These days we faced some annoying spam attacks on our forum and had to take some security measures that will share with everybody here.
As first quick measures:
1) You have to ensure that the registration page contains at least a “Questions and answers challenge” and a CAPTCHA code. For those who don’t know, this area can be found in the AdminCP under the menu System->System Settings->Security and Privacy.
Here’s a graphic of user registrations due the past months where we can notice abuse of users registered:
2) The e-mail validation after user’s registration is also recommended. We already had it enabled, but it seems that the spammers found a measure to pass this so we’ve searched for other good measures.
3) As spammers are studying security bugs for software versions, you might want to hide your IP.Board version located in the footer.
4) Also, you need to make sure that your license is active, otherways the spam monitoring service from IP.Board will not be active.
5) What seemed to be a good tool is Forum Spammer IP & Email Check via Stop Forum Spam 2.1.5 .
This adds a check during registration submission that checks the registers IP address and email address against a known list of spammer IP’s and emails from stopforumspam.com.
If it returns true for a spamming IP or email the registration is declined and the IP and email address can be added to IPB’s ban filters.
How to install it:
- Log into your ACP and select the System tab.
- Under Applications & Modules select Manage Applications & Modules.
- To the right of the page will be a section for “Applications Not Installed”. Locate Stop Forum Spam in the list and click the install link on the right hand side.
- On the next page click continue.
- IPB will take it from there and do the rest of the install for you.
How to set it up:
- In ACP select the My Apps tab.
- Click on Stop Forum Spam.
- You can configure whitelists and view blocked registrations from here.
- Configure the settings to stop spam at the level you desire.
A second hook was included with this mod as an alternative method for showing stats on the board index.
This template hook will allow you to show the stopped spammers on the board index even with all your other stats
turned off or if you want the stopped spammers listed on a second line.
Just uninstall the hook that installs with the mod and install the one included in the extras folder.
Here’s the actual registration graph which shows a descending line: