Create a custom theme
2
This article results from my very long experience in working with large projects (more than 35.000 active users a day). Spam on large projects can be really a pain. Some days it will prevent you to develop your project and force to invest all your time in struggle with spam. Although IPB is not strong and consistent enough in protecting large communities from spam, you can simplify your life by using some tricks listed below.
I am going to write 4 steps that describe every stage of spam creation in your community. It is not enough to protect your board from so called bot registration. You should know what to do, when spam registration validates, what you can use to force users to follow link posting rules on large boards and what you can do with banned users.
Step 1: Preventing automatic registration
Automatic registration is something made by scripts and programs and hence they are not human they use some algorithms that you can identify and recognize them while this scripts try to register with your project.
Built-in Spam Monitor
Found in ACP: System Settings > Members > Spam Prevention
IPB offers a spam monitor that you should activate to prevent automatic registrations. When a user registers at your community, your website calls out to the IPS Spam Monitor. The service uses advanced algorithms to determine the likelihood of the user being a spammer, and assigns them a value between 0 and 4. Your website takes an appropriate action, based on parameters you as the administrator specify. You could choose to automatically ban a user rated 4, or allow a user rated 2 to register but require post approval, for example. The IPS Spam Monitor service keeps track of spammer accounts, fed from thousands of IP.Board communities, allowing it to better analyse future registration requests. The system learns over time how to more effectively spot spammers.
Recommended settings
Enable spam service: Yes
Report "Mark as Spam" to IPS: Yes
reCAPTCHA
Found in ACP: System Settings > Members > Spam Prevention
P.Board includes support for Google's reCAPTCHA service. Enabling reCAPTCHA is another line of defense to determine if a registering account is a real human or a spam bot.
Drawbacks: This solution is not smart for the non-English boards as reCAPTCHA is always in English. It is difficult to for non-English users to recognize and fill English words. We have an experience that non-English boards do suffer from reCAPTCHA and produce mass support enquiries of "how to register on your board".
Question and Answer Challenge
Found in ACP: Tools & Settings > Question & Answer Challenge
Another very useful tool to stop spam bot registrations is the custom Question and Answer challenge built into IP.Board. Using this feature you can set a custom question unique to your community that only a real human could answer. For example, you might say "What color is the sky?" and, though a bot could answer that, it would have to be programmed specifically for your community which spammers would not do. Choose a unique question and you get an easy, extra layer of protection.
Recommended: I give my moderators the ability to change the questions in ACP. This way they can stop a spam attack quickly if bot script has got the right answers and start registering new accounts.
Email Validation
Found in ACP: System Settings > System > Security and Privacy
While easily bypassed by an intelligent spam bot, make sure you also have new account email validation enabled as the email validation works alongside the Built-in Spam Monitor we discuss previous. It means that
Recommended: Should be always Use Email Validation! There is no excuse for webmasters bypassing email validation and complaining about spam in their boards!
Spam or ban filter
Found in ACP: Members > Ban Filters
If you notice the same email domain coming in often don't forget to take advantage of the ban filters to block that email domain globally. If you see lots of spam accounts from @hotmail.com then just enter *@hotmail.com to totally block registrations from that domain on your community. It's a quick and easy way to cut down on your workload. You can also use the filter to protect your community for registration from one-time email addresses like Mailinator.com and Co.
Recommended: Useful to stop registering from one domain globally.
Caution: Do not use block by IP filter extensively. Most users have dynamic IP address. For example, my provider changes my IP address every 24 hours. If you block me by IP today, I will not be recognized in your community tomorrow. At the same time your member can get my IP from today and will not be able to log in into your community.
3rd Party modifications
There are some 3rd party modifications that promise to help you. Generally I am not a fan of 3rd party modifications. You cannot rely on support there and make you dependant from the developer and his ability and speed to update modification for the next IPB release.
Admin New Registration Notification Email
http://community.inv...fication-email/ adds a link to the admin new registration notification emails.
Drawbacks: This modification is useful only for small boards where only some users register a day. You will not check any registration if you have over 100 registrations a day.
Anti-Spam Ban-List 2.1.0
http://community.inv...-spam-ban-list/ A ready-to-use list of IPs and emails that will be automatically imported into your community.
Drawbacks: Do not rely on IP blacklist that are not updated regularly. Today the IP can be used by spammer and some days later by your registered members. Remember that due to the lack of IP addresses a lot of internet providers give dynamic IP addresses to their customers.
KeyCAPTCHA - Innovative Anti-Spam Service. We Pay For Your Protection
http://community.inv...our-protection/ I have not used this service. It seems to be in / for English only. I write it here just to have complete overview.
Forum Spammer IP & Email Check via stopforumspam
http://community.inv...-stopforumspam/ - adds a check during registration submission that checks the registers IP address and email address against a known list of spammer IP's and emails from stopforumspam.com. Another service that I have not used.
Tip: if your IPS license has expired and you lost IPS Spam Monitior service, you can go with this modification to protect your board with fresh spam database.
All this steps will help you to prevent automatic bot registrations. However, if your board is large enough, it is worth for spammers to create a manual registration. Manual spam registration is something you cannot prevent as you would like human beings to be able to register in your community.
