Whether you’ve inherited a new magazine or it’s time to put your house in order, in the forum you can find several good threads on how to deal with spam users but I miss an unified and updated list of spam patterns like the one @jmacgreg started in How do I combat spam?, so, here you have a forum-wiki-page here with an initial compilation that could be collectively extended/enriched.
I tried to make it compact and with same structure to facilitate the reading and are numbered for an easy reference. I also add a “False positives” field (with an estimation like “high/middle/low” probability) to describe in what situations you can get real users instead of spammers.
If you found a new pattern and you like to share it, when editing, please distinguish between queries that return spam users (with eventually a very few false positives) from the ones that help to identify them (list of users to dig further).
DISCLAIMER: Please, use this list with care because is not bullet prof, and you can get false positives. I’m so sorry I didn’t credit the original authors of those snippets. Kudos for them. You can find their original posts in the forum searching the published queries.
TIPS FOR NEWBIES
To facilitate the exportation to mergeUsers.php script, queries return “username”.
Use phpmyadmin or adminer (or simply redirect the output of the script to a file) to get a list.
Replace “username” with “count()" to get the number of affected users or with "” to get all data from one user.
Some links you would like to read if you are concerned about spam in OJS:
- PKP’s documentation: Securing Your System
- How do I combat spam? (a wonderful post from James with almost anything you like to know about spam in OJS) https://forum.pkp.sfu.ca/t/how-do-i-combat-spam
- Form Honeypot anti-bot (a great plugin from Clinton): GitHub - ulsdevteam/pkp-formHoneypot: User registration honeypot plugin for OJS / OMP.
- More antispam plugins (from Clinton): No logging for user validation emails? - #4 by asmecher