Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+2 votes
2.1k views
in Q2A Core by
edited by
I see 5-6 new users per day registering.  I am not sure but they seem spam users.  recapcha is on for eerything, including user registration.  Most of them are email verified.

I do not see any posts from them though.  Additionally, my site does not require registration to make posts.

So what is the point of the spam users?  Are they a threat to my system?  Am I missing something
Q2A version: 1.6.3
by
Out of the 20-25 users that registered in the system, only one attempted to post a couple of messages, completely unrelated to my site.  I spotted it online and I blocked the user.

But the remaining stay there inactive.

2 Answers

+1 vote
by
selected by
 
Best answer
So what is the point of the spam users?  Are they a threat to my system?  Am I missing something?
 
They are a threat. What you're missing is the time factor. Spammers act in a 2-phase process: first they register accounts and then they send the spam.
 
There are a few reasons why this is a good alternative for them. Firstly, if they registered accounts and start spamming right away, you will immediately block all of them: you will see the new accounts, take a quick look at their activity and remove them. It is better for them to stay dormat for a while and activate them later one by one when needed. So they would be quite unnoticed to site owners. Or maybe they just don't have any customer paying for publicity right now so they are just planting the seeds so that when a customer arrives they are ready to be harvested.
 
Having said that, I can see 2 alternatives here. Take a look at this post http://www.question2answer.org/qa/39657 . You can go for the alternative I propose (which, again, I'm still missing feedback) or you can go for the selected answer. Each one has pros and cons. For instance, the selected answer will block all users from the TOR network, whether they are spammers or not (I guess most of them are, anyway). In that approach you could be spammed from a non-tor IP address very easily (eg: from my IP address, which is dynamic and it is not listed in stopforumspam.org). It also has the downside that you will be hacking the core and you'll have to take note of the change whenever upgrading the core.
 
The captcha approach I suggest has the disadvantage that it could be cracked with an OCR and by fully automatized, but it is considerably unlikely. This approach wouldn't also block human spam users from the tor network, but I guess human spam is the least popular because of the price.
 
Anyway, you don't really need to choose between one or the other because you can use both of them (if you are paranoid enough)... although I'd really like some feedback on the captcha working alone... many people promised to test it... no one did :)
by
How about you?  Have you tried it?
by
ok, I installed and I will test the capcha-antibot you proposed.  I do not see why it would be better than the logical-capcha.  Do you think that the logical capcha can be broken by bots?

With the logical capcha I had up to 4 spam users register per hour.   Let's see what happens now.
by
ok, here is the feedback:  Even with this capcha, I still get 3-5 spam user registrations per hour.  Same as the logical capcha.  Now either they are both broken, or these are humans.

I will put back the stopforumspam.com API.
by
Interesting. I hardly believe someone has managed to create a bot that would bypass that captcha. I'd say they are humans but you never know... The only advice I can give you is to enable every possible measure... you've already tried it everything :/
+1 vote
by

It could be a human spammer...

I would check the ip associated to the users (click on their username, and note down the ip value in the "Last login" field).

If it's the same ip for all users, I would block that IP (click on the IP ---> block IP address).

If their IP is different, if it's a human spammer, he could be using dynamic IPs; or they are simply different lazy users that have just registered for curiosity smiley

by
I just checked (most of) the IPs.  They are all different.

I checked their emails.  Most (but not all of them) are confirmed.  I run them through mailtester.com and almost none of them confirm.
by
IPs from different countries too ?
by
I just checked 11 IPs.

3 are from the same town in Romania.
1 from Sweden
7 from USA.  2 of them are from Dallas. and have the same ISP.
by
Ok, the 3 from Romania and the 2 from Dallas are suspect.... For the others it's difficult to say that they are spammers....
Maybe an online blacklist check could provide more infos....
by
But still I am puzzled.  The ones that are spammers.  Why did they just register and did not post?  Couple of days ago I allowed unmoderated posts, without any  registration.  They did not take advantage of it.  

I've read many cases where spammers just register and do not post.  Why they do it?
by
Didn't they even post a link to an external website ? (see their profile)
by
Only one of them did about a week ago.  And I already have about 85 span users.
...