CustomerService
01-31-2007, 01:51 PM
We live in an electronic age and every year email and other online advertising venues take another chunk from the already diminishing offline mediums. Spam, spyware, and virus traffic now accounts for a larger slice of the communication pie than actual correspondance from one human to another. New ways of protecting ourselves hit the mainstream and the companies and even one notorious college professor that work to circumvent these protections go to work. Nothing will protect you 100%, and if it does, it won't be long at all before that is made untrue.
Much to our annoyance, the latest means of protection is image verification. Even the best implementation has its flaws, and it's not uncommon for humans to fail the image verification a few times before getting it right. Spam companies have implented tools that will scan these images much like the human eye, and the more advanced technologies can actually circumvent basic image verification processes almost every time. More recently, even the advanced image verification processes are being bypassed by smarter bots.
At ForumMonkeys, we have used vBulletin's built in functions to block a dozen attempts a day. To date, I would estimate that only 1 out of 200 of them at best have gotten through, and as our people are notified when a new post is made, we are usually quick to delete the spam anyway. We have recently gotten even more aggressive. So what do we do?
In the vBulletin AdminCP, under vBulletin options, we will find the settings to turn image verification on for registrations. That is the first step, the second being to configure it. Under Image Settings, we have all the options checked. Yes, it makes it harder to read, but out of ten attempts I didn't fail a single one. The annoyance of failing occasionally is nothing compared to a forum spammed with pornographic pictures or a plethora of other advertisements, like homemade over-the-counter medications from third world countries.
The next thing is to make sure that everyone must provide a unique email address and that they need to activate their account at this address. While all but the worst spam bots can circumvent this with ease, it will nonetheless stop a few.
The last thing is under User Profile Fields, adding a new field and making it required on registration. This could be anything a human can answer. For example, we just have a question, "Are you human?". You might even want to have a drop down, or use the Regular Expression field to require them to enter a word (e.g. have the field question be, "If you are human type 'apple' below").
Throw it all together and you have one mean spam fighting machine... for now. Listed below are some hacks which can be instead of and/or in addition to the methods above:
NoSpam!
http://www.vbulletin.org/forum/showthread.php?t=124828
NewRegistrant Analyzer
http://www.vbulletin.org/forum/showthread.php?t=136505
Enhanced Captcha Image Verification
http://www.vbulletin.org/forum/showthread.php?t=132482
Much to our annoyance, the latest means of protection is image verification. Even the best implementation has its flaws, and it's not uncommon for humans to fail the image verification a few times before getting it right. Spam companies have implented tools that will scan these images much like the human eye, and the more advanced technologies can actually circumvent basic image verification processes almost every time. More recently, even the advanced image verification processes are being bypassed by smarter bots.
At ForumMonkeys, we have used vBulletin's built in functions to block a dozen attempts a day. To date, I would estimate that only 1 out of 200 of them at best have gotten through, and as our people are notified when a new post is made, we are usually quick to delete the spam anyway. We have recently gotten even more aggressive. So what do we do?
In the vBulletin AdminCP, under vBulletin options, we will find the settings to turn image verification on for registrations. That is the first step, the second being to configure it. Under Image Settings, we have all the options checked. Yes, it makes it harder to read, but out of ten attempts I didn't fail a single one. The annoyance of failing occasionally is nothing compared to a forum spammed with pornographic pictures or a plethora of other advertisements, like homemade over-the-counter medications from third world countries.
The next thing is to make sure that everyone must provide a unique email address and that they need to activate their account at this address. While all but the worst spam bots can circumvent this with ease, it will nonetheless stop a few.
The last thing is under User Profile Fields, adding a new field and making it required on registration. This could be anything a human can answer. For example, we just have a question, "Are you human?". You might even want to have a drop down, or use the Regular Expression field to require them to enter a word (e.g. have the field question be, "If you are human type 'apple' below").
Throw it all together and you have one mean spam fighting machine... for now. Listed below are some hacks which can be instead of and/or in addition to the methods above:
NoSpam!
http://www.vbulletin.org/forum/showthread.php?t=124828
NewRegistrant Analyzer
http://www.vbulletin.org/forum/showthread.php?t=136505
Enhanced Captcha Image Verification
http://www.vbulletin.org/forum/showthread.php?t=132482