Limiting GeoIP to a local region?
 

I have a forum dedicated to the homeowners of the condo complex I live in. The forum is PHPbb. Every day I get about 80 fake registration attempts. I set it to require manual approval but now all the requests are being sent to an email address that's blowing my ass up now.

I just now configured reCAPTCHA... Should that be effective enough to avoid resorting to GeoIP filtering?

Your question doesn't really match the title.

If it's all through a local network, you can obviously easily lock it down there. However, with G3/G4 access, etc, or an external server, you are going to want to use mod_geoip and a recent database, or similar. It may make sense to lock down to the state level in this case.

reCAPTCHA will help with automated attacks, it may also make sense to use robots.txt to hide it from scrapers.

Easy to fix. Setup a registration question to answer, and have it be "what is the name of our association?"

That cut down the bot registration on my forum to zero.

Yes, I realized that after I posted it. I wrote the post before I configured reCaptcha and then it kinda made my question regarding geo IP filtering less relevant.

I'll try that first. Thanks.

bot can solve recaptcha.,

try what "CYF" said.,

make questions and answers unique.

80 fake registration attempts a day? Where are these attempts coming from? 80 seems like a lot for a local complex forum?

:2 cents:

HOA's are all about the drama.

Most of those fake registrations are probably coming from known spam IPs. Try something like this, your forum software may already support it... http://www.stopforumspam.com/

I made a simple mod to the vbulletin PHP code for mine, disallowing a registration if the form was submitted within less than 5 seconds of it being loaded. Only bots can fill out a form that fast. That small change alone blocks about 20-30 attempts per day.

I have a local concern that is limited to two counties in Norcal

Geo-IP and manual approvals work, but I like this question idea / image turing as well

This works pretty good at blocking the registration, Not sure if the plugin is up to date for your version of the board you use or not. Works pretty good on my SMF forum

http://www.stopforumspam.com/contributions

EDIT: I see someone beat me to it :)

It seems the reCaptcha is stopping it effectively. The silence of my phone not buzzing with the approval request is quite relaxing. :)

You'd think, but this one is occupied almost entirely by old ladies. The only drama that I've been involves a half-way house full of mentally challenged people... our unit overlooks their driveway. This "paratransit" bus driver that comes and picks them up every morning is a lazy asshole and honks his horn 3-5 times at 8am, and 11am every day Monday through Friday. The idiots that the half-way house employ also take part in the horn honking every time they have new groceries and want someone to come help bring them in.

I wrote a letter to their executive director and after a short argument about the obnoxious nature of the situation, the honking finally ended.

Now I'm trying to figure out how to contact the HOA of an entirely different building that is visible from the back of our unit where some small child wakes up at around 8am and screams in an extremely high-pitched manner that doesn't stop until 7pm. The inconsiderate parents leave their windows open for everyone to share in the fun. The phone at their HOA goes unanswered... and I'm considering walking over there and knocking on the door for a face to face chat...

Alright... about 26 hours after I implemented reCaptcha, one fake registration has slipped through. I wonder if they figured out a way around it?

xrumer will solve them while registering. it will crack every captcha there is. also there are services to crack them

Oh shat. That's interesting. If that's what they're using, it doesn't seem like it's working too fantastic...

Usually people using tools like that are going after the low hanging fruit because its about quantity, not quality. You can set it to retry X times etc and then move on.

Also, you should set registrations to have to be approved by mods and whatever other spam features there are... then you won't have to worry about spam posts... just registrations.

Just because you slowed one guy down, doesn't mean others aren't going to follow :)

As was mentioned before, you should also search "vbulletin footprints" or whatever software you are using, edit the templates and remove as much as possible. Use robots.txt to block useless pages like registration pages or other pages and do what you can to hide it from search engines. If you do not want it in search engines at all, just use robots.txt to block google/yahoo/bing - thats how they are typically finding forums to begin with. I think you can use google webmaster tools and have it or some pages removed from search results. Basically, software is just searching for things like :

' "powered by vbulletin" condos '

to find lists of vbulletin forums for those keywords. So you can search "vbulletin footprints" and try to eliminate what you can from templates and block other pages from showing up. But if you don't need it in search results, it would be best to block it from being crawled.

if you can modify the php, simple things like "what animal is the middle pic" would stop them. Captchas aren't really effective because eventually you'll just run into people using services like deathbycaptcha etc and they won't be slowed down by them.