Disabled "About me" and "Signature" profile elements as the "Spam Be Gone" plugin does not check these
This, I feel, will help us a lot. We have a lot of bots using this vector and really see essentially no legitimate usage of it.
So I decided to start deleting spam accounts. With more than 150, doing so from the Latest Users tab of the Users page was kinda slow. So I decided to use the Search tab and type in some common keywords that spammers like to register with. From there, it proved to be a lot faster to delete the accounts that came up in the search results.
What are the common keywords? Check out the screenshots below.
Aside from generic, cialis is very common too. online or online pharmacy is also pretty common.
Something about Canadians and enhancement drugs.
levitra and buy tend to be common too, at least on my site.
So I decided to start deleting spam accounts. With more than 150, doing so from the Latest Users tab of the Users page was kinda slow. So I decided to use the Search tab and type in some common keywords that spammers like to registers with. From there, it proved to be a lot faster to delete the accounts that came up in the search results.
Jeeze, already? Need to get the ball rolling on the honeypot project then. :squirrel:
I find it hilarious that "Canadian" is a common keyword for spammers.
@trevor I've been doing this every 12 hours on my forum, but they register faster than I can delete.
Since I started yesterday, I've deleted more than 200 spam accounts.
Less than 20% of the verification emails the system is sending are being delivered. That says a lot.
This screenshot is just from today; and I still have a few hours to go.
Thanks @planner -- would like to accelerate overhauling of the user registration system, so you won't have to deal with this any longer. NodeBB originally went with the "anybody can register and post without verifying" model because it's a very low barrier to entry (second to having no registration at all, 4chan style).
We can probably move away from that model now I think
I'm using Mandrill as a 3rd-party email provider and another means that I'm using to purge the system of spam accounts is to look at confirmation emails that were not delivered. Obviously, if an email is not delivered, it's very likely that it's a spam registration, even if the username does not contain any of the keywords listed in the OP.
What would help plenty is to have a filter in place that will look for admin-configurable keywords/phrases in user registration names. Any that match an entry in the list of keywords/phrases will be refused registration. If such a system is in place on my site now, bot registration will be down by more than 90%.
My list of keywords/phrases?
For some reason spam registrations have dropped drastically. I noticed it 3 days before I upgraded to 0.4.1. Now all those cialis, viagra, and levitra usernames no longer populate my list of users.