How to identify a potential spam account
Description: This is a general guide on how to identify spam accounts if you are getting registrations but unsure if they are real or not. The spammers often have some common traits.
In Categories: Miscellanea
- Link to this article: Select All
[url=https://www.phpbb.com/support/docs/en/3.2/kb/article/how-to-identify-a-potential-spam-account/]Knowledge Base - How to identify a potential spam account[/url]
Spam accounts largely fall in to two main groups. Posters and non-posters.
Posting spam accounts will generally visit the site within 5 minutes of registration and post their obvious spam message advertising whatever it is in the hope that it doesn’t get seen for some time, gets indexed before deletion and acts as a backlink for their scam.
There are some more sophisticated approaches that use ‘sleeper’ accounts that sign up but stay quiet for days, weeks or months and then come back and post their spam. There are also accounts that will post seemingly innocent messages, often ‘thanks’, ‘this looks great’, ‘I love this’ kind of replies that are very generic and sometimes don’t really fit the topic under discussion. These will then be returned to at a later date and edited to include spam links or messages. Finally the most difficult ones to spot will copy a post from elsewhere on the forum or a similar site so they look very on-topic. Again, look for things that seem like they don’t quite fit with the topic in hand.
Non-posting spam accounts will try and utilise the account profile page or memberlist. They sign in within 5 minutes of registration, go straight for the user control panel and fill out almost all of the available profile fields. They will almost certainly fill in the website address field and usually add an age, twitter, facebook, AOL (usually India), and the occupation or interest field generally has a lot of text about their product or are very general areas like blogging, IT, medical practices, CEO and accounting. See a typical example of this below.
Although they are non-posting, the aim is to get their address indexed from the memberlist or profile pages. This can be prevented by setting the bot and guest group permissions so they cannot access those pages. Permissions > Group permissions > bots/guests > advanced permissions > profile tab > Can view profiles, memberlist and online list > set to NEVER.
You can also identify spam accounts by their username. They frequently use similar formats in the name. Random letters, two Anglo names often without a space (e.g. jeffbrian), a name followed by several digits (e.g. michael6931) or just flat out advertising of their spam (e.g. bestessaywriting).
Additionally the registering IP address which is logged in the account profile page can give a big clue as to the authenticity of the account. Sadly certainly country IPs have an overwhelming tendency to be the source of spam. India, Russia, China, Ukraine, Pakistan, Bangladesh, Philippines, Thailand and Vietnam are frequently the registering IP. If your site is not based in those countries, it’s likely to be a spammer.
They can be stopped though by using some very simple methods. The Newly Registered Users group set on 1 post will show up posting spammers at their first attempt. However, it is better to stop them registering in the first place. Bots can easily be stopped with multiple methods such as the built in Q&A (with a question you cannot search the answer to), or most of the typical recaptcha and blacklist addons. It’s largely personal preference and different people report different levels of effectiveness.
It is also worth noting that it is not unusual to have accounts that register but never sign in (they probably didn’t get the activation email or changed their mind) or sign in but never post (these are lurkers who like to read but not join in or joined to find one piece of information and now they've got it they don't need to return).
227916 - spam_example_2.jpg