Hello all,

With forum spam reaching higher and higher levels, many YaBB forum administrators are having to spend more time dealing with the problem. I would estimate that attempted spam on our forums has increased at least tenfold in the last year.

I am also absolutely certain that robots have been developed which crack the standard YaBB Captcha, because the vast majority of attempted registrations are undoubtedly from robots, yet the Captcha does not dseem to stop them, no matter how it is configured.

Pre-registration with admin approval does not seem to be doing a lot to stop the attempted registrations either; we have been getting perhaps 25 - 30 spammer registrations every day, which needs a lot of effort to keep on top of and reject/delete.

So I had an idea which seems to have worked perfectly, and I would like to share it with other YaBB administrators. It has decreased our attempted spam registrations to...zero. And it was very easy to implement, using YaBB 2.5 AE.

What I did was to create an extra Profile field. The label for this is "Security check: what is 25 + 13"?". I set the field to numeric, with a maximum 2 character size, and made it compulsory to enter data in. I set the field to be visible in registration but nowhere else.

Now, obviously the logic does not exis t to check that the correct solution has been entered, as one sees on many websites which use this type of numerical security check. But this does not matter. The point is that a spam robot will not know that it has to enter a number, which can be no more than 2 digits long. And this in itself seems to be stopping the robots from registering. Since implementing this field in registration three days ago, we have not had *one* successful attempt to gain entry. Obviously I checked that a human can still register! 

I'm not saying this will work for you, but it may be worth a try. I just wanted to share this with other forums in the interest of combatting a common enemy.

And I really believe that a new version of the standard YaBB Captcha is overdue, because the current one has been cracked. My recent experience seems to have proved that the vast majority of registration attempts are robots, and, logically,  in order to register they have got through the Captcha.

I also wish that there could be a concerted international effort to track down and punish the spammers hard, because these parasites are ruining the internet for others and destroying countless hours of hard work. I don't think the problem is taken as seriously as it should be. To my mind, writing and propogating spam robots should carry a mandatory jail sentence. It might deter a few code kiddies from going into this type of activity.

Kind regards

Andy Briggs
Publisher, Science File
http://www.sciencefile.org

JonB wrote on Nov 4^th, 2011 at 11:16am:

What's that? The fact that he gave away that the question doesn't need an answer, or am I missing something?

Oh, there is a Mod purposely for questions like that:

http://www.boardmod.org/yabb2/YaBB.pl?num=1316894374

And SpamFruits does the same sort of thing:

http://www.boardmod.org/yabb2/YaBB.pl?num=1319393134

I think we'll just have to see how it goes in the longer term - my guess is that it won't be too long before there are random stabs at the input field - which ultimately doesn't work. I had someone get past my Anti-Spam Question for the first time this morning, but I'm guessing that was human.

I think only time will tell...

Running their software for knowledge?

Someone ought to get their spamkits and run them against yabb boards to see what they do and learn how to program against them.

I am currently seeing that since I installed Yamms there are fewer making it to the stopforumspam error.

Too bad this can't be done in Yabb 2.4 as it's a great idea. Any chance of a modification for the 2.4 registration page to include the numeric question field?

How do you install the Anti-Spam Question ? There simple instructions?

Derek Barnstorm wrote on Nov 23^rd, 2011 at 7:09pm:

I just can't figure how setting an extra profile field that,  (in my experience at least),  shows up only on a member's profile page would appear on the registration page. In the past  I've added several fields in Extended Profiles, but have never seen an option to display them anywhere but in a profile page. (Yabb 2.4)

Thanks Derek but the screen you attached does not exist in Yabb 2.4 at Admin Center > Forum Configuration > Profile Fields

All I see is Extended Profiles, Edit Existing Profile Fields, Create New Profile Field, Reorder Profile Fields, and Convert Old Extended Profile Fields.