How to Ban many IP from fake registrations

1.1. Why this page

Since July 2012 many tiki-powered websites which allowed free registration of new users experienced a massive amount of registrations, most of which looked like fake users. In many cases, those fake users started to add spam to those tiki sites (in those cases of collaborative web sites allowing plain registered users to add content).

Therefore, the goal of this page is to serve as a quick & dirty Tutorial for others suffering from the same spam registration wave started for many of us in Summer 2012.

For extended information on how to manage the Action log or Banning features, see Action Log and Banning.

Action log feature	Admin Banning feature

1.2. How to avoid getting massive spam fake registrations

Tiki9.1 allows the prevention of those massive fake registrations with the features:

Admin home > Login > Registration & Login > "Registration referer check" .
Setting up a "User tracker" linked to the Registered group, requiring nw users to fill in some mandatory fields (some checkbox, some text area, etc).

For earlier sites (Tiki6 LTS, for instance), or new but without those features enabled, there is a fairly easy way to control that amount of potential spammers getting into your site.

Add "Admin home > Login > Registration & Login > Require validation by admin" , and add your email at the field provided.

1.3. How to ban ip's massively from records at the Tiki action log

Go to Admin users and select to sort users by created_desc order, for instance, and a big amount of records per page like 100 ( tiki-adminusers.php?numrows=100&sort_mode=created_desc )
1. revise whether there are valid registration requests there:
  - check that name and email have some relation. Most fake users have names that have no relationship with the email. For non English countires & sites, it's quite easy to find out the fake registration attempts since they are not using the local language nor local names, but usually English ones.
  - write down the username and date of any non-fake registration request
2. Go to "Admin > Action log"
  - To to the "Settings" tab, and uncheck all checkboxes from the column "Reported", except "* System", and save your changes. Of course, you need to keep that line as "recorded"
3. Go to the "Report" tab, and select your time frame, no user nor group, no category, and under the section "Misc > Search", type: created account, and click at the button "Report"
  - You will see a paginated list of records as a result. Select with the checkbox at the left of each record which ones do you want to select for banning their ip's (you can select all as a starting point with the first checkbox at teh top).
  - Once finished your selection, click at the bottom of the table where an icon of a locker is shown next to where it says: "Perform action with checked".
    You will be sent to admin banning interfcae, with the preselection of the ip's of the chosen records pre-added to the interface
4. Once at the admin banning interface, review the default settings for the "Multiple IP banning" you can add a Custom message to the user. like: "Access from your localization was forbidden due to fake user registration". When done, click at Save

Repeat the last steps (selection of records from the action log interface) as many times as needed to have the IP from all your fake registrations banned.

Once finihsed, you can export your banning list as csv file, and import it to another Tiki site, so that you can reuse your effort to identify banning ip's.

1.4. Some real data from fake user registrations

This is a list of 800+ banned IP data exported from "Admin > banning > Export as csv" and compressed as zip file. Collected mostly from July 1st 2012 until October 13, 2012 in a local non-English semi-inactive site where it was fairly easy to identify fake user registrations from just a few good ones. Provided here by Xavi just in case this is useful to anyone else.