Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+2 votes
1.4k views
in Q2A Core by
edited by
I see 5-6 new users per day registering.  I am not sure but they seem spam users.  recapcha is on for eerything, including user registration.  Most of them are email verified.

I do not see any posts from them though.  Additionally, my site does not require registration to make posts.

So what is the point of the spam users?  Are they a threat to my system?  Am I missing something
Q2A version: 1.6.3
by
Out of the 20-25 users that registered in the system, only one attempted to post a couple of messages, completely unrelated to my site.  I spotted it online and I blocked the user.

But the remaining stay there inactive.

2 Answers

+1 vote
by
selected by
 
Best answer
So what is the point of the spam users?  Are they a threat to my system?  Am I missing something?
 
They are a threat. What you're missing is the time factor. Spammers act in a 2-phase process: first they register accounts and then they send the spam.
 
There are a few reasons why this is a good alternative for them. Firstly, if they registered accounts and start spamming right away, you will immediately block all of them: you will see the new accounts, take a quick look at their activity and remove them. It is better for them to stay dormat for a while and activate them later one by one when needed. So they would be quite unnoticed to site owners. Or maybe they just don't have any customer paying for publicity right now so they are just planting the seeds so that when a customer arrives they are ready to be harvested.
 
Having said that, I can see 2 alternatives here. Take a look at this post http://www.question2answer.org/qa/39657 . You can go for the alternative I propose (which, again, I'm still missing feedback) or you can go for the selected answer. Each one has pros and cons. For instance, the selected answer will block all users from the TOR network, whether they are spammers or not (I guess most of them are, anyway). In that approach you could be spammed from a non-tor IP address very easily (eg: from my IP address, which is dynamic and it is not listed in stopforumspam.org). It also has the downside that you will be hacking the core and you'll have to take note of the change whenever upgrading the core.
 
The captcha approach I suggest has the disadvantage that it could be cracked with an OCR and by fully automatized, but it is considerably unlikely. This approach wouldn't also block human spam users from the tor network, but I guess human spam is the least popular because of the price.
 
Anyway, you don't really need to choose between one or the other because you can use both of them (if you are paranoid enough)... although I'd really like some feedback on the captcha working alone... many people promised to test it... no one did :)
by
I am not sure if the spam registered users are automated or not.  Is there a way to find out?  If they are automated, then a better capcha would be worth it.

I changed my policy.  Guest posts are allowed.  Users can register without moderation.  All posts are moderated, unless a user has several good posts and higher points. So unless there is hole in the system, no spam post will appear.
by
Is there a way to find out? => Not for sure. But, for instance, if you get 10 registrations during a 30 second period and 1 or 2 during the rest of the day then it is considerably likely that the first 10 registrations were automated.

All posts are moderated, unless a user has several good posts and higher points => This is obviously the best approach ever to stop spam. The downside is that it is also the most time consuming. For a few users, it works. For many, then you'll have to turn to a more automated approach. My thoughts on this are: go for it until you just can't handle the amount of users :)
by
I followed your advice.  I installed a different logical capcha (http://www.question2answer.org/qa/37749/q2a-logical-captcha-new-free-anti-spam-plugin-now-v1-1) and I linked to the stopforumspam.com API.  Since then I had ZERO spammers register.  

This is strong indication that these were automated registrations, not humans.
by
UPDATE:

Even with the double measure I had spam registered users.  Since they passed by the capcha, it means they are HUMANs.

The stopforumspam.com API seems to work (by blocking the known spam IP addresses).  This means that when this block was active, I had spammers register from "clean" IP addresses.
by
Have you installed the plugin I recommended in the linked post? Summary of the linked post: Text-based captchas can be dodged programatically. Image captchas is harder. Recaptcha, although it is an image captcha, can be dodged by paying a few cents per captcha. Conclusion: Used lesser known image captchas. If after doing so you still get spam, then they must be humans.

Note stopforumspam's API will only block already reported IP addresses. First timers will not be blocked and will always be first timers unless you rerport them.
by
I am not sure which one you recommended.  I installed this one:  http://www.question2answer.org/qa/37749/q2a-logical-captcha-new-free-anti-spam-plugin-now-v1-1

UPDATE:  Only the capcha seems to do very little.  I hope it is not broken by autobots.  The API was stopping many user registrations.
by
I recommended https://github.com/KrzysztofKielce/q2a-captcha-antibot in the linked post. I'm believe it shouldn't be broken by bots. Not sure about "autobots" :D (JK). Bear in mind nobody I recommended it to has actually tried so I have no feedback
by
How about you?  Have you tried it?
by
ok, I installed and I will test the capcha-antibot you proposed.  I do not see why it would be better than the logical-capcha.  Do you think that the logical capcha can be broken by bots?

With the logical capcha I had up to 4 spam users register per hour.   Let's see what happens now.
by
ok, here is the feedback:  Even with this capcha, I still get 3-5 spam user registrations per hour.  Same as the logical capcha.  Now either they are both broken, or these are humans.

I will put back the stopforumspam.com API.
by
Interesting. I hardly believe someone has managed to create a bot that would bypass that captcha. I'd say they are humans but you never know... The only advice I can give you is to enable every possible measure... you've already tried it everything :/
+1 vote
by

It could be a human spammer...

I would check the ip associated to the users (click on their username, and note down the ip value in the "Last login" field).

If it's the same ip for all users, I would block that IP (click on the IP ---> block IP address).

If their IP is different, if it's a human spammer, he could be using dynamic IPs; or they are simply different lazy users that have just registered for curiosity smiley

by
Ok, the 3 from Romania and the 2 from Dallas are suspect.... For the others it's difficult to say that they are spammers....
Maybe an online blacklist check could provide more infos....
by
But still I am puzzled.  The ones that are spammers.  Why did they just register and did not post?  Couple of days ago I allowed unmoderated posts, without any  registration.  They did not take advantage of it.  

I've read many cases where spammers just register and do not post.  Why they do it?
by
Didn't they even post a link to an external website ? (see their profile)
by
Only one of them did about a week ago.  And I already have about 85 span users.
...