Spaming a website

I post this in this category thinking that people abuse my site for this reason.

The thing is, I would like to learn how this thing works, naming to spam a web page, and more precisely here is what happens…

I have a page where users can register. I realize that there are plenty users registered which dont belong there at all, and the thing is more than 70% did register but did not even activate the account. So how does this actually work? what does someone gain to become a non registered user on my site?

I assume they register expecting to come back later and spam. You may notice a new member spamming but not an old one.

The best bet is to try and prevent unwanted people registering in the first place. I used a three question method which was based on the product. This meant the new member had to know about the product in the first place or do some research. Spammers do not want to spend time doing research and the genuine people would either know the information or be willing to research it.

There are spam lists you can either build into your code or go through every now and again and check new members against the list.

If they have not activated in a month or some other time frame delete them.

It is a pain but good to keep things under control.

1 Like

You’ve blurred out the email addresses and the dates don’t show the times, but going by the Names alone it sure looks like there’s a lot of what I call “seed” accounts.

These are most likely accounts created en masse to be sold to those wanting to “blast” SPAM to many forums rather than one person using the many accounts for only your forum.

One thing you can count on, if you ignore this you will find yourself chasing after the problem spending a lot of time cleaning things up after the fact.

CAPTCHA can help, but it can make things more difficult for legitimate users and some bots can get around CAPTCHA so it’s usefulness is limited.

As Rubble posted, periodically removing unactivated accounts after an arbitrary amount of time should help a lot.

IMHO you should also look into implementing “flood control” / “throttling” as a preventive measure.
In my experience, blocking anonymous proxy IPs helps a lot.

And of course, even if you have success in stopping bots you will still have problems with human SPAM mills but so far those tend to be more manageable.


Many things.

Some bots scour the internet looking for vulnerabilities to exploit to gain access to that server. Some content of your site may only be accessible after signing up, so they make an account to look for more securities holes.

As a measure to combat automatic spam detection, the bots will sign up in an effort to leave spam in the form of comments, support tickets, etc. Anywhere they can link to their spam.

Thanks mittineague, it looks like it is how you say it and i now understand for what this is all for…

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.