MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > Archived Bug Reports > MyBB 1.2.3 > [F] Post doesn't check referrer
Full Version: [F] Post doesn't check referrer
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4 5

D4rkDrago0n

2007-03-04, 06:20 PM
I've blocked his domain in the Email-block field. and that should put him off because all registrations require activation.

I'm still confused as to how he managed to create 70+ accounts with the same email on the same IP.

mybb's maximum registrations per IP is 2 every 48 hours :/


and before you say it. I've got CAPTCHAs turned on

zaher1988

2007-03-04, 07:09 PM
D4rkDrago0n Wrote:I've blocked his domain in the Email-block field. and that should put him off because all registrations require activation.

I'm still confused as to how he managed to create 70+ accounts with the same email on the same IP.

mybb's maximum registrations per IP is 2 every 48 hours :/


and before you say it. I've got CAPTCHAs turned on

Oh come on man, who reads your thread will believe that MyBB as a whole is a security crap!! are you sure all this is happening?

Please read about banning here

D4rkDrago0n

2007-03-04, 07:23 PM
yeah, this is why I'm posting here. I figured if there was something wrong, you guys would want to know. You're software Is probably one of the more secure boards I've used. I would like to make sure it stays that way.

And yes. I do know how to use the banning functions. Since I've banned his domain, He's not made any new accounts

Chris Boulton

2007-03-04, 10:37 PM
Referrer checking is useless and can't be relied on - you can easily forge a referrer.

D4rkDrago0n

2007-03-05, 01:02 AM
that's a shame. that's the only bright idea I could come up with.

I hope you guys come up with something better ^_^

thanks in advance

Dennis Tsang

2007-03-10, 08:47 PM
Just wondering, was there 1 account for each post, or did the spammer use one account to post all of them?

D4rkDrago0n

2007-03-10, 08:52 PM
he made about 70+ accounts but only 10 of them actually made posts

Dennis Tsang

2007-03-10, 09:13 PM
All from the same IP?

D4rkDrago0n

2007-03-10, 09:19 PM
yeah, or so it appears.

It worked out quite handy as I could use phpMyAdmin to do an IP Search and delete all posts and users made from that IP

User 2877

2007-03-11, 08:57 AM
Well some things you can try...

1. Add a custom required field.
2. Turn flood posting higher to 30 seconds.
3. Ban his email
4. Ban his IP
5. Contact his IP address provider and report it to abuse. Also post it here for us to help you investigate.
6. Change the captcha fonts.
7. Change in admincp the Time Between Registrations to 72 hours.
8. Change in admincp the Maximum Registrations Per IP Address to 1.
9. Change in admincp Registration Method to Administration Activation and manually activate accounts.
10. Use htaccess or server firewall to block his IPs.

Now you can do some or all of these. I suggest you start with #6, then #1 and go from there what you may not have already tried.
Pages: 1 2 3 4 5
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > Archived Bug Reports > MyBB 1.2.3 > [F] Post doesn't check referrer