Hello,
After upgrading to 1.8.27 I'm receiving lots of new members request to join my forum. Let me say that in order to join my forum, user must reply one of 3 random questions, which are very difficult to know. So my deduction is that Spammer are able to read the answer to these questions due to a security issue.
With 1.8.26 all worked well. Please try to solve this issue!
Best wishes to all
Jordi
It's more likely someone has worked out what the answers are and has programmed a bot to populate the field - there's no known issues that would reveal specifically the answers to these questions anywhere.
Sorry but I disagree. I have changed my security question to another completely different, with an anwer never used before and I still get many new member requests. Seems these bots are reading the answer from the forum configuration. So please check this!
Thank you!
Well, I've moved the thread to bug reports, but as we've not had any other reports of this, and the only place in the entire codebase there is even code to display the answers is in the ACP, I'm not sure what we'll be able to come up with.
Which captcha method do you use and have you change it since the upgrade?
The update had no effect on spammers for me. Some spammers are getting through the security questions but this is not new.
even if your board has random security question, with enough knowledge people can create bot to solve those question using bot. like you set 10 question. user manually add those answer in his bot and bot will next time auto add the answer.
1. use google captcha with mybb in-build random questions
2. there is plugin whitelisted domain email. install that one and add your desire email domain.
3. use email user activation.
4. you can also check "stop forum spam" mybb settings
(2021-07-16, 08:51 AM)StefanT Wrote: [ -> ]The update had no effect on spammers for me. Some spammers are getting through the security questions but this is not new.
Try to block ip class addresses from the cPanel provider
or filter in iptables
Hello,
Thank you for all the suggestions. I use MyBB Captcha from the list. Do you suggest to use a different one? I have also changed the hidden Catpcha field, added an API Key from Stop Forum Spam and enabled other settings. I hope this will work!
Thank you for your support!
Yes, you can take a look at which captcha method you prefer. One of the newest ones is hcaptcha, you will need to get an api key to enable it however (same applies to google versions)