Lots of Spam New User Registrations?


(Bcguy) #1

The past few days I’ve been getting a ton of spam “signups” (but strangely no spam from these accounts yet). They seem to all have unique IP addresses which is strange (correction - many have unique addresses, some have multiple). I can tell they are spam beacause of the names, and because my new user registrations have suddently gone up from 6 to 10 a day to suddenly 30+ each day for the past two days. Any ideas on how to control for this?

Seems like a problem coming…

https://www.evernote.com/l/AGrB3OamvvxByqxUcntwnXmygyP28KXd4R8B/image.png

HERE is what the accounts look like below:

https://www.evernote.com/l/AGqks4c1LCVFuaSOqKd5y2S-g-oPk9q8wW4B/image.png

and
https://www.evernote.com/l/AGrvuxm3A8VK1Iv1LwOvd1YuO-4mfWpDoN8B/image.png

and

https://www.evernote.com/l/AGqbePkPexlBvqEzj-60t89a6RKDCc8TZPEB/image.png


(cpradio) #2

This is most definitely not a bug, it is definitely support. You don’t have any repro steps and it isn’t breaking any functionality.


(Bcguy) #3

Sounds reasonable - I wasn’t sure what category, since it seems like the spam protections need to be enhanced to deal with this. i don’t expect any short-term support other then “delete the accounts”.


(cpradio) #4

For the record, we get a ton of these too. It just simply happens organically. From what I can tell on our instance, they are all manually entered, but I don’t have a lot of stats to back that up, other than, I haven’t seen hordes of them sign up in a short period of time.

Are the accounts verified/activated? Did they follow the link in the email and then press the button to validate themselves? If they didn’t, they should clear themselves out after 7 days. But if they did, you either can ban them without the posting, or wait for them to post and hope Akismet/Needs Approval picks them up and ban then after their initial post.

That choice is purely yours.


(Jeff Atwood) #5

For the ones that fill out their profile info (about me, etc), I would like it if our Akismet plugin could eventually start feeding the About me through its anti-spam checkers.

What percentage of these fill out the user info @BCHK ?

There is a fair argument to be made here for checking global IP blacklists on some new user signups – it’s about the only way to tell if they are just spammers who have not spammed (yet) but are creating accounts to maybe eventually do that?

Another possibility is to auto-delete accounts after (n) days who have not visited nor read anything beyond signup. But a lot of site owners won’t like this because it hurts their “stats”. Never mind if the stats are bullshit…


(cpradio) #6

:laughing: (liking wasn’t enough, this made my day)

I’m going to relay this to our staff too, who have eyes like a hawk for catching these new signups. I’m curious to know how many have filled out profiles too now.


(Bcguy) #7

Some verified, some not.

Ah - yes - I didn’t look at their public profile. They’re creating profile spam. Thats their game. We definitely want to stop this:

https://www.evernote.com/l/AGoMCyGNsspCgKRnV5dGDg7ihnXycmN-IXQB/image.png


(Jeff Atwood) #8

Also, this is 100% human entered. Captcha will do literally nothing to stop these kinds of profile spammers.

Doesn’t really matter, since TL0 profiles are always unlinked and hidden (can’t be accessed from any external browser except for staff). You can easily verify this yourself if you don’t believe me. But it is annoying.


(cpradio) #9

Which is very weird… because unless they post… who will find their public profile? There is the /users listing, but even so, I don’t think that page is indexed and they’d be way down the list. I bet ours are doing the same, all things considered.


(Bcguy) #10

Looks to be in the 30% to 50% range - perhaps they cycle back after a day… not sure.

https://www.evernote.com/l/AGqNYd_snkhNALskL4Vn3fIfqlXsA9kPuMkB/image.png

and

https://www.evernote.com/l/AGojimJq7iZHlKeagssJouDsOpcQQ-2zPhsB/image.png

and

https://www.evernote.com/l/AGqGo_fEnyJAvaTtZ4SbodxW8TDkIb5WnaMB/image.png

… you get the idea.


(Jeff Atwood) #11

Be sure to check

/admin/users/list/suspect

that’s why we have this page. No read time, but filled out profile is always extremely suspicious with very, very few false positives.


(Bcguy) #12

I think any profile that has a URL in it should go into a “suspect” category and be put into a holder/trash directed account until moderator approved…

https://www.evernote.com/l/AGp4atc6VjVA6pY-fLrkmCJ4NMiHRWBC63cB/image.png


(Jeff Atwood) #13

It already is though – that’s what the TL0 restrictions do. And that’s why the /list/suspect page exists.

Everything you just typed, already exists… simply check the lists.

I am more interested in ways to pro-actively delete these accounts when we detect them, as mentioned upstream, with a few proposals.


(Bcguy) #14

OK - thats great. It would be nice if I could easily take action from this screen. Like in Gmail - where I can click at the top of the column to select and then delete them all.

https://www.evernote.com/l/AGq2N2itpnVGnKUBBO4ks_p-C7lD84iRwXEB/image.png


(Jeff Atwood) #15

You can, simply click or tap the avatar.


(Bcguy) #16

Group delete would be much nicer. otherwise its a 15 minute exercise I’ll just skip.


(Jeff Atwood) #17

Even easier than that is a setting to auto-delete any new account after (n) days that doesn’t ever get more than 1 topic viewed. (Or, to be more strict, 0 topics viewed, 0 posts read… that’d be fairly safe looking at the screenshot above)

Then you would need to do literally nothing.

Obviously this probably can’t be on by default because people who live and die by “look how many new users we have!” would lose numbers.


(Bcguy) #18

OK - I give up. After looking for 10 minutes I can’t find this feature. Where is it?


(Bcguy) #19

It would be nice for the admin to be notified of these suspect accounts as they happen. As it was, I only found these out when I saw the large number of new accounts and started digging.


(Jeff Atwood) #20

It doesn’t exist – I’m proposing that we might add it at some point. That along with the Akismet “about me + URL” check seem reasonable to do, eventually.

Lots of sites have the “spam users sign up but never post anything, ever” issue.