Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+7 votes
4.7k views
in Q2A Core by

Ok, so I'm writing a new question regarding spam "registrations" in the hope of getting feedback on whether or not Gideon or anyone else developing q2a will be finding a solution to the "INSANE" amount of spam new user registrations. I have been running two q2a installs and have been comparing them to vanilla and some others and I believe q2a is superior to the other solutions out there and I like the community on here, especially Towhid and his helping me last year. HOWEVER, the spam registrations is totally out of control now. I realize there is a "social plugin" which can bypass default registration and perhaps solve the problem. My problem is, we don't want to do social sign up. I'm at a fork in the road now and must decide within the next couple of weeks whether or not to abandon q2a over this issue. 

So my question is, will spam registrations be addressed anytime in the near future in core q2a? If not, its worth it to me to use an inferior solution just to keep from having to deal with the huge volume of spam registrations. I have tried recaptcha and several other plugins to no avail.

Q2A is totally rad! I believe that. I also believe Gideon is a studly manchild for building this awesome software! But we gotta get a handle on these spam registrations now. Oh yeah, how is the question2answer.org install avoiding spam registrations? Custom development? Bring it on I'll pay you to hack something that solves this problem.

Let's hear your feedback and solutions... If the social sign in is the only solution, let's see some screenshots or some demos of how it looks and feels.... :))

by
After reading your question I just can't help asking: how do "vanilla and some others" handle spam user registrations and users generating spam posts?
by
I wish I knew... lol All I know is I installed vanilla forums on my servers before q2a and I just don't get no spam... I think I have a plugin installed for it but cannot verify that is what prevents spam.. Unfortunately, I'm not a coder so I am not capable of understanding what Vanilla did or what q2a doesn't do... Good question I'd like to know myself.. :))
by
I took a look at that Vanilla tool. It's not exactly a Q&A tool but it is rather closer to a forum with social addons. I noticed there is no much difference between how that tool handles spam and how Q2A does. Actually, both have recaptcha, limits and even some plugins around to handle spam. Q2A actually has better handling of limits but it seems Vanilla has more spam plugins around.

I'm inclined to believe that it is not a matter of how "secure" Q2A is compared to Vanilla but rather which of them is more targeted by spammers
by
Just thought I'd chime in here and say that the spam has really been annoying me too! As the current developer of Q2A it's definitely something I will be looking into.

By the way there are a few plugins listed here: http://www.question2answer.org/addons.php
The Akismet one sounds good.
by
Hi Scott- it looks like the standard captcha feature and block ip feature in q2a is handling the bots. Now it's just the human spam registrations that are coming at about 3 to 5 per day on mine. Seems like if you are diligent about deleting spam quickly and not letting it build up, things are not too bad. But if you don't monitor your site for a few months, you could return to find thousands of spam registrations.. Q2A is still the best though.. :))

4 Answers

+2 votes
by
+1 man, I would like the same! I think we ALL NEED A PLUGIN OR A CORE HACK

=> http://www.question2answer.org/qa/37229/spam-how-to-not-create-user-page-until-1-question-is-approved
by
Ahhh.. I did not understand what you meant at first but now I see... Yes, approved question required before user page creation. I like it!! I wonder if they'd just hammer us with questions tho? Hmmmm....
0 votes
by

You might want to try the stop spam plugin (not free): http://www.q2apro.com/plugins/stop-spam

It should block bots. And when attacked by human spammers, you can disallow parts of domains or specific words.

The "free way" would be to block spammers by IP with wildcard: admin/spam under "Blocked IP addresses", for instance 91.201.*

by
Hi Kai,
I checked the video of your plugin, two questions:
1- your plugin only offers one question to be set at a time, right?
2- I did not understand where you implemented the honeypot tech?
by
I was using VSBP plugin here: http://www.question2answer.org/qa/33481/new-plugin-very-simple-bot-protection-vsbp which was sending bot spam registrations. I just switched back to recaptcha and now it appears that I'm getting human spammers and not bots anymore. Human spammers are hitting me now at a rate of 5-10 per day.. Better than bot spam @ 25-30 per day..
by
I think I got the bots stopped. Human spammers just keep coming with entirely new IP's though.. I even tried to block all the ip's I could find in europe but they still keep coming.. I am not sure how disallowing parts of domains would help me.. they're mostly yahoo.com or gmail.com emails. Blocking would block my users..

Also, I'd like to know if the paid plugin here: http://www.q2apro.com/plugins/stop-spam has been successful for anyone.. So far I don't see anyone saying this plugin will do the job. Any thoughts?
by
Block IP's has no effect because they keep coming from new IP's. My block ip list is well over 10,000 characters. including block ranges like 91.201.* Is there a way to block entire countries? Or include only specific countries via IP? Spam is all eastern Europe..
by
@merica
Two work arounds:
1-If your website is only used in your country simply block other countries IP in your httaccess.
2- If your website language is not English create some recaptcha only in your language so that the human spammers don't understand to answer.
3- use open login plugin to let your users in if they use Linkedin/facebook login

4- write a plogin to let only invited users login
by
I like option 1! Do you know how to block other countries IP in .htaccess? Please tell me how specifically.
by
Simply google how to block countries by IP htaccess
here is one:
http://www.ip2location.com/blockvisitorsbycountry.aspx
by
Wow I did not see this.. If this works, you are the man. I'll let you know how it goes in a few days.. Thanks for your help!! :))
by
hopefully it will ;)
by
@merica: So far all customers were happy about the stop spam plugin.

Actually it is an interesting idea to block users by countries. I can implement this in the stop spam plugin if somebody needs this feature. Let me know.

@waterfr villa: Yes, one question can be set up with two answer options. The honeypot tech is in the captcha form. http://en.wikipedia.org/wiki/Honeypot_%28computing%29
by
@q2apro.com: thanks for that... yes, the ip block is a little concerning because I was wondering if IP's overlap between countries do you run the risk of blocking otherwise "wanted" users. I really just need to allow U.S. users because its' a country specific site... I think I'll be looking at your plugin before I do an ip block... Probably buy your plugin next week. :)) Thanks so much for your help all!
by
Ok, so it looks like I have stopped the bots but am getting 3 to 5 human spam registrations per day now. My plan now is to block ip ranges in EU via .htaccess. That is my final solution to this matter. @q2apro: if you do end up adding the ability to block ip ranges by region, country or other let us know. I think it would be a great feature since people like me don't really want to take the time to figure out how to block ip ranges. In fact, I think it would be best to add the ability to block all and include specific countries or regions. In my case, I am only interested in U.S. traffic so I would allow U.S. and block all others.
by
I would simply API call a IP-to-location service, receive the country and block the user if this country has been blacklisted in the admin options.
+1 vote
by
You could try this new plugin created by me . This might help you to prevent spam .

This asks some random , logical questions to the user . More information is on this thread .

http://www.question2answer.org/qa/37749/

 

Hope It helps .

Thanks
by
Awesome! I think right now I've limited my issue to human spammers only so I think I'll be having to find an IP block solution. Blocking ip ranges that spam me doesn't work though because its a new ip everytime that's outside previous spammers' ip range. If I have bot troubles again I'll try yours out though.. :))
0 votes
by

I'm using AntiBot Captcha plugin with the latest q2a version.

it is working very well and has almost stopped spam registrations using bots. (I had 1000 to 2000 bots registrations each day!)

Just install it go to plugin settings increase the "Symbol count" to more than 6 and add some letters to "Character Set". (Characters are case sensitive)

Here is the link: https://github.com/pupi1985/q2a-kk-abc

...