best way to battle spam users? (I was just flooded by porn spam users - all adding huge images to their profile)
So I was minding my own bees and getting a cup of joe, when I return to my keyboard I see hundreds of users being created (each one triggering an email to me) and all of them are from 95.132.37.166. Each user page was then filled with links, keywords and porn images. I was a little slow moving in trying to stop them (having to take a call about work), and the pages just kept coming.
Troll module allows me to see the user with IP 95.132.37.166 - but I still have to click "block this user" on each one, I can't just radiobutton my way down the row. Very ow carpal tunnel. I wish I could mass-block every user with that IP with one click.
For some reason the SPAM module, where I had checked "users" doesn't actually check for spam on users anymore on Drupal6 (in this incarnation it has before so I'm sure that will be fixed). I had spam module blocking user signups before in d5 and that worked OK, only four or so real people being blocked.
But seeing as I just had so many of these, I'm open to a more general discussion on battling spambots of this type. I've found that Mollum and Spam moduels piss my real users off to no end as they are constantly caught in the spamtrap and yet it never seems to prevent attacks like these (mollum was not on today). What do you do?
(in the end I simply iptables -I INPUT -s 95.132.37.166 -j DROP to this guy - but not everyone has this option)
Can you check your site at
Can you check your site at unmaskparasites.com ?
Please read this http://drupal.org/node/454692 and post any feedback if you see something similar in your site.
Sure thing. I just saw that
Sure thing. I just saw that there's new upgrades for Drupal that I need to attend to as well (in case that had anything to do with this mornings flood)*
Umasked gave me a clean record: not currently listed as suspicious, all external links (like to technorati etc) are safe.
* update, the only thing out of date today was the Troll module. :) Funny.
Perhaps the CAPTCHA module
Perhaps the CAPTCHA module could assist you in that. If (I guess so) there is a form that users create accounts, CAPTCHA can provide some level of identification amongst bots and humans. There are also statistics in the module settings as what was blocked.
Hope the above helps
I'll turn the captcha back on
I'll turn the captcha back on again (like the other spam protectors, it honestly didn't seem to help much)
It's interesting to note that this guy had images prepared for Drupal site. He links whereufrombb.com/drupal.jpg as image and drupal.html on the same domain as homepage (Don't look, it's just a porn-banner)
Even if this is not a hard
Even if this is not a hard and fast rule, when forms with a CAPTCHA challenge are submitted, in most of the cases are due to humans instead of bots. Ergo, you could possibly determine whether the "attacker" is human or bot.
Ah, I had forgotten to turn
Ah, I had forgotten to turn on email verify module, which is also one of those good little traps to prevent bots from wreaking havoc. http://drupal.org/project/email_verify
Anyone else have other
Anyone else have other suggestions or fresh ideas on how to protect against user signup spam?
Since this morning I've enabled the email check, and a math Captcha on user signups, and I do have the "spam" module running, but even an upgrade on that one did not allow me to filter new user accounts for spam.
I'm still getting a new user signup (total spam user with links in their bio leading to russian blogspot adsense scraper blogs, and various Paris Hilton Sex Tape sellers) roughly every ten minutes all day long. I'm getting carpal tunnel deleting them all. Since they never actually get a chance to log in, their IP does not stick to the Troll module which I also have enabled.
Any other fun modules I can use to help stave off this flood of spam? Anyone else feeling the spam today in particular?
Bad Behavior module
Have you tried the bad behavior module http://drupal.org/project/badbehavior?
Also setup captcha to use image captcha instead of math captcha
Looks like that's no longer supported
At the bottom of the badbahavior module page, there's a note that says it hasn't been supported since May 13, 2009—not very long to us humans, but perhaps eons in the world of spambots.
I would guess that doesn't necessarily mean not to use it, just not to rely on it exclusively. Right?
I am getting the exact same
I am getting the exact same issue, though it's on a site I made a year ago. It hurts to learn about this today. There are currently 1700ish users. Some are real. Ug. Thanks for your suggestions. I guess I'll install all the modules you have... and get spammed anyways. Sigh.
Mollom
Have you tried mollom?
I had spam submissions especially in the Guestbook for a while, which I had set not to require registration/log in & kept getting entries there, mostly from Russia & drugs sellers.
I disabled Guestbook entries for anonymous users, but in spite of image capture, managed to get a bot registration or so.
I was advised to use the random option of captcha and in addition installed the mollom module (this apparently does not protect the Guestbook, at least the last time I checked), & the BlockAnonymousLinks module.
Just about every form is checked by one or the other.
Since then, it is now a couple of months since I last received a spam entry.
Sorry to hear that. Here's
Sorry to hear that. Here's all the things that I am doing right now, hope it helps you.
Spam module (with fix - check the latest threads on it, there are some patches)
Email verification check.
Captcha (Now, ASCII Captcha) - gmasky has a point there on using anything but math captcha.
One radio button that a new user must check to prove that they are human - add this in the profile fields.
False account (if one spammer signs up as several innocent looking users I can see it pretty fast)
Advanced User - delete all the bad guys in one fell swoop.
Troll module (to see IP# if spammers do get in and comment)
Regarding Mollum: I did use it for a while but it gave false positives for comments made on the site from legit users and then still let spam through, so I gave up on it pretty fast. It worked perfectly for a couple of weeks, or so I thought, but then legit users emailed complaints to me about their comments getting lost and I can't have that happening it ticks them off. I would still use it if it allowed for comments to be saved so that I could "unlock" false positives.
Oh, and I haven't used BadBehaviour in eons. It simply doesn't work these days.
Bad Behavior and Mollom
I have robots trying to login and create accounts. I could tackle the create accounts via image captch. However captcha in the login block was cumbersome. So I was left with robots trying to log in all the time and failing, on the face of it not harmful but consuming bandwidth. By default only registered users can post comments on our site.
