those for a day after one (maybe two) hit(s).
I'd also have it that when you've have the fifth fetch of the registration page from IP address w.x.y.z you silently block it for a half hour, if the same client address comes back another five times you block for an hour, then another five and the block extends to two hours. That rapidly gets to a point where the delay exceeds the value of success.
You could also have the same for posting, the board can give an average number of posts/day by the average user (probably not including me, Henry and definitely not Ranger), when you've exceeded the daily average, you're blocked for fifteen minutes, then 30, then 60 getting streadily longer blocks until the spammer goes away bored of the whole experience. Those sorts of thing would expire when your ID has been registered for a week or two or perhaps with a moderator approval process (when a moderator sees a new user with a sensible rowing related post they could have a button to move the user to the approved users group).
