by CyberFreak » 29 Apr 2022, 00:34
The key is multiple layers of protection and making the signup unique. No method is 100% effective as human spammers can behave just like normal humans but bots are for the most part pretty easy to block on a self hosted forum.
Depending on the forum software, you can do the following things which all have varying success in blocking bots
- Use a Q&A CAPTCHA and write questions that are unique to your site (not what colour is the sea or 2+2) but something related to the topic of your forum that legit users know but spammers won’t really. It can also be questions related to how your sites looks (what colour is the text in our sites logo for example)
- Add custom profile fields to the signup that need to be filled and restrict the inputs in length and characters to fit what you are asking. If it is a car site and you ask how many cars the user has, restrict the input to just numbers and a max of 2 or 3 characters. Bots will probably try to leave it blank or input something different in there like a web address
- Block disposable email address - some softwares have a extension for it but there is services online with apis which can be used to check if the registration comes from a proper provider or not
- Use a service like StopForumSpam which has a database of bad IPs and emails. Just don’t check usernames against the service. If that email is used to spam another site and they are reported, they can’t spam you and that email address is now tainted
- Work on blocking VPNs/open proxies/data centres from connecting to your site
- Increase moderation means that any that does come through can be dealt with quickly