Spam problems

  • Hi,


    Recently I'm being harassed by spammers. Apparently they get through captcha and recaptcha, even questions in Flemish seem to be no problem anymore. How does the software protect my community against those spammers? With other (open source) software I didn't have this problem?

  • Hi,


    Recently I'm being harassed by spammers. Apparently they get through captcha and recaptcha, even questions in Flemish seem to be no problem anymore. How does the software protect my community against those spammers? With other (open source) software I didn't have this problem?

    Spammers and vicious Bots seem to be a consistent problem for any individual who has a website / forum.

    No matter what Forum software I have used in the past, and from which country they were "home" to, or which Hosting Provider I had,

    I experienced what you are experiencing now.


    When I had a rather vicious cycle of these pesky (and sometimes costly) "nut cases", my current Hosting Provider blocked them

    on the server side;

    and I have been able to Block additional spammers and bots by entering them into my .htaccess file (using their URL ID).

    However, it is an on-going task because there are literally thousands (millions ?) of spammers and vicious bots "out there in internet land".


    At the time I had my first major incident, my current Hosting provider suggested I ask Woltlab Developers if they had any

    specific programming included in their Forum Software for protecting against such activity; of which I never got around to asking

    because I have been mostly successful in blocking out even the most vicious spammers and bots (as I mentioned above).


    However I find your question not only interesting but a question which deserves an answer from Woltlab Developers -

    so I will watching this Thread to see how they answer you.


    DJ

  • However I find your question not only interesting but a question which deserves an answer from Woltlab Developers -


    so I will watching this Thread to see how they answer you.

    Yes, it has, for example singing up is more difficult because of a so called honeypot for bots.

    return null;


    Browser: Firefox Nightly (64bit)

    Betriebssystem: Windows 10

  • Yes, it has, for example singing up is more difficult because of a so called honeypot for bots.

    Thank you for your reply.

    You stated: " ... signing up is more difficult .... "


    That of course is good; but there are "two parts" or distinct differences between 'signing up' and being hit by spammers who are logging in

    to one's Forum , apparently just for the purpose of running one's Hosting Tier Limit way beyond what the Forum Owner has opted to select

    and pay for.


    I don't remember who it was now, but someone on Woltlab Forum said he got hit (at least twice) with thousands of hits in one day -

    and that his Hosting Provider had given him a warning that if such a large amount of hits (activity on his forum) were to continue,

    they might discontinue his service because his Hosting Tier did not cover such a large amount of activity.


    Soon after reading that, I also got "hit" by a very large amount of hits by three spammers - NOT with any attempt to become a Member

    of my forum - but rather (apparently) to just inflate the bandwidth use to a point whereby I might have to select a higher tier

    of hosting service.


    When I alerted my Hosting Provider of these spammers, that is when they blocked the spammer 'on the server side' - as they worded it.

    That stopped the activity; and thankfully my hosting tier package was not surpassed the limit.


    But there is also one other point I would like to make here:

    In the >ACP, >Configuration, >General >Security >Blacklist, I have added known spammers on my forum by inserting their Internet IP

    Address into the "Blacklist".


    However, through experimentation (meaning that when I inserted these into the >ACP >Security >Blacklist) it was NOT effective

    in preventing those SAME spammers (if the same IP was used) in returning to my forum (logging in to the forum).


    HOWEVER, when I began logging such spammers - (by IP Address) - via my cPanel, and using, IP Blocker, it stopped such spammers

    coming back - (of course they can return using a different IP Address).

    Such happened when I got those massive hits by three spammers - as noted above.


    So far however, by relentlessly keeping a watchful eye on my forum, through the help of my Hosting Provider, and by logging them

    into my cPanel "IP Blocker" list, spammer activity is now down to a trickle compared to what it once was.:)

  • That will never happen.


    What version of the forum software are you using?

