Spam prevention

StefanG · September 4, 2013, 9:09am

I quickly went through the userlist and saw a bunch of spam-accounts. Surprisingly, most are not from China but still using the same pattern (username and email-construction). Here, a big part seems to come from OVH hosting, which is a french hosting company.

After reviewing the situation, I’d recommend the following:

Change registration activation to “user & admin (Advanced Double Activation Pack)”. That means, admins need to approve new user registrations. In the long run, that is probably going to be less work than having to approve the first 3 posts of every new user (and delete them and the user if it’s spam). If a spammer registers, the admin just doesn’t approve it. No action required. Using autoprune to remove inactive accounts which are older than x days, the database size will stay acceptable.
Comparing spammer vs. legit registrations, the workload is likely to much much less than it’s now.

Then, I’d strongly recommend installing a blacklist client mod. My favorite is this one - Advanced Block MOD.
It works pretty much like anti-spam blacklists for email. There are free and open blacklist servers against which IPs and email-addresses can be checked if they are known spam sources. The system is fully automatic and the performance impact is minimal as only at the registration a check is done.

-S

Gary_Mortimer · September 6, 2013, 5:47am

I’m down with this, did you do it Stefan?

StefanG · September 8, 2013, 9:28pm

Craig wanted to look into that because installing mods usually requires direct server access via ftp or ssh.

StefanG · September 9, 2013, 11:12am

Howto on installing mods in phpBB3

=> martin-truckenbrodt.com/cgi/ … 9870f2e651

TCIII · September 28, 2013, 1:53pm

@Stefan/Gary,
Shot down 18 spammers this morning. Some had left waiting posts others had obvious spammer email addresses verified by the spammer IP recheck.
Regards,
Tom C ArduRover2 Developer

StefanG · September 28, 2013, 2:52pm

Jep, I deleted another few. As I wrote before, sometimes spammers are not yet in the blacklists.

Ardupilot.com is also so high-profile that it’s likely that we get zero-day-spammers, means, spammers use newly infected PCs and new data which haven’t been used before to place their spam here, hoping, they will get through.

However, all in all, I think, we are doing pretty well, if you check the block log (ACP -> Maintenance -> Block log). The amount of spammers which are actually getting registered is very small and through the moderation, we didn’t have a single spam post actually published.

TCIII · September 28, 2013, 3:31pm

@Stefan,
Your Forum upgrades have really put a dent in the spammer count. 18 spammers is minor compared to the 40 or more I would encounter each morning. Great work you are doing!!!
Regards,
Tom C ArduRover2 Developer