MyBB Community Forums

Full Version: Spammed with over 10,000 user accounts
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Any idea how to remove them in bulk? I can only clear one page at a time.
Is there any way to filter IP addresses by country when reviewing them?

Ive been OK up to now, but all of a sudden, some bots appear out of nowhere causing thousands of account registers.
I have always had manual admin activation enabled, and have also added captcha text, but the bots seem to be getting through this.

Thanks for any advice.
Try using a security question, and the preregister agreement, that will stop them, hopefully someone else can help you with the other questions.
To remove - I'd use phpmyadmin, if you have access.

Open the mybb_users table, then the SQL tab.

DELETE FROM FROM mybb_users WHERE usergroup = 5;

It will give you a chance to 'dry run' before deleting.  So a good sanity check.  Another decent sanity check is a simple select query:

SELECT * FROM mybb_users WHERE usergroup = 5;

Confirm you have the right group first.  As with all bulk delete queries - good idea to backup the database first. Wink

You could also use the phpmyadmin search tab, which would enable you list up to 500 at a time. 

cheers...
Good suggestions above, out of curiosity over what time frame did you have that amount of registrations and do you have a captcha selected and security questions etc already?
(2021-06-10, 11:48 PM)nixer55 Wrote: [ -> ]To remove - I'd use phpmyadmin, if you have access.

Open the mybb_users table, then the SQL tab.

DELETE FROM FROM mybb_users WHERE usergroup = 5;

It will give you a chance to 'dry run' before deleting.  So a good sanity check.  Another decent sanity check is a simple select query:

SELECT * FROM mybb_users WHERE usergroup = 5;

Confirm you have the right group first.  As with all bulk delete queries - good idea to backup the database first. Wink

You could also use the phpmyadmin search tab, which would enable you list up to 500 at a time. 

cheers...
Ive just given that a go, and it looks like its cleared them, however, it is still showing the message at the top of the screen that there is 11,734 users awaiting activation. Im not sure if it will clear on its own, it might not refresh this too often?

Edit:
now i see at the bottom of my forum that I have over 12,000 registered users!
This doesnt look good, but it appears there are users on the list showing now with their names crossed out, im not sure if these are banned ones from an earlier point in time.
I did make a backup of the DB

(2021-06-11, 08:28 PM)Ben Wrote: [ -> ]Good suggestions above, out of curiosity over what time frame did you have that amount of registrations and do you have a captcha selected and security questions etc already?
It looked like most of this happened over about a month. I originally thought I had captha selected, but it wasnt, but even after activating it, im still getting a few registrations each day, about 20 or so currently. Down much more than earlier though.
(2021-06-17, 06:15 AM)nzoomed Wrote: [ -> ]Ive just given that a go, and it looks like its cleared them, however, it is still showing the message at the top of the screen that there is 11,734 users awaiting activation. Im not sure if it will clear on its own, it might not refresh this too often?

Edit:
now i see at the bottom of my forum that I have over 12,000 registered users!
This doesnt look good, but it appears there are users on the list showing now with their names crossed out, im not sure if these are banned ones from an earlier point in time.
I did make a backup of the DB


You probably need to run a Recount & Rebuild - ACP -  Tools & Maintenance - Recount & Rebuild.  Been a while since I needed to rebuild counters - but Recount Statistics and Rebuild Forum Counters are likely suspects.  @Ben could advise better than I. Smile
(2021-06-17, 08:49 AM)nixer55 Wrote: [ -> ]
(2021-06-17, 06:15 AM)nzoomed Wrote: [ -> ]Ive just given that a go, and it looks like its cleared them, however, it is still showing the message at the top of the screen that there is 11,734 users awaiting activation. Im not sure if it will clear on its own, it might not refresh this too often?

Edit:
now i see at the bottom of my forum that I have over 12,000 registered users!
This doesnt look good, but it appears there are users on the list showing now with their names crossed out, im not sure if these are banned ones from an earlier point in time.
I did make a backup of the DB


You probably need to run a Recount & Rebuild - ACP -  Tools & Maintenance - Recount & Rebuild.  Been a while since I needed to rebuild counters - but Recount Statistics and Rebuild Forum Counters are likely suspects.  @Ben could advise better than I. Smile
Yes that looks like it did the trick!
Hopefully no more new signups from bots after adding more security questions other than the default 2+2!
Hopefully that is you sorted now, but 10,000 is a huge amount of spammers. If you do still have issues, I can suggest that you replace the Powered by MyBB notice with an image. We have heard of cases where that has reduced the number of spammers, assuming they are using that to search for forums running MyBB.
(2021-06-17, 02:28 PM)Ben Wrote: [ -> ]Hopefully that is you sorted now, but 10,000 is a huge amount of spammers. If you do still have issues, I can suggest that you replace the Powered by MyBB notice with an image. We have heard of cases where that has reduced the number of spammers, assuming they are using that to search for forums running MyBB.
thats interesting, obviously the bots are looking for that.
Seems ive only been targeted recently, over the last 12 months, i have had relatively few bot signups.
It is, and just shows how smart they are becoming in some cases. If you think about it, what is the easiest way to differentiate between phpBB -> MyBB ? The copyright notice in the footer.

How long has your forum been running? It may be the case that you are only now beginning to be indexed by search engines, or perhaps throughout the COVID pandemic people are trying to take the opportunity to exploit the web further.