    CSS
    1. * { background-color: rgba(255,0,0,.2); }
    2. * * { background-color: rgba(0,255,0,.2); }
    3. * * * { background-color: rgba(0,0,255,.2); }
    4. * * * * { background-color: rgba(255,0,255,.2); }
  • Bumping this topic. Last few months I got quite my share of spammers again. It is only since I use WoltLab that I have this problem so to me the problem is with the software and how it lacks any protection against spammers. :(



    That will never happen.

    And why not? This is used by a lot of freeware forumsoftwares (see SMF, Elkarte, PHPBB, MyBB) and is very effective. I would expect a payed software to be even better?

  • Bumping this topic. Last few months I got quite my share of spammers again. It is only since I use WoltLab that I have this problem so to me the problem is with the software and how it lacks any protection against spammers.

    I too have had trouble with spammers on my forum - its a constant struggle to keep them from flooding my forum, whether that be with posts

    made on the forum, or spammers just visiting the forum (logging onto my forum's URL); although the latter mentioned has been much

    more of a problem for me.


    But please, let's don't be too hasty to place "blame" on who is responsible; rather the emphasis should be on:

    What is going to be done about the spammers which is an effective solution for all of us?


    Regardless of who is responsible, there must be someone who can come up with a system which effectively protects against most spammers.

    What do the "big boys" do about this problem, i.e., websites of large corporations and major businesses?

  • What I used in mybb in the past im addition to a captcha was a hidden field, which would lead to rejecting the registration if filled out. Most Bots are trying to fill it out.


    But that still doesn't keep away the spammers which seem to be real users who get paid for advertisements :(

  • Have you tried Google Recaptcha v2 pr Invisible? Or questions & answers?


    You could have stupid questions that are impossible to get wrong if you are human and impossible to get right if you are a bot.


    “Spell Google with a lowercase g and capital L”. “googLe”


    Stuff like that. If someone gets those wrong then maybe they are the types you do not want on your board.


    ——————


    On my xenforo boards there was an app, TAC Total Anti Spam Collection.


    Wonder if someone would build it here.

  • Have you tried Google Recaptcha v2 pr Invisible? Or questions & answers?

    Tried it all, did not work. Even used a question in "Vlaams" which is only spoken by 6 million people in the entire world. The question was not "googlable". Recaptcha v2 is a joke, you just need to select "I'm not a bot".



    But please, let's don't be too hasty to place "blame" on who is responsible; rather the emphasis should be on:

    I'm not blaming anyone, I'm just pointing out a (imo serious) issue with the software. Seeing the price of it, I would expect this to be covered. What bothers me, is that this topic already exists since December but as until now no-one from the Woltlab team has taken the time to answer my question. I'm starting to think that I bought a cat in a bag and spent a few hundred euro's for nothing :(

  • " ' ....... but as until now no-one from the Woltlab team has taken the time to answer my question.' "


    Besides starting this thread w@lter, have you opened a support ticket with Woltlab regarding this issue?

    I cannot recall ever opening a support ticket that it did not get answered.


    As for the amount of money you spent, i.e., 'a few hundred euro's for nothing';

    I (and probably many other individuals) have spent a tidy sum too; but for me I don't consider it "for nothing".


    Sure, I wish none of us didn't have this "spam" problem - I am not thrilled about having to watch closely my forum activity

    with regards to spammers - but I am confident that eventually there will be an answer (solution) which will satisfy most of us.

    In the meantime, I am enjoying my FORUM via the Woltlab Forum Software.


    The bottom line is:

    Nothing is perfect on this planet; sometimes we just have make the best of it - and strive to make things better;

    and that includes this spam issue.


  • But that still doesn't keep away the spammers which seem to be real users who get paid for advertisements :(

    It's those ones that cause the problem. In my previous forumsoftware, I was connected to "Project Honeypot" via a plugin. This meant that even before the visitor could open the forum, he got checked via this plugin. If the IP was suspicious, it was logged and refused access. That worked 100% effectively against both real user spammers as spambots.

