Tweet
Stopping a human spammer from filling out a registration form and checking an email for an activation link will be near impossible to stop even on a region based blocking system. This would most certainly have to be handled by a human admin/mod, unfortunately.
Automated bots on the other hand can be stopped/prevented/thwarted or at least slowed down by implementing a few tricks such as:
Captcha
The need to physically read scrambled line of text is usually enough to block a huge majority of spam bots, this is practically mandatory on registration websites these days.
Email activation
Requiring the user[or bot] to follow an activation link sent via email is another layer of security that can be added since most spam scripts don't account for email retrieving and parsing. This is also highly recommended for registration websites such as forums.
Honey Pot forms
This one I like to personally use added with the previous 2 options (captcha & email registration) to bring 99.9% of bot spam to a screeching halt. Essentially what this does is it adds an invisible field to the registration form that a normal person doesn't see and is not required to fill out to register. A bot on the other hand will see the form as a whole including the invisible field called "email address" (or whatever you'd like) which most spam bots have a function to sniff out field names that might be important to fill out to register (username,email,password,website URL etc...) and if this invisible field is filled out then it obviously means a bot is attempting to register, that or a VERY curious human. This triggers the "bot alert" which blocks registration and or can ban the IP address of the user effectively reducing the bandwidth they consume and won't allow them back in.
StopForumSpam APIs
(Stop Forum Spam)
This is a collective database of known spambots that can be referenced using APIs to test if a visitor on this site is a spambot or not. While it's out of the scope of most people when it comes to APIs let alone most the stuff in this post, as a web admin/web developer you have to learn a few things. I'm not sure if vBulletin has an extension to make use of the API from Stop Forum Spam but I highly suggest if there is then it should be implemented to at least add another layer of invisible checks.
I believe Solecord already has QuakeOne.com connected to CloudFlare which does help to some degree and has put in place counter-measures on bot spam.
I also agree that people here should NOT be required to identify using any external sources as it would be wildly out of place on this scenario, though it is highly effective.
This sort of makes me think of the whole "War on terrorist" where in order to have security you have to give up your rights, which is ass backwards to me.
I believe educating people on how to deal with certain situations, giving them the tools to handle situations themselves and requiring every willing and able person to take a stand as an individual for the greater good of the website not the other way around and honestly so far if people don't like something they see or see spam in general they report it, I know, I'm one of the people who gets the "Reported post on QuakeOne.com" emails when things get reported.
The QuakeOne.com community is pretty smart overall and together, yes we could probably take over the world! But that's not our goal.
There is a system here and it's not broken so why go out of our way to fix it when the solution is to just use our brain and adjust things accordingly?
I'd hate to lose anyone here over some extra third-party security credential checking measure that could have been handled if the situation was just thought upon.
Forced Social login from social media sites can actually kill a community.
Me personally I would like to see a function that allows new members to make posts but in order for their posts to get seen they need to be approved by moderators until they reach a specified number of positive posts, that's why we have mods. While this still isn't a sure-fire method we can't really stop a human spammer from registering and allow legit new members.
I can spam right now if I wanted to, sure my spam posts would be removed and I'd get banned but it just goes to show, we will always have "that one guy at the party" slipping in every now and then.
Automated bots on the other hand can be stopped/prevented/thwarted or at least slowed down by implementing a few tricks such as:
Captcha
The need to physically read scrambled line of text is usually enough to block a huge majority of spam bots, this is practically mandatory on registration websites these days.
Email activation
Requiring the user[or bot] to follow an activation link sent via email is another layer of security that can be added since most spam scripts don't account for email retrieving and parsing. This is also highly recommended for registration websites such as forums.
Honey Pot forms
This one I like to personally use added with the previous 2 options (captcha & email registration) to bring 99.9% of bot spam to a screeching halt. Essentially what this does is it adds an invisible field to the registration form that a normal person doesn't see and is not required to fill out to register. A bot on the other hand will see the form as a whole including the invisible field called "email address" (or whatever you'd like) which most spam bots have a function to sniff out field names that might be important to fill out to register (username,email,password,website URL etc...) and if this invisible field is filled out then it obviously means a bot is attempting to register, that or a VERY curious human. This triggers the "bot alert" which blocks registration and or can ban the IP address of the user effectively reducing the bandwidth they consume and won't allow them back in.
StopForumSpam APIs
(Stop Forum Spam)
This is a collective database of known spambots that can be referenced using APIs to test if a visitor on this site is a spambot or not. While it's out of the scope of most people when it comes to APIs let alone most the stuff in this post, as a web admin/web developer you have to learn a few things. I'm not sure if vBulletin has an extension to make use of the API from Stop Forum Spam but I highly suggest if there is then it should be implemented to at least add another layer of invisible checks.
I believe Solecord already has QuakeOne.com connected to CloudFlare which does help to some degree and has put in place counter-measures on bot spam.
I also agree that people here should NOT be required to identify using any external sources as it would be wildly out of place on this scenario, though it is highly effective.
This sort of makes me think of the whole "War on terrorist" where in order to have security you have to give up your rights, which is ass backwards to me.
I believe educating people on how to deal with certain situations, giving them the tools to handle situations themselves and requiring every willing and able person to take a stand as an individual for the greater good of the website not the other way around and honestly so far if people don't like something they see or see spam in general they report it, I know, I'm one of the people who gets the "Reported post on QuakeOne.com" emails when things get reported.
The QuakeOne.com community is pretty smart overall and together, yes we could probably take over the world! But that's not our goal.
There is a system here and it's not broken so why go out of our way to fix it when the solution is to just use our brain and adjust things accordingly?
I'd hate to lose anyone here over some extra third-party security credential checking measure that could have been handled if the situation was just thought upon.
Forced Social login from social media sites can actually kill a community.
Me personally I would like to see a function that allows new members to make posts but in order for their posts to get seen they need to be approved by moderators until they reach a specified number of positive posts, that's why we have mods. While this still isn't a sure-fire method we can't really stop a human spammer from registering and allow legit new members.
I can spam right now if I wanted to, sure my spam posts would be removed and I'd get banned but it just goes to show, we will always have "that one guy at the party" slipping in every now and then.
Comment