Loading...
 
Features / Usability

Features / Usability


Large number of spammer registrations

posts: 32

I've made it so approval is required for all new registrations, but even though my Wiki is only a week old, I'm already getting hammered with the fake registrations from the world's lovely spammers and SEO scum.

I can't keep up with the approvals. Worse, there's no good way to easily display a list of only the unapproved users for quick deletion.

The Captcha isn't helping.
Email validation isn't helping.

  • Are there any add-ons that utilize http://www.stopforumspam.com/?
  • Any other solutions?
  • Any way to see the IP address of the registrar so I can ban them?

posts: 32
Thanks, but neither of those can stop the registrations. They're a lot more clever than that.

posts: 98 Greece

You are right, I have to delete 15-25 spam registrations daily. Very much annoying. No harm done at my wiki, as I have to validate every user before he is able to create any page or post any message, but still, a daily pain. Not to mention that while deleting them, I may accidentally delete a valid user.

Only way I have thought in order to combat them is: add a tracker field in which they will have to write a specific word in my native language (my wiki is not english). Most of them (all perhaps) will not understand how to do that or they will not bother to install the specific keyboard. But: Is there a way, that if the field is not completed the way I want, then the user will not be able to complete registration? I don't know if this is doable.

And of course, this doesn't work for the english wikis...


posts: 212

Back in June I converted an existing website from html to Tiki. The site did not get a lot of visitors before the conversion, but less than 36 hours after it re-appeared as a Tiki site, it started getting hit by lots of Tiki register attempts.

I sent an email about it to the Tiki-devel list, and emails to that list get added to the Tikiwiki-devel (mailman list mirror) forum, so you can read my email here: Convert your site to Tiki and increase your traffic....

 Note

The version of my email that was posted in the Tikiwiki-devel (mailman list mirror) forum was wiki parsed, which messed up the code. There is a cleaner version of the email in the Sourceforge Tikiwiki-devel archive, I recommend you read that one if you are interested in the code:Convert your site to Tiki and increase your traffic....


Basically it recommends that everyone should block "URLAppendBot" with their .htaccess file because I am pretty certain that was the robot that identified my site as a Tiki and fed the information to the distributed bot that does the tiki-register attempts.

Add the lines below after the "RewriteEngine On"

RewriteCond %{HTTP_USER_AGENT} URLAppendBot [NC] 
RewriteRule .* - [F]


Also, I included the code for a Stop Forum Spam plugin I have created. The plugin is kind of garbled in the forum post, so I will include it, with my instructions for how to use it here.

This plugin uses the Stop Forum Spam API to check IP addresses, to see if they are of reported spammers.
It needs to be saved as:

/lib/wiki-plugins/wikiplugin_checkipwithstopforumspam.php


Plugin code (I am sorry for the formatting, the CODE plugin does not work with this code so I had to do a lot of encoding to be able to display the code below):

<?php
function wikiplugin_checkipwithstopforumspam($data, $params) {
    global $user, $prefs, $tikilib, $smarty;
    extract($params, EXTR_SKIP);
  if (!isset($msg) && !isset($page)) {$msg="Sorry, you may not register.";}
// Only check Stop Forum Spam if the group is Anonymous
  $userGroups = $tikilib->get_user_groups($user);
  $sfschk=1;
// This will check all the groups, if any are not Anonymous, do not do SFS check
  foreach ($userGroups as $key=>$grp) { if ($grp != 'Anonymous') {$sfschk=0;} }
    if ($sfschk) {
  // *** CHECK IP against SFS
      $addr = $_SERVER['REMOTE_ADDR'];
      # $addr="222.187.222.66"; # for testing, bad IP address
      $response = file_get_contents('http://www.stopforumspam.com/api?ip='.$addr);
      $pattern = '/<appears>yes<\/appears>/';
    if (preg_match($pattern, $response))
      {$SFS=1;} else {$SFS=0;} // SFS set to 1 if known spammer
  // *** End of SFS check
  if ($SFS) {
    if (isset($page)) {
      header("Location: tiki-index.php?page=$page"); // redirect to page if SFS known spammer
      exit;
  } else {
    header("Location: ./tiki-information.php?msg=$msg"); // leave and display message if SFS known spammer
    exit;
      }
    }
  }
return "";
}



To use this plugin, set up a User Tracker to collect information about your members, select that the tracker description should be wiki parsed, and then add the plugin to your User Tracker description:

{CHECKIPWITHSTOPFORUMSPAM()/}


There are 2 optional parameters, page= and msg=. If neither of them are set, and the IP address is found in Stop Forum Spam's database, the visitor gets sent to a page that displays the default message: "Sorry, you may not register".

You can change the message with msg="your message", or send them to a wiki page with page=PageName. If a page= is specified, the msg= is ignored.

It does not check the IP address with Stop Forum Spam of someone that is logged in, so it will not call Stop Forum Spam for your IP address when you list your trackers and it shows the description.