    Besides starting this thread w@lter, have you opened a support ticket with Woltlab regarding this issue?


    I cannot recall ever opening a support ticket that it did not get answered.

    No, but thank you for bringing it up. I will do so.

    The bottom line is:


    Nothing is perfect on this planet; sometimes we just have make the best of it - and strive to make things better;


    and that includes this spam issue.

    No actually, the bottom line should be that we would not have to face the problem as there's a perfect solution for it that is currently offered by several free forumsoftwares.

  • It's those ones that cause the problem. In my previous forumsoftware, I was connected to "Project Honeypot" via a plugin. This meant that even before the visitor could open the forum, he got checked via this plugin.

    Well, could always use mod_honeypot for Apache... in this case the webserver itself would detect the spammer, so the forum software or its plugins wouldn't ether be bothered. As I said in an other thread if you'd like to block something, you might always want to do this as early as you can.

  • Well, could always use mod_honeypot for Apache... in this case the webserver itself would detect the spammer, so the forum software or its plugins wouldn't ether be bothered. As I said in an other thread if you'd like to block something, you might always want to do this as early as you can.

    This might be working on a vServer or dedicated server, with Webspace you are probably out of luck.

  • A recent thing I have done on my forum is copied some code into my .htaccess file which has cut down a lot on the spam bots.


    It's called 6g Firewall, it's free and easy to do. Even I could do it!


    Also double check that the invisible Recaptcha is working on your site. Last time I checked it, the invisible bit didn't seem to work as I kept getting the usual "look for shopfronts" in the squares type questions. I just recopied all the Google API code and secret key again and now it seems a lot better. Not had a spammer on my forum since, although as I barely get anyone on my forum, I suppose that is not really saying much!

    I am a Newbie Admin. Please be gentle, I don't understand technical things.
    (Please can we have a full manual for this software)

  • A recent thing I have done on my forum is copied some code into my .htaccess file which has cut down a lot on the spam bots.


    It's called 6g Firewall, it's free and easy to do. Even I could do it!


    Also double check that the invisible Recaptcha is working on your site. Last time I checked it, the invisible bit didn't seem to work as I kept getting the usual "look for shopfronts" in the squares type questions. I just recopied all the Google API code and secret key again and now it seems a lot better. Not had a spammer on my forum since, although as I barely get anyone on my forum, I suppose that is not really saying much!

    This is interesting - I looked / read over the information on 6g Firewall.


    However, before I would consider putting their code in my .htaccess file, I would be interested in comments from the Woltlab Developers -

    Alexander Ebert , et el - have any of you read this; and what do you think about this approach to control spammers?

    [I also want to present this to my Hosting Provider - to get their opinion on this.]


    Jupiter, I realize you believe you have found a great solution to control spammers - and I am NOT trying to pour cold water on your discovery;

    but experience has taught me that the "pot of gold" at the end of the rainbow sometimes turns out to be brass.


    I put a lot of work into my forum and I don't want to put something in my files that has any possible chance of messing things up.

  • Whether its a great solution or not, I've no idea. I just posted the link for info for other members.

    I am a Newbie Admin. Please be gentle, I don't understand technical things.
    (Please can we have a full manual for this software)

  • Whether its a great solution or not, I've no idea. I just posted the link for info for other members.

    One of the things I read when I logged onto "6g Firewall" was their mention that a Back-Up should be made of the .htaccess file PRIOR

    to inserting their 6g Firewall Code; and further statements were made to the effect that uploading their code could possibly have some

    unexpected re-actions (or effects) to the individual's forum.


    That cautionary statement by the 6g Firewall Developers puts up a RED FLAG for me.

    I have enough to contend with on my Forum without getting into something that may possibly disrupt (adversely affect) some parts of my

    Forum.


    Which is also another reason why I am hoping Alexander Ebert (or some of the other Woltlab Software Developers)

    will "weigh in" on this subject!