Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+22 votes
2k views
in Q2A Core by
edited by

SPAM: How to NOT create User page, until 1 question is approved!

I have plenty of BOTS creating false accounts new users (captcha+emails are validated!).

They can't post question because I enabled moderation for question in two differents forum + forum2 but they created fake accounts every day, and that's a problem. (but they don't create posts, so the main problem is fakes users accounts I need to delete manually.

I am not the only one with that problem, and I didnt found any good answer. But I have an idea : I would like to disable creating user pages, until their first question is approved.

Thanks for the community.

Edit: @amiyasahu, you got a point, so I think the best is to create the user in database (like usual), but not showing in "Users pages" until the question is approved!

by
@The One , thanks you got my point . Thats would be a great idea for preventing spam .
by
@Gujyot: AFAIK, sending sms is not free. Admins will have to pay for every single spam sms sent. Not to mention you're leaving aside users who don't have a phone

@The One: Although I do think the idea is better than what the core currently has it won't be difficult circumvent. From the spammer point of view they need to write a simple question OR take it from a question database when registering OR just a simple comment saying "Thank you!", as I guess when you said "question" you meant "post". The rest of the process is exactly the same for them.
From your point of view, you will see users registering with a question (related or not to your main forum, depending on the spammers post DB), answer or comment. Now, if the question is unrelated, does that mean the user is a bot? If the post is a "Thank you" does that mean it is a bot? You won't know and you will end up approving the user.
Of course, this should work for the first wave of spammers after this new system is implemented but it won't work for the second wave (a matter of hours or maybe days later?).
What other alternative can you think about?
PS: As a side note, can any of you guys publish a dump of the users table? Not the whole table, just the username, email, create and login IP address and personal fields of the spammers. Ideally, if you can include a separate dump of the posts those users have created, that would be great
by
Yes, something like this would be great for Q2A if it finally stops all these spam users from being generated!
by
I think a solution would be to create the user, and then after a fix time remove the user IF he hasen't submitted a question. Often if they are spammers and ask a question, you will see appearing the same words/websites, and you can then filter questions automatically looking for these keywords. This would also get rid of old user who have never been active (and I'm in peace with my mind with removing them).

5 Answers

–2 votes
by

with a simple code, it's possible to send user's first post to moderation queue based on if it had any approved posts or not. but showing user lists(and profiles) based on that requires core hack or page override which can make Q2A unstable.

it's a great idea, so I suggest that you request it for next update to be added to Q2A core:

http://www.question2answer.org/qa/31514/what-do-you-want-in-question2answer-1-7?show=31514#q31514

by
edited by
with all the updates already asking, I will no have any answer...
Thanks for anybody having an answer to this problem right now! QA-Themes I am sure you know how to fixe this ;-) =>  so I think the best is to create the user in database (like usual), but not showing in "Users pages" until the question is approved!
by
I hope this could be done through a plugin .Some core hack also might be needed .
+1 vote
by

You asked me on my wall if I have solved this.

I do fight against SPAM IPs through blocking ips in .htaccess

by adding after

RewriteBase /

 
order allow,deny
deny from 63.141.
deny from 142.54.
deny from 37.187.
deny from 31.204.
deny from 212.7.
deny from 69.197.
allow from all
 
This works for me. 
 
I also saw here a plugin which compares post ips against a spam list.
Should work as well.
 
The script itself is unable to handle Spam correctly.
On a fast server I had during a day hundreds of new members with tons of posts and mail.
It does not help to have them all in moderation or similar.
 
Q2A should have a known Spammer ip list. But development seems to be down as the
inventor seems to be less interesed in his script.
 
 
by
edited by
Thanks Monk, I will try this! yes the plugin is spamchecker but didnt work for me. I really think we need a plugin or a hack!
+4 votes
by
edited by

The best way of getting rid of spam users is allowing only social logins using many providers like:

  • Google
  • Facebook
  • Yahoo
  • Microsoft
  • LinkedIn
  • Github

I bet users will have atleast one of the above accounts.

by
I will try this if I can't fixe this issue. Thanks!
by
is there a plugin for this?
by
Yes @Chun , there is a plugin for the purpose -  https://github.com/alixandru/q2a-open-login
by
Thank you very much
0 votes
by
You might want to try the stop spam plugin (not free): http://www.q2apro.com/plugins/stop-spam

It should block bots. And when attacked by human spammers, you can disallow parts of domains or specific words.

I got - don't ask me why - spam posts to .pl domains. I just blocked ".pl" and no polish spam anymore. As easy as that.
+4 votes
by

You could try this new plugin created by me . This might help you to prevent spam . 

This asks some random , logical questions to the user . More information is on this thread . 

http://www.question2answer.org/qa/37749/

Hope It helps .
Thanks

by
thanks I will try this!
by
edited by
still got user creating fake accounts with your plugin... I think the only way for my problem is what I ask at the beggining => "NOT create User page, until 1 question is approved!" - I tried differents spams methods the past few days, and I still got spammers coming, but they can't create any post (??) so my problem is a lots of fakes accounts I need to delete.
...