To have any measurable level of success, we've resorted to a multi-pronged approach. Definitely use the tips mentioned here and explore commercial spam blocking options. But also this is just how we've adapted based on our forum's member demographics.
Our advantage is and has always been that our forum doesn't have a global relationship; our forum has a finite list of countries that would have an inclination as to what we're about. So having the forum exposed to the whole world was a way we could quickly close many avenues the spammers were using to get to our forum.
To start, we exported our Users database to CSV to get to know the E-mail domains and what kind of addresses our legitimate users used (column L). We imported the CSV into a spreadsheet for analysis.
Next, we imported to another spreadsheet the IPv4 address ranges of the countries where our core audience resides. You can Google such lists and they're also easy to import into a spreadsheet for analysis and manipulation.
To counter the spammers, we've narrowed our forum's regional acceptance to just mostly the IP addresses of those countries. I won't sugar-coat it, it was a lot of work at first blocking IP networks and understanding how to do so in ACP, but that worklaod tapered off fairly quickly once we built the original list. Stop Forum Spam (SFS) helped out a lot with our IP ban list in adding networks the volume spammers were using.
To counter the E-mail domains to block, we've used Stop Forum Spam's site to show us the top current offenders and thus the E-mail domains and IPs the Web scum are using. Using wildcards (*@*.ru), we shut down as many as we could find, so long as they didn't conflict with our existing users (see above Users database export).
What you end up with is a much quieter forum, like what you might expect in the old days before the Internet became a third front war zone. Then, it's just a little bit of maintenance to fine-tune what doors to open and which ones to close. Check your admin E-mail for unbanning requests. Most people are understanding and you can use member security as your reasoning for bans you've established that are too broad and that need some fine tuning. For fun, if you find an offender matches one found on SFS, often they'll be shown as having used random E-mail addresses and all of their IPs, which can then be cross referenced, forwards and backwards, on SFS to identify just about every E-mail address and IP they've used.
Lastly, get in tune with your WhoIsOnline list of Guests. We have a fairly constant 1 to 1 or 2 to 1 ratio for guests vs registered members. If your ratio is higher than that or disproportionate to that, then your guests are probably not guests at all, they're probably bad guys, up to no good. Let WhoIsOnline's "Whois" help further identify networks and IP network ranges. If you suspect or know they're bad guys/bad-BOTs, most of the banned IP network range will be shown on the Whois pop-up:
So if it shows 37.46.32.0 - 37.46.199.255, block 37.46.32.0 - 37.46.200.0, then immediately unban the second number to clear it: 37.46.200.0. The ban will have already added in all the IPs networks in between.![;)]( "Wink")
Our advantage is and has always been that our forum doesn't have a global relationship; our forum has a finite list of countries that would have an inclination as to what we're about. So having the forum exposed to the whole world was a way we could quickly close many avenues the spammers were using to get to our forum.
To start, we exported our Users database to CSV to get to know the E-mail domains and what kind of addresses our legitimate users used (column L). We imported the CSV into a spreadsheet for analysis.
Next, we imported to another spreadsheet the IPv4 address ranges of the countries where our core audience resides. You can Google such lists and they're also easy to import into a spreadsheet for analysis and manipulation.
To counter the spammers, we've narrowed our forum's regional acceptance to just mostly the IP addresses of those countries. I won't sugar-coat it, it was a lot of work at first blocking IP networks and understanding how to do so in ACP, but that worklaod tapered off fairly quickly once we built the original list. Stop Forum Spam (SFS) helped out a lot with our IP ban list in adding networks the volume spammers were using.
To counter the E-mail domains to block, we've used Stop Forum Spam's site to show us the top current offenders and thus the E-mail domains and IPs the Web scum are using. Using wildcards (*@*.ru), we shut down as many as we could find, so long as they didn't conflict with our existing users (see above Users database export).
What you end up with is a much quieter forum, like what you might expect in the old days before the Internet became a third front war zone. Then, it's just a little bit of maintenance to fine-tune what doors to open and which ones to close. Check your admin E-mail for unbanning requests. Most people are understanding and you can use member security as your reasoning for bans you've established that are too broad and that need some fine tuning. For fun, if you find an offender matches one found on SFS, often they'll be shown as having used random E-mail addresses and all of their IPs, which can then be cross referenced, forwards and backwards, on SFS to identify just about every E-mail address and IP they've used.
Lastly, get in tune with your WhoIsOnline list of Guests. We have a fairly constant 1 to 1 or 2 to 1 ratio for guests vs registered members. If your ratio is higher than that or disproportionate to that, then your guests are probably not guests at all, they're probably bad guys, up to no good. Let WhoIsOnline's "Whois" help further identify networks and IP network ranges. If you suspect or know they're bad guys/bad-BOTs, most of the banned IP network range will be shown on the Whois pop-up:
So if it shows 37.46.32.0 - 37.46.199.255, block 37.46.32.0 - 37.46.200.0, then immediately unban the second number to clear it: 37.46.200.0. The ban will have already added in all the IPs networks in between.
Statistics: Posted by SQLnovice — Tue Feb 13, 2024 4:29 pm