📜 ⬆️ ⬇️

Another story of war with spam on the forum



In continuation of the topic , I decided to share my experience in dealing with bots.

However, unlike the previous post, I decided to turn to third-party services.

image google on request "spam" here .
')

How it all began


At once I will make a reservation that it will be a question of a forum on the smf engine, but this is completely unimportant and fair for anyone.

So, once I started a small forum for myself and for the first couple of months everything was fine: there was a standard captcha, not a single bot, and I already started to believe that it will always be so. At first they began to come one at a time, then more and more, and now, when there were 10-20 of them per day, I realized that it was time to change something.

I went the standard way: I decided that the captcha is simple to disgrace and need some other. I took the guglokapcha (reCAPTCHA), but this not only did not stop the bots, it seems to me that there are even more of them. Then I went to read about different exotics and saw a lot of curious things: starting from control questions in a natural language and ending with the rotation of the picture at the right angle.

However, there was a great desire to save the user from unnecessary work during registration. I didn't even send a link to activate my account by mail. The first solution I tried was StopForumSpam .

Stop Forum Spam


A very pleasant service is the blacklist of ip addresses, emails and nicknames under which bots are registered. In addition, almost all engines have ready-made plugins. I also want to note that it does not require registration in order to gain access to the api (this is only about getting information, in order to commit spammers it is still necessary to register). Information request is a usual get request, everything is very simple and clear.

Immediately the joy came, as the bots disappeared overnight. The problems were: first, literally a couple of weeks after I started using, the service went offline for a few days (stating that moving to another hardware), therefore, later, I made a copy of their base for myself, updating several times a day. And, secondly, bots 3-5 per week bots still made their way.

One could not care, in the end not so much. But interest appeared and I google similar services.

Project Honey Pot


The next victim was the Project Honey Pot . A rather old project, dreary registration, dreary installation, dreary setting and dreary requests. Maybe I just did not try.

Requests resemble RBL to combat email spam: a particular type of dns request. In response comes the type and level of threat.

Moreover, the ready plugin for smf for some reason refused to work. But I wanted to finish it, so I added a small piece, which in parallel with stopforumspam made a request and wrote down the results in the database.

I will give general statistics at the end, but now I will say that about a third of spammers are missing.

Akismet


Initially, akismet was developed as a WordPress plugin and, starting from version 2, is included by default in it. Also wants registration and paid for commercial use. Fortunately, not my case.

Requests - post a certain type.

Although I did not find the finished plug-in, there are a lot of examples and libraries, so I added it to existing ones without any problems.

Statistics


Although I started writing results to the database not so long ago, there is already something.

Total number of registration requests: 2624

Of these, real people: 75

Spammers: 2549

According to:

StopForumSpam: 98/2526

ProjectHoneyPot: 1067/1557

Akismet: 140/2484

Instead of conclusion


Now the decision is made according to the results of StopForumSpam and Akismet, when registering the delay in requests is not noticeable. I think that there will be problems with timeouts in the event that services are unavailable, I have already entered into the TODO list, but so far there have been no such problems.

After the inclusion of such a scheme, not a single bot was allowed to go to the forum, in case of refusal, the bot shows mail to which you can complain, so far I have not received a single letter.

And I turned off the captcha ...

Source: https://habr.com/ru/post/132301/


All Articles