yeah I can rerun the tests and take more data but so far yes its only plugins that come with a fresh install and so far I have tested it on domains like zubanga.com shadowradio.net and I made some randomized sub domains and the watchdog plugin does not seem to stop this from happening

we bought a domain for a client recently twitidkenzo.com not a common name within one day of setting it up under oxwall it had spam bots all on it and I wasn't blaming so much as raising a question that needs to be asked and an issue that needs to be addressed

oh I understand I was js um I can have a look into buying a crazy new domain later and see 

maybe its not oxwall as a company could be any programmer could be a code they used that's third party there is probably a million possibilities in it at one point my site was getting hit for no reason when I would install the extended questions plugin I crashed 3 different servers so on my new server I have added protection that keeps external ip's from pinging pages they should not 

I personally have a couple of standard Oxwall installations. Registration for those sites are open, and I haven't got any issues so far.

I can tell for sure that standard Oxwall installation doesn't come with a build in code that could have attracted spammers.

Paul's idea to test this on local server is quit reasonable.

We are developing another solution against spammers. Hopefully once it is released, it will solve most of the current issues with bots&spammers.

I have been testing out different ideas about stopping spammers, and I ran across something strange. With the help of anit spammer, anti spammer does a good job but I needed more, and started playing around. No matter what I do spammers keep coming. But When i setup users role and make it where a new verified member can not post until I upgrade the users Role to posting and editing. I noticed that Anti Spammer did it's job perfect. Now some how I think the Spammers have figured out a way to look at Oxwalls user coding. Call me crazy but Zero spammers have made it past Anti Spammer with changing how my user Roles effects new members, and Verified members. 7 days after changing my user roles around I have Zero spammers able to Join my site.

Call me crazy

Markie,

Actually you are not stopping spammers from registering.. Its just stopping them from posting. The real problem is somewhere.

Purusothaman Ramanujam Yes and No. I know what I did. The spammers are some how scanning how user Roles are set. They know they can not POST so they don't even log in. I still get some spammers and hackers trying to figure out a way into the site. But Anti Spammer takes care of them pretty good. Now this is day 8 and no spammers have signed up. Like I said call me CRAZY 8 days and I have not had to Suspend or Delete any accounts.

No it won't stop all of them. But explain why I went from 10+ new members/spammers a day to ZERO spammers.  Anti Spammer still blocks over 100 a day. But that doesn't explain why after changing my User Roles that my random PaydayLoans BS  Users have stopped trying to sign up.

It's in the core they some how know.

I don't think they manually login and post content. I believe they do it automatically using some scripts.

You have a good try and it should work for many.

But basically somewhere oxwall is failing on this aspect.

Purusothaman Ramanujam It is strange that simple user Role change did the trick for me. I know the spammers are using scripts to login. But How did they know I made the changes. They have a way to scan our scripts.

I also found something related to what MarkieMark is saying.Basically if you delete a spam user right after they sign up you will be fine for a few days but if you don't they multiply and send out for more and more if I take a weekend off I will come back to 500 fake users

I'm still trying to figure out how the spammers know the site settings. It might take me forever. But I'm going to figure it out. Some part of the code is visible to the spammers. But I have not found it yet. 

Quote from Paul Cuffe

Whats the new plugin Aliia? i had been meaning to contact oxwall regarding some new ideas to help protect sites from spam

New Plugin is described briefly in Den's post here: http://www.oxwall.org/forum/topic/7533?page=1#post-39684 .

I don't have more detailed info right now.

It's the (Powered by Oxwall) badge code, remove this script-wide and problem solved, sorry but it IS about time to just come out and say it, remove all remnants of that badge and wallah,, Problem solved!!!

Also it helps to change at Language {text key='nav+page_default_keywords'} and use your own,
they are by default:
openwack, free software, open source software, community software, open source community software, free community software, open source social networking software, free social networking software, php, mysql

Quote from FoxTechs Actually, it's the fault of Oxwall being Oxwall. They don't purposely create code that has spam come into your websites. Also, as mentioned in a topic by our founder Jake, programmers who want easy and free marketing program "spam bots" with scripts that target sites. Scripts like Oxwall are especially popular, because all they have to do is target one software, and then their advertisemenets are instantly created on thousands of websites. It happens. With each update, spam harvester creators read the code and program their "bots" to work around it so it is as they are detected as regular humans.

So, the domain does NOT matter in this case. No matter if it was business.com or dhfdjhfjdhgkd.net, as long as it's the targeted software, which speaking is Oxwall, it will flood into ALL of your websites that are Oxwall powered. So plugins, themes, etc do not cause it. People who are smart and will do anything to market themselves or a client are the ones to blame.

I don't get spam on my sites with the powered by oxwall logo removed. Never really put two and two together! 

I think every website on the web is prone to spam bots ,not just oxwall .these people that write the code for these bots ,only need a copy of the source code and or away doing there dirty deeds,.All i can say is just be carefull what plugins you add to your site as anybody can add a backdoor to one of these plugins,just check all the code in a plugin before you add it to your oxwalll .I have a website made with oxwall being build and its been online for months and not one spam bot ,my site is on a subdomain

I think people should make more of an effort to hide the source code in oxwall ,there is plenty of software on the web to do this ,and there would be less chance for hackers and bots to gain access to any oxwall website

Quote from Pete I think every website on the web is prone to spam bots ,not just oxwall .these people that write the code for these bots ,only need a copy of the source code and or away doing there dirty deeds,.All i can say is just be carefull what plugins you add to your site as anybody can add a backdoor to one of these plugins,just check all the code in a plugin before you add it to your oxwalll .I have a website made with oxwall being build and its been online for months and not one spam bot ,my site is on a subdomain

Yes and may I suggest utilizing these services at:
Security Compass -Source 01
Security Compass -Source 02

Best of all these security tools are 100% Free, so enjoy!!



*When I get bored I sometimes Google Me*

Removing the badge without a donation, if you do that does that not terminate any further support?