Since we've upgraded to version 3.7.2 we've gotten a lot more spam here (or so it seems). Maybe we should consider installing a non-stock captcha or some other anti-spam measure to reduce spam sign ups?

I've noticed that...we need to do something about it anyway. Captcha was the first thing that I thought of - stop the spam registering in the first place, excluding the need to remove their threads..

Maybe one of those simple question techniques too. You could manually add one that isn't used elsewhere, similar to the 'is ice hot or cold' question that a few use.

Moderation of threads seems to be handled ok currently, most being removed fairly quickly but stopping them in the first place would be the best option.

When someone registers, they currently are emailed a link to click on to confirm their registration before they can post. So, I'm not sure extra captcha would curb anything as I think the confirmation email helps to ensure it is a person registering.

There are some hacks to disallow img tags based on a user group and I could apply them to people with less than 25 posts that way we at least won't see the pictures that are shown. I tried to install two different one's this morning, but they didn't fit the bill. I will need to look at what other options there are out there.

Thanks to those of you who report posts as it helps us get on it in a faster manner!

When someone registers, they currently are emailed a link to click on to confirm their registration before they can post. So, I'm not sure extra captcha would curb anything as I think the confirmation email helps to ensure it is a person registering.

There are some hacks to disallow img tags based on a user group and I could apply them to people with less than 25 posts that way we at least won't see the pictures that are shown. I tried to install two different one's this morning, but they didn't fit the bill. I will need to look at what other options there are out there.

Thanks to those of you who report posts as it helps us get on it in a faster manner!

There is software out that that automates the entire process of signing up including clicking on the link in the verifying email. When we get spammed a human being never even looks at TBE. Software automates the whole thing. And judging by the quantity of spam we are getting we may have been added as a default target in the software which means it is going to worse quickly.

If some software is automating the whole process, would it not be the best option to choose a random question like I mentioned above? That way, software isn't going to know the correct answer and registration won't work..

If some software is automating the whole process, would it not be the best option to choose a random question like I mentioned above? That way, software isn't going to know the correct answer and registration won't work..

That's a good solution, too. Anything that changes the registration process from the default VB install is a good start.

Go to sleep and all hell breaks loose! I cleaned up a lot of spam this morning. I think it will be smart to employ several measures to stop or slow down the spam. I plan on taking care of this, this weekend.

Also, I will have an announcement this weekend so you can look forward to that!

Yay, announcements!

(Is it a good one?)

I don't know, I added a lot of new bookmarks from the spam :blush:

I don't know, I added a lot of new bookmarks from the spam :blush:

Do you have folders for "hairy" and "Ireland"?

Does VB have the ability to reject posts or hide them if they contain certain words? If so it should be easy to block viagra and porn related spam.

Also, maybe we should consider putting spammers into their own usergroup. That way we can set them up so they can post but no one can see it but them. Automated software usually attempts to reuse identities if it can and that should trap some of the spam, too. Thoughts?

Does VB have the ability to reject posts or hide them if they contain certain words? If so it should be easy to block viagra and porn related spam.

Also, maybe we should consider putting spammers into their own usergroup. That way we can set them up so they can post but no one can see it but them. Automated software usually attempts to reuse identities if it can and that should trap some of the spam, too. Thoughts?

That could be one solution but it only really masks the problem as opposed to solving it. We would still have plenty of spam members posting stuff we can't see...Surely there must be an efficient way to stop them registering in the first place?

Don't know much about vbulletin, but looking on their forums a couple of options (some have been mentioned, some may have been looked at but ignored, but all worth mentioning)

1. Prevent Spam Posts - vBulletin.org Forum (http://www.vbulletin.org/forum/showthread.php?t=131568) - not sure if it works on 3.7.2
2. NoSpam! - an alternative to CAPTCHA images - vBulletin.org Forum (http://www.vbulletin.org/forum/showthread.php?t=124828) - does the question thingy mentioned
3. How about making a new profile field and make it required. It's unexpected and unlikely to be completed by preprogrammed bots.
4. Moderating the first post of every new user - may be a bit tiresome though.

Obviously human spammers can't be fooled, but the first or fourth option may curb it a bit?

We definitely need to investigate more options as the current measures, which have helped, aren't doing quite enough as we are still seeing a consistent flow of spam.

They all seem to be targeting the Monetising your Blog forum, so maybe first time posters who post in that forum can be modded?

What I may need to do is create a new user group for members with less than 2 posts (they usually don't stay longer than that) and have their posts be moderated as a whole.

They all seem to be targeting the Monetising your Blog forum, so maybe first time posters who post in that forum can be modded?