If this review was helpful for you, please rate and I will proceed with following steps.
Step 2: Preventing link posting for new users generally
Step 3: Methods to warn users before ban
Step 4: Ban and annoy
I am going to write 4 steps that describe every stage of spam creation in your community. It is not enough to protect your board from so called bot registration. You should know what to do, when spam registration validates, what you can use to force users to follow link posting rules on large boards and what you can do with banned users.
Step 1: Preventing automatic registration
Automatic registration is something made by scripts and programs and hence they are not human they use some algorithms that you can identify and recognize them while this scripts try to register with your project.
Built-in Spam Monitor
Found in ACP: System Settings > Members > Spam Prevention
IPB offers a spam monitor that you should activate to prevent automatic registrations. When a user registers at your community, your website calls out to the IPS Spam Monitor. The service uses advanced algorithms to determine the likelihood of the user being a spammer, and assigns them a value between 0 and 4. Your website takes an appropriate action, based on parameters you as the administrator specify. You could choose to automatically ban a user rated 4, or allow a user rated 2 to register but require post approval, for example. The IPS Spam Monitor service keeps track of spammer accounts, fed from thousands of IP.Board communities, allowing it to better analyse future registration requests. The system learns over time how to more effectively spot spammers.
Recommended settings
Enable spam service: Yes
Report "Mark as Spam" to IPS: Yes
reCAPTCHA
Found in ACP: System Settings > Members > Spam Prevention
P.Board includes support for Google's reCAPTCHA service. Enabling reCAPTCHA is another line of defense to determine if a registering account is a real human or a spam bot.
Drawbacks: This solution is not smart for the non-English boards as reCAPTCHA is always in English. It is difficult to for non-English users to recognize and fill English words. We have an experience that non-English boards do suffer from reCAPTCHA and produce mass support enquiries of "how to register on your board".
Question and Answer Challenge
Found in ACP: Tools & Settings > Question & Answer Challenge
Another very useful tool to stop spam bot registrations is the custom Question and Answer challenge built into IP.Board. Using this feature you can set a custom question unique to your community that only a real human could answer. For example, you might say "What color is the sky?" and, though a bot could answer that, it would have to be programmed specifically for your community which spammers would not do. Choose a unique question and you get an easy, extra layer of protection.
Recommended: I give my moderators the ability to change the questions in ACP. This way they can stop a spam attack quickly if bot script has got the right answers and start registering new accounts.
Email Validation
Found in ACP: System Settings > System > Security and Privacy
While easily bypassed by an intelligent spam bot, make sure you also have new account email validation enabled as the email validation works alongside the Built-in Spam Monitor we discuss previous. It means that
Recommended: Should be always Use Email Validation! There is no excuse for webmasters bypassing email validation and complaining about spam in their boards!
Spam or ban filter
Found in ACP: Members > Ban Filters
If you notice the same email domain coming in often don't forget to take advantage of the ban filters to block that email domain globally. If you see lots of spam accounts from @hotmail.com then just enter *@hotmail.com to totally block registrations from that domain on your community. It's a quick and easy way to cut down on your workload. You can also use the filter to protect your community for registration from one-time email addresses like Mailinator.com and Co.
Recommended: Useful to stop registering from one domain globally.
Caution: Do not use block by IP filter extensively. Most users have dynamic IP address. For example, my provider changes my IP address every 24 hours. If you block me by IP today, I will not be recognized in your community tomorrow. At the same time your member can get my IP from today and will not be able to log in into your community.
3rd Party modifications
There are some 3rd party modifications that promise to help you. Generally I am not a fan of 3rd party modifications. You cannot rely on support there and make you dependant from the developer and his ability and speed to update modification for the next IPB release.
Admin New Registration Notification Email
http://community.inv...fication-email/ adds a link to the admin new registration notification emails.
Drawbacks: This modification is useful only for small boards where only some users register a day. You will not check any registration if you have over 100 registrations a day.
Anti-Spam Ban-List 2.1.0
http://community.inv...-spam-ban-list/ A ready-to-use list of IPs and emails that will be automatically imported into your community.
Drawbacks: Do not rely on IP blacklist that are not updated regularly. Today the IP can be used by spammer and some days later by your registered members. Remember that due to the lack of IP addresses a lot of internet providers give dynamic IP addresses to their customers.
KeyCAPTCHA - Innovative Anti-Spam Service. We Pay For Your Protection
http://community.inv...our-protection/ I have not used this service. It seems to be in / for English only. I write it here just to have complete overview.
Forum Spammer IP & Email Check via stopforumspam
http://community.inv...-stopforumspam/ - adds a check during registration submission that checks the registers IP address and email address against a known list of spammer IP's and emails from stopforumspam.com. Another service that I have not used.
Tip: if your IPS license has expired and you lost IPS Spam Monitior service, you can go with this modification to protect your board with fresh spam database.
All this steps will help you to prevent automatic bot registrations. However, if your board is large enough, it is worth for spammers to create a manual registration. Manual spam registration is something you cannot prevent as you would like human beings to be able to register in your community.
If this review was helpful for you, please rate and I will proceed with following steps.
Step 2: Preventing link posting for new users generally
Step 3: Methods to warn users before ban
Step 4: Ban and annoy
