"Flood Control" software for spam - any experts here?

Post Reply New Topic

As you may know, we are being heavily spammed hundreds of times a day by Indian spambots today and have been for the past week or so. This is the worst attack that I know of in the past 3 years, and if it continues at this rate indefinitely, moderators can't be expected to spend large amounts of time every day to delete it, as is happening at present.

Is anyone here familiar with the technical ins and outs of Flood Control,and knows whether WP would be compatible, and what installation costs and prerequisites would be, could you advise along with anything else to increase our understanding of this or similar options.

It would help if you could make the advice simplified enough for non-geeks like me to understand, and comprehensive enough for Alex to assess flood control as a viable possibility (or not), one that the mod team can perhaps jointly suggest to prevent future bombardments.

liteRally a A 5 minute fix.
Code is already there.
Developer just needs to include it.

And no, I couldn't explain it to non geeks like you. Have you considered letting a geek administer the site...

The software the forum uses allows you to configure the site such that new members need to be manually accepted which you might need to enable. It means bots can't register then spam, they can only post when approved. The downside is obviously that the admins are going to have to vet these new accounts and try and work out if they are genuine accounts or not, either by common sense or using lookup tools on the IP like

http://www.stopforumspam.com/

It also means that genuine members might need to wait a day, maybe two, before they can post but it's all about trade-offs.

Maybe have a look at some suggestions below, seems there are a few different plug-ins and anti-spam tips already

http://www.vbulletin.com/forum/forum/vb ... nting-spam

^^^This. The tools are already there, they just have to be implemented, and a structure decided for who will handle what responsibility.

There's wealth of good info on the vbulletin forums & has been since Hector was a pup. Also, IIR vBulletin 4 supports Akismet and Typepad which may be far more effective (and induce far less angry users) than CloudFlare (which doesn't even effectively cache correctly). I realize the latter is a much more invasive change, despite being mostly external.

We have a wealth of technical users here with a fair amount of experience who could at the very least discuss the roadblocks the site is hitting. Wouldn't even need anything other than forum user access if a super-mod could act as eyes and hands (provide code snippets, implement & test changes).

Also, this page: https://clients.urljet.com/knowledgebase/94/-vBulletin-Settings-to-Reduce-Spam-and-Registration-Bots.html

Has a number of simple checkbox settings that do not seem to be implemented yet would reduce the floods.

CAPTCHA should be done on the application level not through CDN like Cloudflare, that would make it smarter. You could do it for forms, but take into consideration how long the user has been here, and post count.

This could be done as an extension. However it can only be done as a mod as this forum is running an old version of phpBB. Nobody is actively developing mods any more. There is no point.

Alex ran very old version of phpBB didn't update for years. Thankfully that version was very stable which atypical to that degree. However the pace of development now is such you cannot afford to do this. He should keep up.

The reasons for not being on the newest stable version could be overcome.

There is actually a fair bit that could be done server wise to improve performance and security. Alex should hire a consultant to help.

A list of professional services one can "reasonably" expect to obtain for free, ordered by difficulty in procurement.

1. Emergency Medical Services
2. Emergency Legal Services
3. Advice
4. Sales pitches

So, I'm being a little facetious.

I hope this isn't seen as too abrasive and I don't know what the reasoning is behind a largish website running without technical expertise, but asking a professional for an answer so you can try to implement it is pretty arrogant. If you could solve the problem on your own, you wouldn't need to ask; if you need a professional, you need them to do it. Which is not to diminish the advice you've received, but an old website without updates is a sinking ship no matter how you look at it.

It's like driving a car without changing the oil, some cars will run for a long time like that, but eventually it will kill every single one of them.

I am a member here, not the owner of the website, and curious about possibilities in a field I am unfamiliar with. Alex wasn't asking the question, I was.

PS - from time to time members consult me about issues in my own field of knowledge, and I don't regard their requests as arrogant so you and I are not the same page, obviously.

I'm sorry, I didn't mean to offend you.

I just think that there is probably a reason things are the way they are.

Perhaps the solution isn't technical, but systematic, as in maybe a non-profit organization would serve the purpose better than one admin and a group of moderators? The most obvious reason that new accounts don't require moderator approval is that in the past, maybe the moderators couldn't be trusted to act in a fair manner? Maybe the intrinsic protections are broken, as in a portion of live code is corrupt and an update or a repair in production is not feasible or it has a well known security vulnerability that was heavily exploited at some point. Anyway these are all valid potential causes of the problem that simply cannot be perceived from the outside looking in and maybe make the airing of dirty laundry counterproductive.

That said, I'd like to make it very clear that I admire your care for this site and willingness to dig into a problem you don't fully understand. That persistence and tenacity, while it can be considered arrogant is a requisite trait for everyone who solves mysterious problems.