Amazed at how many spammers try to hit my site

Westerncivforum.com was opened was back in 2006 as a discussion forum.  Spammers were a problem back then, and it’s understandable why: users are the ones who are tasked with content creation, and spammers want to create content in the form of spammy links.  In those days, I often tried to combat spammers individually, such as through blacklisting IP addresses or through just deleting spam as soon as it was posted.  Using CAPTCHA techniques also worked, and so this kept my forum pretty clean over the years.

Fast forward to today.  My methods for combating spam have gotten more sophisticated, as has my recognition of overall site security (a few hacks will do that to you).  My site does not suffer from spam – thankfully – but what amazes me is just how much attempted spam is directed at my site.  A little over a year ago I wrote about the massive amounts of attempted spam on this site, so this is really just an update to that post now that I’ve revived the site.

I currently have three anti-spam and/or security programs protecting my site.  First, I have what I will call my “heavy gun”.  It’s an aggressive anti-spam program that counters spam by looking for invalid HTTP_REFERERs, garbage email addresses, overly-long signup credentials, exploit scanning, excessive hits, and other sketchy behavior.  Second, I have a program which is my “platoon commander”.  This automatically blocks or throttles IPs based on certain behavior, such as exploit scanning, login failures, password recovery attempts, blank User-Agents, or pretending to be a Google bot.  Third, I have what I will call my “sniper”.  It’s more a security suite but it has some features that are helpful when fighting spam, such as the ability to capture incorrect passwords that are used when logins are attempted.

Now I haven’t had all three of these programs running all the time, and I haven’t activated all the features all the time, but here’s the interesting part – since January 20, 2015, just one of these programs (the “heavy gun) has stopped 90,082 spammers(!).  As for the ones that get through and try to register?  Well, I’ve had about 64,800 of those(!).

Despite the amount of spammers blocked with that program, they still get through.  I don’t have quantities of spammers making is past obstacle #1, but take a look at the spambots who have tried to log in over during about a two-hour span:

I should point out that earlier today, I disabled the math CAPTCHA feature that was on the registration portion of my site.  Before I did that, I did not have nearly that many false users getting this far.  I can only imagine how much spam was prevented because they couldn’t get past the CAPTCHA.

I guess it’s time to activate it once again.

Update – 5/26/16

Upon reviewing my security logs since I made this post a few day ago, I noticed that spammers who are rejected are being counted in the logs of more than one program.  Therefore, it wasn’t accurate when I said that one program stopped 90,082 spammers and another one stopped 64,800.  I’m not sure how many spammers are truly getting fended off by my security programs because the programs don’t all keep comprehensive logs, but I can say that since I re-enabled the math CAPTCHA feature of my site the number of login attempts has dwindled.  Rather than the 10 per hour I had been receiving, I’m now getting about one or two per hour.  Again, this is only the number of spammers who get to a certain part in the log in process; many more are still rejected for other reasons.