How to take action against spammers?

Editions: all
Versions: all

Unfortunately, like any other websites, VIMP portals can be attacked by spammers occasionally. As far as our experience goes, we assume that large-scale spam attacks are not coming from spam bots, but from cheap labour networks that register manually to your VIMP platform. This makes it nearly impossible to take automatic countermeasures.

The approach is almost always the same. It begins with a few user sign ups that can grow to several hundert sign ups per day soon. Mostly the sign ups are made with e-mail addresses from big freemailers like or and fantasy usernames. Sometimes they even fill out further profile fields.

At some time these profiles are used to write blog, user or media comments. The spam output can become accordingly high rapidly.

VIMP instruments against spam:

  • Enable captcha (Configuration -> Captcha):
    First activate the captcha. In this way you prevent automated registrations via spam bots.
  • Enable "Verify new registrations" (Configuration -> User):
    If activated, an administrator has to verify new users before they can get active in the frontend.
  • Disable "Log in user after registration" (Configuration -> User):
    Prevents logging in without confirming the link in the verification e-mail.
  • As a last resort you can try to disable registrations at all for a limited period of time (Configuration -> Components) and also block all spam accounts via the backend.

Blocking spam accounts:
If a user has been blocked, it is not possible to use this e-mail address repeatedly. Only after deleting the user permanently the e-mail address can be used to register again. Use the batch actions of the user management in the backend to block multiple users with one click.

After some time you should get a good feel of which registrations are spam and which are valid.

All content that has been created by a spammer will be removed from the frontend after blocking or deleting the according user.

To remove spam from the news/activities lists, you need to configure those lists in the backend at [i]Configuration -> Activities[/i].

Single activities can be deleted via the "Activities" link in the backend. If you want to delete all activity records at once, you need to empty the database table "activity".

The according command is:

truncate activity;

Activity records are important for spammers, as it completely works for them to place their spam there, even if the real comments or users have already been deleted.

By blocking or deleting a user you also remove its comments, blogs and other contents. But the according activities remain visible. Thus, it's worth to clean them up or configure them accordingly, e.g. to not display comments in the acitivty lists. Uploads, in contrast, are too time-consuming for spammers usually.

Last update on 2022/09/06 by Admin.

Go back