• Registered: 2006-03-03
  • Posts: 86

Topic: Ideas on how to prevent spam registration?

I think we all need to get together and think of ways to fight spam bot registration.

Here are some ideas i have and im got a few from other posts also:

1) use tokens
http://shiflett.org/articles/foiling-cross-site-attacks

2) ban certain TLDs  or only allow certain ones

3) ban free email accounts (gmail, hotmail,...)

4) create another database table that holds the registered users until they confirm their email address, and once they confirm their email address add them to the valid user database (although some spammers do confirm their email address)

5) put in "honey pot" form fields and test them for values

6) captcha (text captcha, math captcha, ...)

7) check referrer

granted a lot of those can be overcome rather easily, maybe a combination of all of them would help kill 99% of the spam

feel free to add your ideas

  • Smartys
  • Former PunBB Developer
  • Offline
  • Registered: 2004-04-30
  • Posts: 7,844

Re: Ideas on how to prevent spam registration?

1. CSRF tokens are a part of the form, they don't present any barrier
2. As I pointed out, no TLD is completely safe (or dangerous)
3. And alienate many users
4. We already have user verification where users can't login until they activate
5. I'm not sure what you mean by "honey pot" form fields, but just like similar anti-spam measures, simply adding form fields does nothing to improve the overall security of the forum in the long term
6. THAT is good at stopping spam, but it also has downsides
7. Referrer can be easily faked

  • Registered: 2006-03-03
  • Posts: 86

Re: Ideas on how to prevent spam registration?

how about checking the DNS records for the email address to make sure the domain exists? I do that on an email form i use, granted it wouldnt cut down spam much, just another idea

  • Smartys
  • Former PunBB Developer
  • Offline
  • Registered: 2004-04-30
  • Posts: 7,844

Re: Ideas on how to prevent spam registration?

Email validation would deal with that anyway

  • Registered: 2006-03-03
  • Posts: 86

Re: Ideas on how to prevent spam registration?

ok I'll look into captcha, are there any good captcha mods/plugins?

ive noticed there a couple but i dont know which ones work the best and work with the newest verison

  • Registered: 2007-07-11
  • Posts: 4

Re: Ideas on how to prevent spam registration?

I like the idea of banning TLD's. I've never had a valid registration from .ru, .info, .ua, .ws, .tv etc.

  • Registered: 2006-04-30
  • Posts: 382

Re: Ideas on how to prevent spam registration?

A cool idea would be our own akismet-like spam protection, akismet is optimized for blog posts and is too strict, i am strongly considering uninstall the akismet module on one of my forums. Despite being a cool idea i don't think anybody would assume that effort.

Captchas are effective but i don't think they should come in the default installation because of their accessibility problems. This should have been discussed like 30 times or so on this forum.

A good protection that i am considering to code is a link post permission threshold. Like, a user can only post links after a certain amount of posts and/or a time offset after his/her registration.

8 Reply by Ree

  • Ree
  • Member
  • Offline
  • From: SD, USA
  • Registered: 2005-09-27
  • Posts: 42

Re: Ideas on how to prevent spam registration?

I've had excellent luck with the Bad Behaviour mod.  It does only block bots though, not humans posting spam.

Ree's Website

9 Reply by seleterresis6 (edited by seleterresis6 2007-07-17 06:48)

  • Registered: 2006-10-19
  • Posts: 5

Re: Ideas on how to prevent spam registration?

dontodd wrote:

I like the idea of banning TLD's. I've never had a valid registration from .ru, .info, .ua, .ws, .tv etc.

Good. But I have 99% of valid registrations from .ru (a Russian forum) ;-)


On the topic: I now have my post.php placed on another subdomain and bots do not understand where they should go to post something (although the percent of registered bots is pretty high) :) Just a possible idea.

Edit (a better explanation of what I mean):

the login.php is located at: http://forums.example.tld/login.php
the post.php is located at: http://cool.forums.example.tld/post.php