The past few days I’ve been getting a ton of spam “signups” (but strangely no spam from these accounts yet). They seem to all have unique IP addresses which is strange (correction - many have unique addresses, some have multiple). I can tell they are spam beacause of the names, and because my new user registrations have suddently gone up from 6 to 10 a day to suddenly 30+ each day for the past two days. Any ideas on how to control for this?
Sounds reasonable - I wasn’t sure what category, since it seems like the spam protections need to be enhanced to deal with this. i don’t expect any short-term support other then “delete the accounts”.
For the record, we get a ton of these too. It just simply happens organically. From what I can tell on our instance, they are all manually entered, but I don’t have a lot of stats to back that up, other than, I haven’t seen hordes of them sign up in a short period of time.
Are the accounts verified/activated? Did they follow the link in the email and then press the button to validate themselves? If they didn’t, they should clear themselves out after 7 days. But if they did, you either can ban them without the posting, or wait for them to post and hope Akismet/Needs Approval picks them up and ban then after their initial post.
For the ones that fill out their profile info (about me, etc), I would like it if our Akismet plugin could eventually start feeding the About me through its anti-spam checkers.
What percentage of these fill out the user info @BCHK ?
There is a fair argument to be made here for checking global IP blacklists on some new user signups – it’s about the only way to tell if they are just spammers who have not spammed (yet) but are creating accounts to maybe eventually do that?
Another possibility is to auto-delete accounts after (n) days who have not visited nor read anything beyond signup. But a lot of site owners won’t like this because it hurts their “stats”. Never mind if the stats are bullshit…
I’m going to relay this to our staff too, who have eyes like a hawk for catching these new signups. I’m curious to know how many have filled out profiles too now.
Also, this is 100% human entered. Captcha will do literally nothing to stop these kinds of profile spammers.
Doesn’t really matter, since TL0 profiles are always unlinked and hidden (can’t be accessed from any external browser except for staff). You can easily verify this yourself if you don’t believe me. But it is annoying.
Which is very weird… because unless they post… who will find their public profile? There is the /users listing, but even so, I don’t think that page is indexed and they’d be way down the list. I bet ours are doing the same, all things considered.
OK - thats great. It would be nice if I could easily take action from this screen. Like in Gmail - where I can click at the top of the column to select and then delete them all.
Even easier than that is a setting to auto-delete any new account after (n) days that doesn’t ever get more than 1 topic viewed. (Or, to be more strict, 0 topics viewed, 0 posts read… that’d be fairly safe looking at the screenshot above)
Then you would need to do literally nothing.
Obviously this probably can’t be on by default because people who live and die by “look how many new users we have!” would lose numbers.
It would be nice for the admin to be notified of these suspect accounts as they happen. As it was, I only found these out when I saw the large number of new accounts and started digging.
It doesn’t exist – I’m proposing that we might add it at some point. That along with the Akismet “about me + URL” check seem reasonable to do, eventually.
Lots of sites have the “spam users sign up but never post anything, ever” issue.
(liking wasn’t enough, this made my day)