I'm continuing to get a rash of spam member signups - I'm having to block and delete 10 or more members a day. Question: when I select the ban option (when editing a member profile) is it banning the IP address or something else? I went into my recipe for banning IP addresses and it doesn't appear to auto-update when I ban a new IP address, which is why I ask. Thanks.
Sorry you are having to deal with so many spammers.
Banning a user has no correlation with the recipe for "rejecting new registrants based on IP Address".
When you ban a specific member, that just means that they are still registered on your site but they lose all permissions on your site and will not be able to access it while they are signed in as that member. It does not take their IP address and ban it in any way.
In general, you want to be very careful when banning specific IP addresses, because many times IP addresses are shared. This article may be useful on that point:
And that is why we never auto-add an IP address to any kind of ban list. If you know you want to permanently prevent someone with a specific IP Address from registering on your site, then the recipe for "rejecting new registrations based on IP address" is the way to go, and you'll just need to update it with each new IP address you want to ban.
In terms of other suggestions for dealing with spam registrations... have you enabled the CAPTCHA test for new registrations (this option is found in your Registration Settings)?
Are you requiring email verification?
Well, I've been banning spammer IPs for four years, as that was previous advice given. But . . . I can't see it's done any collateral damage.
I believe I have the captcha set up? Where do I do that so I can check?
What is email verification (how does it work) and where do I set that up (I may have done that already too; just don't remember)? This spamming activity has been very heavy in the last few months.
Both of those settings (enabling CATCHA and requiring email verification) are enabled in your control panels' Registration Settings (in the BASICS section of the control panel). It looks like this:
Email verification may not solve your problem completely, but it requires them to take one more step (which is click on a verification link in their registration welcome email) in order to gain member status. It would not PREVENT them from joining, but it would prevent them from participating as a full member until they verified. I highly recommend it for all sites, regardless, because that we you know that the email addresses your members are using are real and belong to those users.
Yes, I've always had Captcha and email verification on, since the get-go. Any other suggestions, as the clean-up is painful. What should I be banning then - email address, text in their bio, something else? I cant moderate to this extent every day. Thanks.
Another option to consider is to start moderating all new registrations. That would mean approving every new registration, via the Registration Moderation approval queue. But at least that is one queue to go through and maybe it gives you more peace of mind. The downside of course is that new members have to wait for you to approve them.
Aside from that, is there something about these spammers that they all have in common? Is it is a particular email domain? (If so, you could set a rule to reject registrations from those email domains, for instance.)
Yeah, but then I have to check every new member - more work. They are different email domains, but I'll just start blocking those email domains then, if you think that is better than blocking an IP address.
So, can you tell me how to write a recipe to ban all sign-ups from particular domains. I thought I did this yesterday by using a *.domainname recipe on the email field in the member profile, but I had more people signed up from this domain this morning. I don't want to restrict an exact email address, as they just keep changing names around on the email address (i.e, Kate@xxx.com, Su@xxx.com). It would be most expedient to ban the whole domain. Thanks. Could use help as soon as possible. All I can find otherwise are recipes to restrict exact addresses.
Use the template for "Reject Registration Based on Specific Email Address" and then for the Email Address condition you should be able to the domains, as described there (see screenshot below).
For example, if you want to reject all users with an email address domain of hotmail.ru, you would enter @hotmail.ru (that will reject anyone with an @hotmail.ru email address) . Note that you should separate each email address with a comma.
If you have any issues with this, please let us know!