I get spammers the same every hour

Regardless of watchdog or anti-spammer

The emails are the same with many different users names

After recently transferring a custom coded site to Oxwal, had no spammers before and now have them every hour

I have no choice but to leave manually approve profile on which simply upsets many people 

The spam problem is way out of controlled and should have been addressed my now

It is directly related to Oxwal

My site is for public (no manual approve)... (just like other social networking method ).... but I got a lot of spammers before, everyday may be more than 10 spammers sign up and post to blogs (they posted drug/sex article/duplicate sexs article with different username) and video (they posted porn video/duplicate video with different username)...After activating the latest updated antispammers.... it seems my site is now free of spammer without having to hide the join page section or use manual approve...

I got the same email before the antispammer installed...but now they are cannot register using the same IP again...

If i deactive wathdog/antispammer after about 2 hours later then the spammer will come again...(their email : listed as not verified yet but they can post/i dont know how this robot can post?). If u send a message to them through their profile page...there is no reply from them...because they are spam robot)

Your site already has spammers
and you install the antispammer->you run the tool: allowing all register users...
What do you think? some registered user are  spammer?
....SPAMMER STILL COME....
Make sureto check all ..berfore allowing all register users

What/Who is the spammer? Read here: http://www.oxwall.org/forum/topic/9010?page=1#post-45267

we have no antispam plug ins installed due to admin (me) mods and members being locked out and no they are not spammers and no i and the mods have not registered on other sites, the lock out is caused by the fact that if you use cell phones to access the site and the ips are dynamic

we only got locked out if we use cell phones, my phone provider is very slow wap wise and i got locked out even though i can only view the site and rarely can log in
i ran the ips through stop fourmspam database some were there some were not, mine was not and i still got spammed out of the site

the anti spam plug ins work for some but not others i don't want to get into a argument just because we dont use it, it is upto to the individual how they protect thier site from spammers

we dont get any more spammers without the plug in than we did when we used it

Quote from bobbi the anti spam plug ins work for some but not others

Thats true....

For other users who still want to use this plugin...?
it's just that you may need to learn what the function of which is owned by the antispammer...same condition as when the first time you use the oxwall software (such as the user role function? newsfeed system? email notification system? cronjob system?) ... if you do not know what its function or how to use them then you will say  it is a bug....

You should note which one should you turn on/of or allowed/unallowed if you are wrong then maybe you will be locked

Couple of ideas.

1.John, try adding a custom required profile question of "text" type.

2. What about removing all "join" realted links/buttons from your site and just having "Facebook Connect" button there? (or google sign in button, or twitter, depending on which plugin you have)?

>>How can I modify the code so that when a user or bot clicks on join it goes to my own sign up url.

This will still require some kind of anti-spam plugin which could identify whether the site visitor is real user or bot/spammer. And just like with current Anti-spammer or WatchDog, you will have to rely on a "third party" database of IPs, which will never give you 100% security.

We are already developing a new solution to protect powered by Oxwall sites from spammers and bots.

I have found the answer:

In the .htaccess file add this line

RewriteCond %{REQUEST_URI} !/join/

Then actually create the directory /join

Then write any content you like into index.php

This could be you own anti-spammer system.

A good system would be to have some questions which only people interested in your topic would know and if the questions are answered correctly the can go ahead and register in a custom url.

However I don't know how to make the join system appear on a custom url eg
join65765765/

This bit of obfustication would deter all spam bots.

>>However I don't know how to make the join system appear on a custom url eg
join65765765/

ow_system_plugins/base/init.php  - for system pages URLs are set here ( including "Join" page).

          $router->addRoute(new OW_Route('base_join', 'join', 'BASE_CTRL_Join', 'index'));

You will need to google how router works first.
I am not a developer myself and can not give exact instructions on what exactly needs to be changed to what.

Thank you Aliia.

It works very well:

This works perfectly
$router->addRoute(new OW_Route('base_join', 'join42342432', 'BASE_CTRL_Join', 'index'));

This could be futher obfusticated using ideas like
if (the day is Monday) {
$router->addRoute(new OW_Route('base_join', 'join42342432', 'BASE_CTRL_Join', 'index'));}
if (the day is Tuesday) {
$router->addRoute(new OW_Route('base_join', 'join346645645', 'BASE_CTRL_Join', 'index'));}

All I have to do know is design a question and answer system.
The user will only be sent through to join42342432 if the questions are answered correctly.

There are lots of really simple systems to use.

Look at this one
http://identipic.com/

Here are a lot of free capture scripts
http://www.hotscripts.com/...ems/captcha-scripts/

Just by using my own page for /join I have now cut spam users to zero.
There were about 40 before.

In the next few days I will implement a system to let real users sign up using a method similar to the above.

If lots of people design custom antispam systems then it will be impossible for people to design spam bots which sign up users.

Here is another idea. It is probably too simple but would work for a while.

<p>What is 2+2?</p><inputtype="text"name="answer"id="answer"/>
<?php
if(isset($_POST['submit'])){
if(isset($_POST['answer'])&&$_POST['answer']==4){
#Right answer was given continue with submitting form
}else{
#The wrong answer was given give an error message.
}
}
?>

Thanks for sharing John.

Topic was moved from General Questions.

Thanks for the great ideas.  One question - as we're new to Oxwall - into which index.php file do you put your comments?  Assume these would be information to deter  inappropriate "joins".  Right now our Join system isn't working at all.  This happened after we set-up the facebook module.  Any ideas.  The site is mycolemaneducation.com

Colin

I have simply disabled automatic sign up and replaced it with my own page here.

http://www.granadawiki.com/join/
There is nothing special the content can be just html.

I would like to be able to use an obfusticaed sign up url for sign-up but I can't work out how to actually do it.

It is possible to use an obfusticated url for the join page but the problem is that this url also appears on the join link. Someone needs to work out how to have a secret join link.

This is how to change the default join url.

$router->addRoute(new OW_Route('base_join', 'join42342432', 'BASE_CTRL_Join', 'index'));

It is kept in
ow_system_plugins/base/init.php

For the moment I don't have to worry about robot sign ups because sign up is deactivated  they can phone me but for most people this would not work. 

Until oxwall solve the complete vunerability of the system to spam sign ups the product is almost unusable. Who wants to deal with 60 sign ups per day from people who want to put ads for viagra on the site?  It took me 5 minutes per day just to delete them. I probably deleted a lot of real sign ups. If I left it for a few days I could have over 300 users to delete. Many of them were email verified. How did they do that?

If someone could work out how to have a  secret join link based on a user invented spam filter then the problem can be solved.

If oxwall invent a solution based on ip addresses or spammer databases the spammers  will work a away around this. (the oxwall captcha does not stop bots) The best way is to let users invent their own bespoke filter so that spammers will have to crack a new security system for all instalations of oxwall. One way of doing this is to have a secret sign up url.

You can disable sign up by using this oxwall feature: admin/permissions