(2021-06-18, 10:48 PM)Ben Wrote: [ -> ]It is, and just shows how smart they are becoming in some cases. If you think about it, what is the easiest way to differentiate between phpBB -> MyBB ? The copyright notice in the footer.
How long has your forum been running? It may be the case that you are only now beginning to be indexed by search engines, or perhaps throughout the COVID pandemic people are trying to take the opportunity to exploit the web further.
Been running the best part of 18 months.
I had bots start spamming within weeks, but it largely had halted for the last year after I switched to administrator activation.
We have a similar setup. Only been involved in the admin for 2 years - but don't have a big problem with spam bots. This is a good sized and long-standing board with 17K users and 312k posts. I feel fine-tuning StopForumSpam helped a lot. The defaults require tweaking - used to be more of a problem.
We also use
Display a hidden CAPTCHA - which seems effective against bots. Now spammers are humans mainly. Admin activation takes care of the bulk of these. Restrictions on new user accounts helps too - especially links. That and good moderation.
Relatively new to MyBB - but not security in general. Don't put my faith in any one thing.
I using google captcha+mybb in-build captcha. also i using account activation via email+ there is a plugin restricted email. so that people cannot use temporary email address for register.
Hello,
Spammers like to use a tactic known as "disposible email" on certain websites they can create a temporarly email address that lasts just long enough to deceive the "valid email check" of many forum software packages this isn't a mybb only problem you can avoid that issue with a plugin known as
MailboxValidator
You can block disposable email addresses or free email addresses (gmail , hotmail etc) or both.
Hi,
I am having a similar issue with spam users, but not that many. Anyway, I regularly see about 5 users per day that have random names \ emails registered mostly in Gmail. Previously there were lots of them with other "mail services", but some settings helped to reduce this number.
What I have done to reduce spam registration:
-Updated forum to the latest version 1.8.31
-Set Send email verification
-Set Security question
-Set Stop Forum Spam set with Yes in all fields and "Minimum stop forum spam weighting" = 20
-Set Captcha, tried reCAPTCHA v3 and hCaptcha set to "Difficult", the same result
-Set Hidden CAPTCHA field set to "Name"
-Changed MyBB to phpBB in footer as it was reccomented above
-Installed plugin: Hide Register and Login Page for Logged In Users (
https://community.mybb.com/mods.php?acti...w&pid=1286)
-Installed plugin: Blackbox (
https://community.mybb.com/mods.php?acti...w&pid=1429), Yes in all fields
-Installed plugin: chkProxy (
https://community.mybb.com/mods.php?acti...w&pid=1280), Set 0.95 value, not sure what is good
Can you suggest anything that can reduce more or solve the spam registration?
(2022-11-09, 08:17 AM)Inx Wrote: [ -> ]-Changed MyBB to phpBB in footer as it was reccomented above
You misread. It was not recommended to change the software copyright. What was recommended was to change the text to an image. Absolutely no one would recommend removing a software's copyright lol, especially considering that goes against the MyBB
support eligibility policy.
(2021-06-17, 02:28 PM)Ben Wrote: [ -> ]Hopefully that is you sorted now, but 10,000 is a huge amount of spammers. If you do still have issues, I can suggest that you replace the Powered by MyBB notice with an image. We have heard of cases where that has reduced the number of spammers, assuming they are using that to search for forums running MyBB.
(2022-11-10, 10:53 AM)Taylor M Wrote: [ -> ] (2022-11-09, 08:17 AM)Inx Wrote: [ -> ]-Changed MyBB to phpBB in footer as it was reccomented above
You misread. It was not recommended to change the software copyright. What was recommended was to change the text to an image. Absolutely no one would recommend removing a software's copyright lol, especially considering that goes against the MyBB support eligibility policy.
(2021-06-17, 02:28 PM)Ben Wrote: [ -> ]Hopefully that is you sorted now, but 10,000 is a huge amount of spammers. If you do still have issues, I can suggest that you replace the Powered by MyBB notice with an image. We have heard of cases where that has reduced the number of spammers, assuming they are using that to search for forums running MyBB.
Oh, right... I didn't get it. Alright, I'll return it back and try to replace it with an image then. Anyway, it would be good to know a way to fix this completely.
(2022-11-11, 10:03 AM)Inx Wrote: [ -> ]Oh, right... I didn't get it. Alright, I'll return it back and try to replace it with an image then. Anyway, it would be good to know a way to fix this completely.
[
attachment=45545]
This may or may not work for you but here's a small one. Text size is around 14px. Black text with white outline just incase its on darker backgrounds.
I've noticed something also interesting - Bing has absolutely no limit on how many queries you can throw at it, meaning bots can abuse their engine really easily. Unfortunately, nearly every 'alternative' English-language search engine is basically a proxy for Bing, DuckDuckGo included (regardless of the rubbish they claim on their website...), so blocking bingbot means you effectively get deindexed from DDG too. However for new sites it could potentially mitigate how quickly one would attain a large amount of bots appear all at once. (Besides, in all fairness, I'd rather coax people away from MSFT-based 'alternative' searchers if they're trying to avoid Google and help improve a more independent indexer...)
YandexBot can also go down the bin too unless you're targeting Russian-language, especially given it spams request URIs like no tomorrow could come.
Something that hasn't previously been stated, adding onto the thing about email blocking and disposable addresses - email signups from Yandex/Mail.ru/GMX/mail.com are almost always malicious or spam too, theres lots of domains for the latter two... (gmx.net, the German-locale version, is different and is safer than the English one.)
On a note, I always found CAPTCHAs ineffective for Indian spam, though it tends to work reasonably well against Russian/Ukrainian spam. A 'sortable Q&A' like the one in phpBB would be feasible, I remember one I created that was pretty ridiculous but extremely effective for a Windows forum long ago, that went "What features are part of Windows 7 and what are part of Windows 10?" and you had to drag the correct ones into the correct boxes. It had a pretty obvious anti-Win10 sentiment but it fit the nature of the forum and its demograph pretty well lol.
I did not realize I could make my own questions until reading this thread. Thanks!