anti-spam plugins

[netsavy006]

Do you an anti-spam plugin on your forum?

If so, which one do you use and how effective is it?

 

[Malcolm]

Code Forum uses the generic Stop Spam services that come with XenForo. Additionally we also have a Q&A question at registration to help deter spammers, although not always effective. If a particular member has a history of making spam like posts then I’ll have your account restricted where every post needs to be moderated.

 

[Tealk]

I only use this mailing list because I find it very questionable to pass on user data to third party services.

Unmaintained - Banned emails; Trashmails & Spammails

Description Navigate to the window below and select the banned_emails.xml file that is included in the zip archive. Donate If you like our work, please consider sending a small donation. Additional information We would prefer it if bugs were...

xenforo.com

The best protection is active moderators. The community can help very well with this, e.g. with the "Report" button in XF

 

[Nerdface]

I use a similar list to the above with a total of 7,508 domains blocked, in combination with Captcha login.

It's by no means bulletproof, I've had a few suspected spam bot registrations but thankfully no posts have littered the forums yet.

I've got my eyes on something called OzzModz Spaminator which looks particularly promising.

 

[Malcolm]

I agree the best form of spam prevention is moderation. Not sure if you guys are familiar with StopForumSpam, but whenever I get a hit, I'll approve the account then apply account restrictions just like I mentioned above to monitor posts thing make.

 

[Tealk]

in combination with Captcha login.

Google Captcha is for me a reason to leave a website

Not sure if you guys are familiar with StopForumSpam

Yeah, that's what I meant by "third party services ". User data is sent to the service. Because I am from the EU I may not do that and I do not want it at all.

 

[Malcolm]

Yeah, that's what I meant by "third party services ". User data is sent to the service. Because I am from the EU I may not do that and I do not want it at all.

Code Forum only receives information from StopForumSpam, does not send out. I'm not a fan of sending my information out either.

 

[Tealk]

Honestly, I didn't take a close look at StopForumSpam. I thought it worked similar to haveibeenpwned.com.

 

[Malcolm]

The name sounds very familiar but have never used them.

 

[Tealk]

haveibeenpwned is a service that allows you to control whether your mail or password is publicly available.

 

[Malcolm]

haveibeenpwned is a service that allows you to control whether your mail or password is publicly available.

Very interesting!

 

[Nerdface]

It's not as intrusive as Captchas used to be, but they're not ideal I'll admit.

With Spaminator they recommend disabling all existing anti-spam measures, so fingers crossed I can get my paws on it at some point!

 

[Tealk]

It's not as intrusive as Captchas used to be, but they're not ideal I'll admit.

That's not the point.
A lot of data is transferred, e.g.

• From which side the CAPTCHA is integrated
  User agent of the browser
• IP address of the port
• Screen and window resolution
• Language set in the browser
• time zone
• Installed Browser Plugins
• It is checked whether a Google cookie has been stored in the browser - if not: a cookie is created

So a complete fingerprint of your browser will be created via JavaScript, which allows you to be recognized on other pages. This makes cross-page tracking possible, even if the IP address changes or cookies are deleted. The study "(Cross-)Browser Fingerprinting via OS and Hardware Level Features" shows that 99.24% of visitors can be recognized / tracked across pages via certain features such as the screen resolution used, color depth, plugins installed in the browser or fonts.

Spoiler: My advice

If a website pushes a Google CAPTCHA "in" then surf somewhere else. They obviously don't want you as a customer / reader.

 

[Nerdface]

Fair enough! I wasn't aware of what data Google actually collected via their Captcha (I'm guessing this is the same for the majority of webmasters).

I'll revert back to using textCAPTCHA for now.

 

[Tealk]

what advantage does "textCAPTCHA" have over "question & answer CAPTCHA"?
"question & answer CAPTCHA" would run locally without third-party sources.

And I've been trying to point this out to webmasters for a long time, but unfortunately so many people don't care.
The article is in German but I think it's very good:

Kommentar: Das Bullshit-Web

Das Web gleicht einer Müllhalde. Es ist an der Zeit endlich mal aufzuräumen!

www.kuketz-blog.de

 

[Nerdface]

Ultimately both can and will be defeated, and they appear the same to an end user.

Using a third-party source just saves me time coming up with my own questions and/or spending the time sourcing questions from a publicly available source. It doesn't appear that any of the previous data transfer issues are an issue with this third-party either..

 

[Tealk]

It doesn't appear that any of the previous data transfer issues are an issue with this third-party either..

You might be right but a curl connection is not the best solution.

If we find time I would like to create a local captcha version using this:

EasyCaptcha.php

kestas.kuliukas.com