This has been a headache to battle, here’s a bit of background information.
I run a community that has a tremendous amount of hype built around it. We have well over a million people tracking our project, and we’ve set up a Discourse Forum to aid the developers within our community. Essentially it’s a developer support forum for interacting with our project, we do not allow content to be posted outside of development related content.
About three days ago, a prominent Youtube/Twitter persona made the false claim that by registering for our support forum and making posts on it, it makes you eligible to receive rewards/goodies from our team. This is entirely false, and has resulted in 3 days of near-constant sign ups, and a great deal of spam posts and topics to be posted on the forum.
We’re talking anywhere between 2,500 and 7,500 sign ups a day right now, primarily from Asian and Middle Eastern countries (2 specific countries stand out as the major offenders).
The users signing up seem to be a mix of bots and real users. Almost all IP’s are unique (healthy mix of IPv4 and IPv6), and there don’t seem to be any prominent subnets to ban on the IPv4 side to take out chunks of them (IPv6 I’ve had a bit of luck banning /24 blocks, but it seems easily bypassable). Email addresses are all gmails, and a large amount of them appear to be throwaway/bot email addresses. The only indication that these are bot accounts is many of them will re-use the same banner image on their profile, as well as some generic “I am a student” biography text.
I’ve anonymized this list by changing characters/numbers, but to give you examples of the types of emails attached to these sign ups:
These users are signing up and then making new topics irrelevant to our community. Often these topics aren’t even words, it’s as if a toddler smashed the keyboard. The topics aren’t too hard to detect and delete, but what’s been worse is them spamming pre-existing topics with spam / low quality content. Many of our more popular topics have had anywhere between 500 and 1,500 new spam/low quality posts added to them.
As of right now I’ve completely disabled registrations, but I’m looking for help on the following:
- Is there any way to mass purge members. Can I delete all TL0 users who have registered over the past 72 hours?
- Is there a way to detect spam/throwaway emails and deny registration from them? At this point I’d be willing to block all emails that end in 3-5 numbers for the time being.
- Would you suggest setting auto-silence to a value greater than 3000 milliseconds?
- Can you give me any other tips or tricks to help combat massive volumes of spam? I feel like this has been a full time job over the last 2-3 days. I use Akismet but are there any additional plugins that may help me?