Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[F] Post doesn't check referrer
#11
I've blocked his domain in the Email-block field. and that should put him off because all registrations require activation.

I'm still confused as to how he managed to create 70+ accounts with the same email on the same IP.

mybb's maximum registrations per IP is 2 every 48 hours :/


and before you say it. I've got CAPTCHAs turned on
#12
D4rkDrago0n Wrote:I've blocked his domain in the Email-block field. and that should put him off because all registrations require activation.

I'm still confused as to how he managed to create 70+ accounts with the same email on the same IP.

mybb's maximum registrations per IP is 2 every 48 hours :/


and before you say it. I've got CAPTCHAs turned on

Oh come on man, who reads your thread will believe that MyBB as a whole is a security crap!! are you sure all this is happening?

Please read about banning here
#13
yeah, this is why I'm posting here. I figured if there was something wrong, you guys would want to know. You're software Is probably one of the more secure boards I've used. I would like to make sure it stays that way.

And yes. I do know how to use the banning functions. Since I've banned his domain, He's not made any new accounts
#14
Referrer checking is useless and can't be relied on - you can easily forge a referrer.
#15
that's a shame. that's the only bright idea I could come up with.

I hope you guys come up with something better ^_^

thanks in advance
#16
Just wondering, was there 1 account for each post, or did the spammer use one account to post all of them?
Dennis Tsang
http://dennistt.net
#17
he made about 70+ accounts but only 10 of them actually made posts
#18
All from the same IP?
Dennis Tsang
http://dennistt.net
#19
yeah, or so it appears.

It worked out quite handy as I could use phpMyAdmin to do an IP Search and delete all posts and users made from that IP
#20
This user has been denied support. This user has been denied support.
Well some things you can try...

1. Add a custom required field.
2. Turn flood posting higher to 30 seconds.
3. Ban his email
4. Ban his IP
5. Contact his IP address provider and report it to abuse. Also post it here for us to help you investigate.
6. Change the captcha fonts.
7. Change in admincp the Time Between Registrations to 72 hours.
8. Change in admincp the Maximum Registrations Per IP Address to 1.
9. Change in admincp Registration Method to Administration Activation and manually activate accounts.
10. Use htaccess or server firewall to block his IPs.

Now you can do some or all of these. I suggest you start with #6, then #1 and go from there what you may not have already tried.


Forum Jump:


Users browsing this thread: 1 Guest(s)