News:

Let's find out together what makes a PIC Tick!

Main Menu

Unwanted Visitors - SPAM on the forum ?

Started by Craig, Jul 25, 2024, 09:34 AM

Previous topic - Next topic

Craig

There seems to be a lot of Newbie Visitors which are spam, how can this be blocked and dealt with before it becomes an epidemic?

top204

#1
Thanks Craig.

I am banning them and removing their posts whenever I see tham, and their seems to be one lurking at the moment judging by the forum name, but I will wait for the post before I do something..

They are such a bloody nuisance. My email account gets so full of the arseholes sending spam, because it is made public.

Frizie

This has been discussed before:
https://protoncompiler.com/index.php/topic,2038.msg15647.html#msg15647

A (for us) simple question during registration can probably curb this considerably.
Ohm sweet Ohm | www.picbasic.nl

Parmin

There are quite a few of them here today

gevv

Hi,

Google reCAPTCHA has been activated. It will solve the problem to a great extent (I hope :)  )
 

John Drew

I had a go at removing some the other day but all I could do was change the content to the word spam.
I tried to delete the user but didn't have an option.
I'm willing to help where I can.
John

top204

Gevv.... How do I give full admin permissions to John and some other trusted users?

Thanks
Les

JohnB

I seem to h ave the authority to remove posts and have been removing them as I spot them.
..
JohnB

gevv

Quote from: John Drew on Jul 26, 2024, 01:40 PMI had a go at removing some the other day but all I could do was change the content to the word spam.
I tried to delete the user but didn't have an option.
I'm willing to help where I can.
John


Quote from: JohnB on Jul 26, 2024, 05:49 PMI seem to h ave the authority to remove posts and have been removing them as I spot them.
..

Necessary arrangements have been made

Quote from: top204 on Jul 26, 2024, 01:44 PMGevv.... How do I give full admin permissions to John and some other trusted users?

Thanks
Les

PM. I sent

Limited ban is better some robots get confused.  ;D
 

Stephen Moss

Quote from: JohnB on Jul 26, 2024, 05:49 PMI seem to h ave the authority to remove posts
Me to, although I was never entirely sure how or why I got it so did not feel really had the authroity to do so in case it was given in error. Maybe I agreed to be a Moderator (which I would be willing to do if more are needed) and I just forgot.

John Lawton

The signup page asks the question: What is BC337?

I asked ChatGPT which gave the following answer:

QuoteThe BC337 is a general-purpose NPN bipolar junction transistor (BJT) commonly used in electronic circuits. Here are some key details about it:

I asked: What is a good anti-spammer signup protection?

QuoteImplementing effective anti-spammer signup protection is crucial to maintaining the integrity of user accounts and protecting the system from malicious activities. Here are several widely-used methods and best practices:

1. CAPTCHA:
reCAPTCHA: Google's reCAPTCHA is one of the most popular CAPTCHA solutions, offering an effective way to differentiate between humans and bots.

hCaptcha: An alternative to reCAPTCHA, providing similar functionalities with a focus on privacy and security.

2. Email Verification:
Double Opt-In: Require users to confirm their email address by clicking a verification link sent to their email. This ensures that the email provided is valid and owned by the user.

3. Rate Limiting:
Limit Signup Attempts: Restrict the number of signups from a single IP address within a specific time frame to prevent bulk account creation.

4. Honeypots:
Invisible Fields: Add hidden form fields that are invisible to human users but visible to bots. If these fields are filled out, you can flag the submission as spam.

5. Use Anti-Spam Services:
Third-Party Services: Integrate with services like Akismet or CleanTalk that specialize in detecting and blocking spammy signups.

6. Phone Verification:
SMS Verification: Require users to verify their accounts using a code sent to their mobile phone via SMS.

7. Behavioral Analysis:
User Behavior Monitoring: Analyze user behavior during the signup process to detect patterns typical of bots, such as very fast form submissions.

8. Social Media Login:
OAuth: Allow users to sign up using their social media accounts (e.g., Google, Facebook, Twitter). These platforms have their own robust anti-spam measures, which can add an extra layer of security.

9. IP Blacklisting/Whitelisting:
IP Reputation: Use services that provide IP reputation scores to block signups from known bad IP addresses.

10. Password Strength Requirements:
Complex Passwords: Require users to create strong passwords with a combination of letters, numbers, and special characters to make it more difficult for bots to create accounts.

11. Device Fingerprinting:
Track Devices: Use device fingerprinting techniques to identify and block repeated signup attempts from the same device.

Example of Combining Methods:
A comprehensive approach might include a combination of reCAPTCHA, email verification, and rate limiting. For instance, upon signup, the user would:

Complete a reCAPTCHA to prove they are human.
Provide an email address and receive a verification link to confirm their identity.
Be limited to a certain number of signup attempts per IP address to prevent mass account creation.

Conclusion:
Combining several of these methods will enhance the protection of your signup process against spammers. It's important to balance security with user experience to avoid frustrating legitimate users while effectively blocking malicious attempts. Regularly updating and testing your anti-spam measures will also help in adapting to new spam techniques.

Looks like we need to up our game.

John

JonW

I dont mind helping out, im up late and early.