I first tried Bad Behavior, which worked perfectly on our site, all the robot logins stopped. The one downside was it banned even legitimate users. I then removed bad behavior and installed the mollom module. It worked fine but there were sparodic incidents of robots trying/failing to login. After mollom worked for a few days suddenly OG notifications stopped going out and we have become addicted to OG notifications. I am not sure if mollom was directly responsible for this. Even after I uninstalled mollom OG notifications refused to work. I got over that by upgrading to OG 5.x.8.0 and using the messaging-notifications framework which gives me fantastic functionality for OG as well as other content types.
Very Happy w/ Mollom
I'm running drupal 6.10 and I'm not using Organic Groups (I assume this is what the "OG" in the above post refers to). I was also having problems with 'bot registrations and spam comments on my site, and decided to try Mollom---which was created by the same guy who created drupal, so it's got that working for it.
I've been very happy with Mollom on both my drupal sites, and haven't had a single instance of 'bot registration or spam commenting since installing it.
Just a note: the dev version
Just a note: the dev version of Spam from today should now be usable without patches from the issue threads. Might want to give that a shot.
Provident Data Services
I have reinstated the Spam
I have reinstated the Spam module and all of the above (word captcha instead of Figlet captcha these days though since the figlet, much as I like it, came out funny looking in my new theme).
I'm still getting at least one spammer a day, however, and some of them have the gall to post passages from the bible/random word strings which the Spam module and the captcha seem powerless to prevent. I will have to revert to "moderator approval" on all new accounts.
real spammers from India, Phillipines...
Hello!
We started having problems with users who fill their profile bio with links to random sites (acne, pills, seo sites, ... not too much porn in fact).
I had an easy math captcha, which I changed to an image one, and also I've been using Mollom. They can always register, and it looks like they are REAL people sitting on a computer. With woopra, I saw some are using FF, others IE8, IE7, Chrome...
I also added spamicide (http://drupal.org/project/spamicide) on the registration form (use firebug and comment the display:none to see the field that must be empty to continue with registration). As they doesn't seem to be bots, they doesn't see the field as you and I do with our browser.
I created a simple PHP page to find, list and remove all users which have just a link in the biography field, but I also need to quickly check they are not good contributors which also have an URL in the bio.
I have 2 problems. 1. They are registering into the site. 2. They are adding links to other sites.
An example of the links they post (that's my site, check the links below the username)
http://ibc.lynxeds.com/users/kdolph828
http://ibc.lynxeds.com/users/amykate
http://ibc.lynxeds.com/users/karmawellness
and a couple of screenshots of woopra user/bot behaviours:
http://ibc.lynxeds.com/spammer1.jpg
http://ibc.lynxeds.com/spammer2.jpg
Any help will be highly appreciated!
Seems I have the same problem
Seems I have the same problem (humans hopping past the bot-traps creating link-filled profile pages). Ideas for preventing this in dragging our sites name/googlerank down include;
1) Noindex on all new user pages links (making us less attractive). I do want real users who participate in the community to reap the google-juice benifits of having their homepages linked though.
2) NO READ on new user pages, that is only administrators can see fresh user pages until they actually participate in the community by commenting or similar.
Not sure how to implement either yet. Just throwing it out there.
I have a new idea that might
I have a new idea that might be useful for some sites. In our site, users can upload videos, and then they become contributors.
Users that are not contributors really doesn't need to have a "users page", as they don't have the videos to be listed there.
That allows me to set the bio field (where they type all the links) only available to the role contributor. Not the real solution, but it might help a bit.
How is it possible that some people "works" by spamming other sites?? They also answer the captcha wrong sometimes, it's quite funny to see... India and Pakistan are the top active countries. Also a bit from Singapoore, but much less...
CAPTCHAS don't stop real humans
If you still think that CAPTCHA is an effective solution just remember: your site and 999 others can be hacked for $2.00. Just check out this link:
http://www.decaptcher.com/client/
When you think about this it is almost INhuman. They are using HUMAN reading and response to the captcha. How many captcha's an hour do you think you could read and enter? At 4 seconds per entry you would do 900 per hour, IF you could maintain that response without going blind. And they are charging $2 per THOUSAND? What are they paying the slaves?
Well, with the average household income in some countries sitting at less than $30.00 / week, if they spent about 16 hours a week doing that, they would be earning the national average income (over say the weekend). Not bad really.
Welcome to the global economy
Checking previous URLs...
My problem is not gone, but at least there are no links to spam sites. The problem is that I have a lot of registered users, and many of them are "bad" users probably. They are just registered, nothing else (but from woopra I saw they just directly browse to /user/register and then to edit the account to try to add some URL's to the malicious sites). As they can't, they just leave the site.
What about checking the previous URL's of each anonymous user and, if he hasn't visited at least one page from family/*, species/* or video/*, they can't see the register form. They might then (as they are real humans), go to the home page and make a few random click (probably going into a video/* page ) so if they check the register page again, they will succeed. But, at least, some might not even register.
No one of our real users go to the register page before watching a species or video page, so for the major part this is not going to affect it's normal registering process.
Just imagine I want to launch a new feature on the site (or a discount or whatever) and want to email all users... Lots of those emails from the spammers users are not going to be working, but some might... and I would prefer not to send discounts to spammers!! ;)
subscribing
subscribing
List of sites
More information for this. I saw a guy (using woopra) coming from the following site: onestopseo.wordpress.com/ (removed the http as I don't want to promote that site at all!!)
The guy from the blog suggests to create accounts and posts links to your sites. And he thinks he knows a lot about SEO!!! Holy crap...
Well, just check if your site is there too, and write to the guy and let him know he's stupid at least...