MyBB Community Forums

Full Version: Spamming BOT's Issue.
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3
Hello,
I'm facing problem in my website, It's about spamming bot's.
Though, I have reCAPTCHA installed. & Allows only trusted and famous e-mails during registration. & Requires email activation after registration.
And after all these protections, The spamming bot's can register fake accounts and activated & Spamming in Threading/posting.
Due to that, I want any strong protection against Spamming BOT's, Is it available?
I really hope anyone helps me ASAP.
Thanks a lot. Smile
I'd recommend using Stop Forum Spam, and iPatrol. Also, sometimes it helps to change the MyBB copyright footer to an image with the required, instead of plain text.

..or at least, that's what helped me.
(2020-01-11, 09:21 PM)mTurtle_ Wrote: [ -> ]I'd recommend using Stop Forum Spam, and iPatrol. Also, sometimes it helps to change the MyBB copyright footer to an image with the required, instead of plain text.

..or at least, that's what helped me.
Thanks for your reply, I just want any other plugin not out-dated, also is programmed especially for preventing bots spamming.
I hope anyone help me ASAP, Because i'm suffering of this problem.
see this reply - it can be much helpful ..
(2020-01-13, 08:57 AM).m. Wrote: [ -> ]see this reply - it can be much helpful ..
Thanks a lot for your response, I created now "Security Questions", But do you think that is an effective method to prevent Spammers/Bot's?
@.m.
(2020-01-13, 11:51 PM)iKsu Wrote: [ -> ]
(2020-01-13, 08:57 AM).m. Wrote: [ -> ]see this reply - it can be much helpful ..
Thanks a lot for your response, I created now "Security Questions", But do you think that is an effective method to prevent Spammers/Bot's?
@.m.

No it's not.

Its not possible that you could have a list of trusted emails as you state otherwise you would not have this problem.

Set the registration method to Admin activated and find a way to better vet your registration applications and your problem will be solved.
(2020-01-14, 12:28 AM)Ashley1 Wrote: [ -> ]No it's not.

Its not possible that you could have a list of trusted emails as you state otherwise you would not have this problem.

Set the registration method to Admin activated and find a way to better vet your registration applications and your problem will be solved.
  • It's possible as i only allows using (Gmail - Yahoo - Hotmail) during registration.
  • I did not understand what do you mean? Could you explain more?
Quote:... do you think that is an effective method
yes.
Quote:Set the registration method to Admin activated
Ashley1's suggestion is to activate every new user through forum admin panel
after checking user name, email & ip address. initially it might be possible to
check newly joined members - as forum grows it would be difficult to do so ..

Edit:
you can also put new users' x posts on moderation queue
[eg. see required approvals plugin (see also this related thread)]
I solved this problem with a few techniques together:

1. ACP > Configuration > Settings > Login and Registration Options > 

Registration Method = Send email verification (requires user to validate their email address)
Display Hidden CAPTCHA = YES
Minimum Registration Time = at least 20 seconds
Show Security Question = YES

2. ACP > Configuration > Security Questions > make a more interesting question that is harder for bots to solve.

3. If a person or a bot gets past all of those tests, MyBB moves the user from the "Awaiting Activation Group" to the "Registered" Group, which has permission to post freely. So the idea is to modify the Registered Group so that the first post by any user must be moderated - meaning approved by you - before they appear on the forum. This effectively blocks spam, although you do have to go in and "approve" legitimate posts regularly, and delete the spam - but it's easy to do. Then, you create a "Promotion" system that if any Registered user has at least 1 post (meaning you approved their post), then they are "promoted" to a new "Approved" group, which can then post freely.

https://community.mybb.com/thread-186873.html

Here's how:

Make a backup first: in ACP > Tools & Maintenance > Database Backups

1. In ACP > Users & Groups > Groups > Add New User Group

Title: Approved
Copy Permissions From: "Registered"
Click "Save User Group"


2. In ACP > Users & Groups > Groups > Registered Group > Forums and Posts > Moderation Options:

Check: Moderate new posts
Check: Moderate new threads
Click "Save User Group"

3. In ACP > Users & Groups > Group Promotions > Add New Promotion

Title: Promote Registered to Approved
Promotion Requirements: select "Post Count"
Post Count: 1 "Greater than or equal to"
Original User Group: select "Registered"
New User Group: "Approved"
User Group Change Type: "Primary User Group"
Click "Save Promotion"

4. In order to promote all of your existing Registered users to the new Approved Group - so that they can still post freely:

ACP > Tools & Maintenance > Task Manager > Promotion System > Run Task

This way, any new "Registered" user who passes the Registration and email verification, will still have their first post held for approval. Once you approve a post, the user is moved to the "Approved" group and can post normally. 

Last, most of our problem registrations were coming from users hiding behind VPN or TOR nodes. There is a plugin called "chkProxy" which can block registration if the user is behind a proxy/VPN... I don't endorse the plugin and have not used it, but it looks like it is up to date.

https://community.mybb.com/mods.php?acti...w&pid=1280

I'm not sure if any of that will help with bots specifically, but it does help to filter out most problem registrations, and stop spam before it appears.
(2020-01-14, 01:51 AM)iKsu Wrote: [ -> ]
(2020-01-14, 12:28 AM)Ashley1 Wrote: [ -> ]No it's not.

Its not possible that you could have a list of trusted emails as you state otherwise you would not have this problem.

Set the registration method to Admin activated and find a way to better vet your registration applications and your problem will be solved.
  • It's possible as i only allows using (Gmail - Yahoo - Hotmail) during registration.
  • I did not understand what do you mean? Could you explain more?


Neither of these three domains are actually trustworthy. Most spammers that make it through my antispam mechanisms are using variatuions of gmail addresses. And hotmail has been a spam nest for most of its much too long existence.
Pages: 1 2 3