D7 Proven Spam Prevention Techniques

I knew this would be an issue that would only snowball from the day I created my site, but I didn't think it would come so soon. My site is barely approaching 1,000 active members and I'm already fighting off an average of 2 spam accounts a day. I know that's probably pretty light compared to other active sites, but at either rate I'm not going to put up with it.

Just curious what some of you guys running larger sites have in place for spam prevention? I have the benefit of my site's members being US/Canada only, so on my VPS I think I can blacklist most of the rest of the world from even hitting it. The other option I was thinking about pursuing was denying ip segments via .htaccess under the root folder, but the more I collect my thoughts around it I don't even want the traffic to hit the web server (therefor I'm back to blocking it at the firewall level).

I know 7.0.4 has promise for better spam control, which I will gladly take advantage of when it comes out - but I'd also like an additional layer of security if I can get it.

The problem is these days it isn't a "spam bot" that I can tell .. they are actual people. So email verification is no longer a way to weed them out and neither is Captcha images. I too receive one or two a week. They are still pasting sdgsdhsdfsdfhsdfhsdf into some portions of the profile which makes them easy to spot and remove but there needs to be additional controls ... like maybe even a spellcheck that verifies description etc before allowing them to hit submit .. so at the very least it is intelligible spam :)

I'll be following this thread as well ... The reason I'm considering Dolphin is my community software is 10 years old and gets slammed way to hard to manage, even with volunteer sub-admins helping take the load off of me.

Your best bet would probably be .htaccess ip blocking.  Try going to the site blockacountry.com and get the country's IP.  As your site grows, you'll find that the more things you add to your htaccess file, the slower your site will get.

The next option would be to install ConfigServer Firewall to manage your iptables.  There is a learning curve for using it, but it's pretty effective and has pretty decent literature out there supporting it.

Until then, the quick fix is to block China, Senegal, a couple of other areas of Africa, and some parts of Russia.  These are the areas that will give you headaches beyond measure.  Fix it now before one of them goes after you FTP credentials, puts an eggdrop rootkit and screws your site and puts you on the outs with Google.

By the way, if you're not using SuPHP, consider switching.  Also, never save your FTP passwords to your FTP client.  Although this may be convenient for quick access, basic FTP transmits via text file which can be intercepted and read quite easily.

Also, try switching to a more secure FTP client and switch to something linke WinSCP where you could use Secure FTP connects.

I know this is probably more information than you asked for, but these will help you to address some problems that you  WILL face in due time.  Good Luck.

Oh, and don't forget to block proxy servers.  Many spammers will simply try to go around your firewall by using proxy to register.  The combination of the IP blocks and the proxy block should help you cut down around 50% - 75% of the spam.

As I'm typing this email, I'm thinking about writing a quick little script that rejects registrations from certain IP blocks.  When I'm in a better mood and have more time, I'll probably write it and post it as a free mod.

Based on what I have seen, I agree it is not necessarily a bot. One account I deleted had the nerve to re-register with the same information right away, so it makes you wonder what their thought process is.

I don't want to inflate my Dolphin database with individually blacklisted/banned users, and I don't like that the memberid increments don't retract when you delete the user - causing gaps in the count (which is in the design and probably no big deal, I just don't like to see it). All the more reason to start with an IP blacklist at the firewall, blocking all common countries of spam origin, if your user base is also from this country then you might have issues here.

Good call on the extra field validations on join. I was actually trying to implement this last night posing a simple question that could be answered in one word. This question should be specific to your site's purpose so it's not as easy for someone that isn't familiar with it (SPAMMER!) to answer a simple yes/no or mathematical equation. Has anyone set something like this up that is effective?

@Chap - missed your posts with my last reply as we were writing at the same time it appears.

Great recommendations, I'm going to dig into my iptables tonight as I'd like to avoid increasing the size of the .htaccess file if I can do better at the firewall.

If you were to produce the mod you speak of, I'm sure there are plenty that would gladly compensate you financially for it (including me)!

As others have mentioned, blocking IPs using the .htaccess file or iptabes has a performance cost that effects EVERY request to the server.

So I have been playing with the idea of only checking for 'bad'  IP addresses when joining and logging in.

This should minimize the performance issue while still blocking spam.