nrc
07-29-19, 12:50 AM
I've been battling a wave of SPAM forum registrations lately and I'm all up in the Control Panel like...
https://www.youtube.com/watch?v=3xYXUeSmb-Y
I almost posted this in the AAPL vs. GOOG vs. MSFT thread since it goes into another Google rant. You've been warned.
Normally SPAM registrations aren't a big deal because I check what few registrations we get before activating them. It's just a pain when they become a flood.
I had switched away from reCaptcha for human verification a few years back because spammers pretty much had it beat. Stupid little questions were more effective. My stupid little questions were useless against this latest onslaught so I assume the answers got recorded in a database somewhere.
So my first thought was to try reCaptcha again. Of course Google runs reCaptcha so there was that to consider. But they created version 2 and their stupid little "find the stoplight" "find the crosswalk" puzzles are everywhere on the web for human verification so it must be effective, right?
Nope. Their own dashboard shows they were successful in identifying spammers less than 50% of the time. I know this because every one of the registrations in that time was spam. Then it occurred to me. Of course they're not successful in stopping spammers. Half the spam registrations we get are from Gmail addresses!
But wait! Google now has reCaptcha v3. Evidently this now grades a user on how likely they are to be a spammer by their activity on your site. And to gather that information they want you to bury these reCaptcha 3 widgets all over your site so they can measure. Google already has more instrumentation buried throughout the web than anyone else through their ad networks. Now they're extending more tentacles through their Human verification network. Do think it will cut down on the number of spam registrations from Gmail? Wouldn't we have seen that already if they're using it there?
So I took a different tack. I've added a plugin to the forum that now requires that the user verify their email before they're permitted to register. This should cut down on the number of bogus registrations that are created and never verified (75%). Hopefully the fact that they have to enter a code from the email to proceed with registration will limit it further. After that there's just one very simple, site specific question. We'll see how that goes.
As I read the plugin information, it sounds like this may also impact email changes by existing users. So if you need to change your email, you'll probably go through a similar email validation process. As always if you encounter any problems please post, PM, or use the "Contact Us" link at the bottom.
https://www.youtube.com/watch?v=3xYXUeSmb-Y
I almost posted this in the AAPL vs. GOOG vs. MSFT thread since it goes into another Google rant. You've been warned.
Normally SPAM registrations aren't a big deal because I check what few registrations we get before activating them. It's just a pain when they become a flood.
I had switched away from reCaptcha for human verification a few years back because spammers pretty much had it beat. Stupid little questions were more effective. My stupid little questions were useless against this latest onslaught so I assume the answers got recorded in a database somewhere.
So my first thought was to try reCaptcha again. Of course Google runs reCaptcha so there was that to consider. But they created version 2 and their stupid little "find the stoplight" "find the crosswalk" puzzles are everywhere on the web for human verification so it must be effective, right?
Nope. Their own dashboard shows they were successful in identifying spammers less than 50% of the time. I know this because every one of the registrations in that time was spam. Then it occurred to me. Of course they're not successful in stopping spammers. Half the spam registrations we get are from Gmail addresses!
But wait! Google now has reCaptcha v3. Evidently this now grades a user on how likely they are to be a spammer by their activity on your site. And to gather that information they want you to bury these reCaptcha 3 widgets all over your site so they can measure. Google already has more instrumentation buried throughout the web than anyone else through their ad networks. Now they're extending more tentacles through their Human verification network. Do think it will cut down on the number of spam registrations from Gmail? Wouldn't we have seen that already if they're using it there?
So I took a different tack. I've added a plugin to the forum that now requires that the user verify their email before they're permitted to register. This should cut down on the number of bogus registrations that are created and never verified (75%). Hopefully the fact that they have to enter a code from the email to proceed with registration will limit it further. After that there's just one very simple, site specific question. We'll see how that goes.
As I read the plugin information, it sounds like this may also impact email changes by existing users. So if you need to change your email, you'll probably go through a similar email validation process. As always if you encounter any problems please post, PM, or use the "Contact Us" link at the bottom.