You can test that it is working by un-commenting (removing the first "#") the line:

#   $addr="222.187.222.66"; # for testing, bad IP address


Then log out (or use a different browser) and access your tiki-register.php. With that line un-commented, the 222... address will be used instead of your IP address and you should get redirected away from the registration page.
Be sure to add the "#" back in when you are done testing, or delete that line altogether.

Note: I have only tested this plugin with Tiki 9, so use it at your own risk.


While I was researching the Stop Forum Spam API, I found
ZB Block. I have installed it and have been using it for a while with some of my Tiki sites. You might consider checking it out. One problem I had with it was that it blocked access to my Neighborhood Association Tiki website when that site was accessed from our local library's wireless access point. Some spammer had used the library and the library's IP address had been added to the Stop Forum Spam database, which is used by ZZ Block. There is a way to white list IP addresses though.

Tom

posts: 32

Tom- got this working.
Thanks!

Note: Needed to enable allow_url_fopen in php.ini

We'll see if it helps cut down on the scum. :-)


posts: 32

Great info - thanks!
I need to spend some time digesting it.

I was wondering how my site was found so quickly by the scum of the earth.

posts: 212

Sorry. I should have copied those lines from my original email, instead of copying them from the version of the email in the forum post.

The emails that get posted to the Tikiwiki-devel forum get wiki parsed, which interpreted the brackets as an external link. (Several other things in that post got messed up by the wiki parsing also.)

Maybe Tikiwiki-devel emails should be enclosed in {CODE()} email {CODE} when they are added to the forum.

Actually, there is currently a problem with using the Code plugin on Tiki 11, but only in forum posts, it works fine when used in the other features.

I have corrected the code by adding the brackets in my post above.

Sorry for causing you the problem,
Tom


posts: 98 Greece

I followed the first option, adding at .htaccess the 2 lines specified, and immediately I get a problem. My wiki site will not load, instead I get

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster at wiki.mysite.gr and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
Apache Server at wiki.mysite.gr Port 80

I deleted the two lines, my site loads fine. Tried twice, same result. Why is that happening?

posts: 32

Yes, there's a little error in what was posted above.

You need square brackets around the F and the NC.


posts: 98 Greece
Thanks, no access problem after the correction. I will come back with the results.

posts: 1797 Catalan Countries

Excellent Tom!

I forgot to mention that the most effective way for many of us to cut spam down was to enable passcode field for the registration, and show the passcode for humans. In recent tiki versions there is a checkbox for that. In older tiki versions, you can do that by hand using jquery code: see this tutorial: https://doc.tiki.org/Anti-spam

Tom, I wish you commit your code to Trunk for others to re-use it, etc.
Have you read this?:
https://dev.tiki.org/TikiDevNewbie ?

posts: 32
What does the passcode field do for registration?

posts: 98 Greece

@eunos: It requires that user has to add a passcode which is pre-defined by admin and displayed in the new user registration form.

I am not sure the passcode field will help. I just enabled it and will see. Unfortunately it is easy to copy-paste the passcode and add it in the required field. But we will see.

Is there a way to add a question and answer field, like I had done in my mediawiki site? I think this is the best potential for anti-bot registration, especially (like in my case) the q + a was in my native (not english) language. No bot knows the capital of the X region of Greece or -even more- is able to write it in Greek!

posts: 32

It won't help. Trust me on this. I run a pretty large forum, and the spammers have found there way past Capcha, multiple question/answer, and required passcodes. None of them work very long.

The best defense against spam is multi-pronged. StopForumSpam is excellent. It doesn't get 100%, but it gets a lot of them. Tiki really needs a StopForumSpam integrated registration solution.

posts: 1539 Canada

In the most recent versions of 6.x, 9.x, 10.x and in 11.0 there is a new feature. Just visit tiki-admin.php?page=security -> Spam protection and activate "Require passcode to register" and "Show passcode on registration form".

@eunos: AFAIK, it has solved the problem on all sites that have tried it so far. I don't know how long it will take for them to catch on, but for now, it works. It shows the passcode (which is unique to each site) to humans via JavaScript.

CAPTCHA seems to do nothing to slow them down and annoys humans.

+1 to integrating specialized solutions like Bad Behavior, StopForumSpam, ZB BLOCK or PHPIDS


@nikosal25: "question and answer field, like I had done in my mediawiki site" -> This is indeed very efficient because it's contextual to the site.

We just need someone to take the lead on this. Here is how to get commit access.

Thanks!


posts: 98 Greece

... (a) try the passcode. It works.
(b) make a wish before you sleep every night, that it will take some time before spammers find a workaround.


Upcoming Events

No records to display

Why Register?

Register at tiki.org and you'll be able to use the account at any *.tiki.org site, thanks to the InterTiki feature. A valid email address is required to receive site notifications and occasional newsletters. You can opt out of these items at any time.