Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+7 votes
in Q2A Core by

Ok, so I'm writing a new question regarding spam "registrations" in the hope of getting feedback on whether or not Gideon or anyone else developing q2a will be finding a solution to the "INSANE" amount of spam new user registrations. I have been running two q2a installs and have been comparing them to vanilla and some others and I believe q2a is superior to the other solutions out there and I like the community on here, especially Towhid and his helping me last year. HOWEVER, the spam registrations is totally out of control now. I realize there is a "social plugin" which can bypass default registration and perhaps solve the problem. My problem is, we don't want to do social sign up. I'm at a fork in the road now and must decide within the next couple of weeks whether or not to abandon q2a over this issue. 

So my question is, will spam registrations be addressed anytime in the near future in core q2a? If not, its worth it to me to use an inferior solution just to keep from having to deal with the huge volume of spam registrations. I have tried recaptcha and several other plugins to no avail.

Q2A is totally rad! I believe that. I also believe Gideon is a studly manchild for building this awesome software! But we gotta get a handle on these spam registrations now. Oh yeah, how is the question2answer.org install avoiding spam registrations? Custom development? Bring it on I'll pay you to hack something that solves this problem.

Let's hear your feedback and solutions... If the social sign in is the only solution, let's see some screenshots or some demos of how it looks and feels.... :))

After reading your question I just can't help asking: how do "vanilla and some others" handle spam user registrations and users generating spam posts?
I wish I knew... lol All I know is I installed vanilla forums on my servers before q2a and I just don't get no spam... I think I have a plugin installed for it but cannot verify that is what prevents spam.. Unfortunately, I'm not a coder so I am not capable of understanding what Vanilla did or what q2a doesn't do... Good question I'd like to know myself.. :))
I took a look at that Vanilla tool. It's not exactly a Q&A tool but it is rather closer to a forum with social addons. I noticed there is no much difference between how that tool handles spam and how Q2A does. Actually, both have recaptcha, limits and even some plugins around to handle spam. Q2A actually has better handling of limits but it seems Vanilla has more spam plugins around.

I'm inclined to believe that it is not a matter of how "secure" Q2A is compared to Vanilla but rather which of them is more targeted by spammers
Just thought I'd chime in here and say that the spam has really been annoying me too! As the current developer of Q2A it's definitely something I will be looking into.

By the way there are a few plugins listed here: http://www.question2answer.org/addons.php
The Akismet one sounds good.
Hi Scott- it looks like the standard captcha feature and block ip feature in q2a is handling the bots. Now it's just the human spam registrations that are coming at about 3 to 5 per day on mine. Seems like if you are diligent about deleting spam quickly and not letting it build up, things are not too bad. But if you don't monitor your site for a few months, you could return to find thousands of spam registrations.. Q2A is still the best though.. :))

4 Answers

+2 votes
+1 man, I would like the same! I think we ALL NEED A PLUGIN OR A CORE HACK

=> http://www.question2answer.org/qa/37229/spam-how-to-not-create-user-page-until-1-question-is-approved
Ahhh.. I did not understand what you meant at first but now I see... Yes, approved question required before user page creation. I like it!! I wonder if they'd just hammer us with questions tho? Hmmmm....
0 votes

You might want to try the stop spam plugin (not free): http://www.q2apro.com/plugins/stop-spam

It should block bots. And when attacked by human spammers, you can disallow parts of domains or specific words.

The "free way" would be to block spammers by IP with wildcard: admin/spam under "Blocked IP addresses", for instance 91.201.*

@merica: So far all customers were happy about the stop spam plugin.

Actually it is an interesting idea to block users by countries. I can implement this in the stop spam plugin if somebody needs this feature. Let me know.

@waterfr villa: Yes, one question can be set up with two answer options. The honeypot tech is in the captcha form. http://en.wikipedia.org/wiki/Honeypot_%28computing%29
@q2apro.com: thanks for that... yes, the ip block is a little concerning because I was wondering if IP's overlap between countries do you run the risk of blocking otherwise "wanted" users. I really just need to allow U.S. users because its' a country specific site... I think I'll be looking at your plugin before I do an ip block... Probably buy your plugin next week. :)) Thanks so much for your help all!
Ok, so it looks like I have stopped the bots but am getting 3 to 5 human spam registrations per day now. My plan now is to block ip ranges in EU via .htaccess. That is my final solution to this matter. @q2apro: if you do end up adding the ability to block ip ranges by region, country or other let us know. I think it would be a great feature since people like me don't really want to take the time to figure out how to block ip ranges. In fact, I think it would be best to add the ability to block all and include specific countries or regions. In my case, I am only interested in U.S. traffic so I would allow U.S. and block all others.
I would simply API call a IP-to-location service, receive the country and block the user if this country has been blacklisted in the admin options.
+1 vote
You could try this new plugin created by me . This might help you to prevent spam .

This asks some random , logical questions to the user . More information is on this thread .



Hope It helps .

Awesome! I think right now I've limited my issue to human spammers only so I think I'll be having to find an IP block solution. Blocking ip ranges that spam me doesn't work though because its a new ip everytime that's outside previous spammers' ip range. If I have bot troubles again I'll try yours out though.. :))
0 votes

I'm using AntiBot Captcha plugin with the latest q2a version.

it is working very well and has almost stopped spam registrations using bots. (I had 1000 to 2000 bots registrations each day!)

Just install it go to plugin settings increase the "Symbol count" to more than 6 and add some letters to "Character Set". (Characters are case sensitive)

Here is the link: https://github.com/pupi1985/q2a-kk-abc