Spam protection
Quote from Lschreyer on July 11, 2019, 8:28 amHello, I just got locked up by a chinese spammer. He created 4 accounts by hand, and solved the Captchas, then injected 2000+ spam entries into the forum, flooding all other forum-users with emails. Lucky, my provider stopped that at 50 emails.
So now I have to lock the forum, as I cannot let that happen again. I guess the only way to leave the login page open to anyone is now a setting, where a user can only create xx new forum entries per hour, as many other forum solutions have.
Even better, if we could set this up for new users by default, and change it to a higher value after xx days.
Is there any hope that we will get this setting? Currently a user can create thousand new entries in a minute, very unsafe.
Hello, I just got locked up by a chinese spammer. He created 4 accounts by hand, and solved the Captchas, then injected 2000+ spam entries into the forum, flooding all other forum-users with emails. Lucky, my provider stopped that at 50 emails.
So now I have to lock the forum, as I cannot let that happen again. I guess the only way to leave the login page open to anyone is now a setting, where a user can only create xx new forum entries per hour, as many other forum solutions have.
Even better, if we could set this up for new users by default, and change it to a higher value after xx days.
Is there any hope that we will get this setting? Currently a user can create thousand new entries in a minute, very unsafe.
Quote from Asgaros on July 11, 2019, 11:04 amHello @lschreyer
I will try to include a functionality for this in a future update.
Which captcha-plugin did you use on your website to protect the login/registration form?
Hello @lschreyer
I will try to include a functionality for this in a future update.
Which captcha-plugin did you use on your website to protect the login/registration form?
Quote from Lschreyer on July 11, 2019, 11:22 amI use Captcha-Bank. But the spammer registered manually, so he solved the captcha and then moved on and used the login data for his script. Captchas are not safe enough to prevent this mass spam, only a lockout mechanism if a user posts too much in a short time.
I use Captcha-Bank. But the spammer registered manually, so he solved the captcha and then moved on and used the login data for his script. Captchas are not safe enough to prevent this mass spam, only a lockout mechanism if a user posts too much in a short time.
Quote from Asgaros on July 11, 2019, 7:57 pmI see. Yes I will try to add additional settings for it in a future update. Some users also recommend the following extension for adding a ReCaptcha to the forum:
I see. Yes I will try to add additional settings for it in a future update. Some users also recommend the following extension for adding a ReCaptcha to the forum:
Quote from yellowfish on July 30, 2019, 3:16 pmI use that plugin and I do get SPAM (on my site that isn’t actually active yet)
I use that plugin and I do get SPAM (on my site that isn’t actually active yet)
Quote from Asgaros on July 30, 2019, 8:04 pmUnfortunately its not 100% possible to prevent spam-posts at all. I will try to add additional lockout-features in future updates. However, bots are also possible to detect this so they send spam-messages only X minutes.
Unfortunately its not 100% possible to prevent spam-posts at all. I will try to add additional lockout-features in future updates. However, bots are also possible to detect this so they send spam-messages only X minutes.
Quote from Lschreyer on July 31, 2019, 7:39 amI had a slight hope that this huge problem would have been adressed faster.
Currently my Forum is suspended, very sad, as it was really helpful and neat. I really liked it.
I will close it down completely now, as I do not know when I can open it again. In this state it is not safe at all, and anyone with such an attack risks being added to several antispamlists, where it is very hard to be removed from.
I had a slight hope that this huge problem would have been adressed faster.
Currently my Forum is suspended, very sad, as it was really helpful and neat. I really liked it.
I will close it down completely now, as I do not know when I can open it again. In this state it is not safe at all, and anyone with such an attack risks being added to several antispamlists, where it is very hard to be removed from.
Quote from Guido on June 25, 2024, 2:50 pmI have the same problem every now and then. My forum has grown to over 10,000 users, so a LOT of people received around 100 emails yesterday (the topics they were able to create before I woke up and could ban them). My guess is that it’s a group / “company” that gets paid to post certain links or phone numbers online. In my case, the posts were all about call girls, escorts (you get the idea).
The problem is not so much the creating account part. They do this manually and can get through any captcha like that. I send a verification link. The problem is that once they have the account, they post as much as possible.
I’ve already increased some of the values in the “permissions” settings to discourage them, but that doesn’t really help.
It would be really nice to have a setting where you can enter ‘forbidden words or phrases’. If a post contains one of those words or phrases it will be put in moderation or just deleted permanently. (similar to the built in wordpress ‘discussion’ setting). I’d be willing to pay for that.
I have the same problem every now and then. My forum has grown to over 10,000 users, so a LOT of people received around 100 emails yesterday (the topics they were able to create before I woke up and could ban them). My guess is that it’s a group / “company” that gets paid to post certain links or phone numbers online. In my case, the posts were all about call girls, escorts (you get the idea).
The problem is not so much the creating account part. They do this manually and can get through any captcha like that. I send a verification link. The problem is that once they have the account, they post as much as possible.
I’ve already increased some of the values in the “permissions” settings to discourage them, but that doesn’t really help.
It would be really nice to have a setting where you can enter ‘forbidden words or phrases’. If a post contains one of those words or phrases it will be put in moderation or just deleted permanently. (similar to the built in wordpress ‘discussion’ setting). I’d be willing to pay for that.
Quote from Jim on June 25, 2024, 3:17 pmQuote from Guido on June 25, 2024, 2:50 pmMy forum has grown to over 10,000 users, so a LOT of people received around 100 emails yesterday (the topics they were able to create before I woke up and could ban them).
@guido Can’t you set each forum to require approval for new topics?
Quote from Guido on June 25, 2024, 2:50 pmMy forum has grown to over 10,000 users, so a LOT of people received around 100 emails yesterday (the topics they were able to create before I woke up and could ban them).
@guido Can’t you set each forum to require approval for new topics?
Quote from Guido on June 25, 2024, 4:15 pmI could, but that would (1) ask a lot of time from me and (2) wouldn’t be very user friendly, as people would have to wait to see their topic until I approve it. My forum is a support forum for the usage of my app.
I could, but that would (1) ask a lot of time from me and (2) wouldn’t be very user friendly, as people would have to wait to see their topic until I approve it. My forum is a support forum for the usage of my app.