That's because their automated software is set up to look for certain words when posting. That one either contains a keyword they are after or is the default forum for some other reason.

It's probably pre programmed to that exact forum URL. It's why certain blog posts get far more spam than others. Right now I get the same spam to two completely different, unrelated domains, and always on the same posts and not on any others.

Probably if that forum ID wasn't used (ie. the forum was recreated and everything moved into it then the old one perhaps hidden from public view but could still be posted to) the spam would continue but it wouldn't be seen.

Usually it's the first forum on the page that's spammed (regardless of ID) so it's interesting they've targeted that one in particular.

Well, last week I put in a custom required field in place and while that slowed things down, it didn't delete it completely.

I have created a new user group for people with less than 3 posts to have their initial posts moderated before they are shown to users. Hopefully this helps!

Will mods be notified of new posts?

Don't know. Will have to test everything out extensively tonight as I'm not sure it's working correctly.

Forgive my ignorance, since we all know I've got it, but when these things target posts on my blog, they always have changing IP addresses. Is there any way to implement some sort of proxy-sniffing death ray?

Nope unfortunately there is no way to tell between a proxy by looking at the IPs that I know of. We looked for something similar when I was at Sitepoint without any luck,

Man. Spam is getting out of control. Anyone got any other ideas for trying to limit this?

It slowed for a while so what changed during that time?

If the following is an option I think it would work (for a while at least).

They're targeting the monetising your blog forum (ID 16). This is what their software has been given in terms of URL to spam. So if a new forum for monetising your blog is created, all of the posts from the old forum 16 is moved to them. Then for forum ID 16 hide it from the public but allow the public to post to it (if that is at all possible).

Then the spammers would think they'd been successful still and less likely to update their software (which most probably get updates from the site they bought it from), and the spam would be hidden instantly.

Alternatively, if hiding the forum but allowing public posts to it isn't possible, just remove or premoderate the entire forum 16.

If it's possible it's worth a shot.

Yesterday, there was porn on the forum, again. Not just porn links, but right there, in-your-face (or someone's, anyway, if you get my meaning) porn. I know spam, in and of itself, can be incredibly difficult to stop; but surely new members can be restricted from being able to post images/scripts/html/whathaveyou???

That actually sounds like a good idea. I think it's worth a shot.

I actually tried that Sam and it works in private messages, but it isn't working in posts. I'm always hesitant to "hack" the code directly because it makes upgrades extremely hard, but I may need to do it.

Have we tried captcha on signup? I know it was mentioned that people were confirming emails to post but maybe it's at least worth a shot before modifying code directly.

OK. I've been looking and looking, and there doesn't seem to be much in terms of spam-killing add-ons for 3.7. But what, exactly, does "moderate new members" (as seen here (http://www.vbulletin.com/forum/showthread.php?t=275800)) do? Does that actually moderate posts from new members, or just hold registrations for approval?

Something needs doing soon ;)

Maybe ask around some popular forums using the same software version and see if they can give us some tips?

I'm playing with some stuff this weekend so we will see how that goes. The thing is, a lot of the spam that is being posted lately are things like this:

When you're ready to blow, open your mouth and hope for the best.
insert link here

And that doesn't send any red flags off. I believe the spammers that are registering are actual people rather than bots as I have a couple of measures in place to try to force this. I have also turned on akismet here as of today so helpfully that will help. The amount of spam is actually not bad compared to other forums I have moderated at or spent time at; unfortunately the amount of regular posts has gone down quite a bit so the spam is becoming more and more apparent. Plus I haven't been able to get to it fast enough so it sits here longer. SarahG has been a great help in removing the spam.

I think in addition to combatting spam I need to try and spend more time here and provide better content here.

Thanks to everyone for your patience.

Sorry, I was away this weekend!

Some spam is human, however with most spam posts going in to the monetising your blog forum, those I truly believe are 99% spambots, as there's no deviation on the URL they're posting to, hence my earlier suggestion of changing the forum.

Good point Sarah. Since installing the akismet and adding other features, we haven't received a spam post yet. I'd like to see how that plays out before trying some new things.

Geez, I go a way for a couple months and the spammers come crawling out of the woodwork.

It's all because you left ;)

I know this is a n00b question, but is there some way we can just hardcode Dan Schulz to the forum? If Dan's what works best, then someone should really give it that old college try.

What, give me admin privileges? Wouldn't be the first forum.

Though I doubt Sara would enjoy that very much...

What, give me admin privileges? Wouldn't be the first forum.

Though I doubt Sara would enjoy that very much...

Noooooooo! I was thinking something more Borg-like... :naughty:

Given my love of the Borg, that'd be a fate worse (for everyone else) than me becoming an admin or moderator here. ;)