MyBB Community Forums
Spammed with over 10,000 user accounts - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: 1.8 Support (https://community.mybb.com/forum-175.html)
+--- Forum: General Support (https://community.mybb.com/forum-176.html)
+--- Thread: Spammed with over 10,000 user accounts (/thread-232608.html)



Spammed with over 10,000 user accounts - nzoomed - 2021-06-10

Any idea how to remove them in bulk? I can only clear one page at a time.
Is there any way to filter IP addresses by country when reviewing them?

Ive been OK up to now, but all of a sudden, some bots appear out of nowhere causing thousands of account registers.
I have always had manual admin activation enabled, and have also added captcha text, but the bots seem to be getting through this.

Thanks for any advice.


RE: Spammed with over 10,000 user accounts - Michael2014 - 2021-06-10

Try using a security question, and the preregister agreement, that will stop them, hopefully someone else can help you with the other questions.


RE: Spammed with over 10,000 user accounts - nixer55 - 2021-06-10

To remove - I'd use phpmyadmin, if you have access.

Open the mybb_users table, then the SQL tab.

DELETE FROM FROM mybb_users WHERE usergroup = 5;

It will give you a chance to 'dry run' before deleting.  So a good sanity check.  Another decent sanity check is a simple select query:

SELECT * FROM mybb_users WHERE usergroup = 5;

Confirm you have the right group first.  As with all bulk delete queries - good idea to backup the database first. Wink

You could also use the phpmyadmin search tab, which would enable you list up to 500 at a time. 

cheers...


RE: Spammed with over 10,000 user accounts - Ben - 2021-06-11

Good suggestions above, out of curiosity over what time frame did you have that amount of registrations and do you have a captcha selected and security questions etc already?


RE: Spammed with over 10,000 user accounts - nzoomed - 2021-06-17

(2021-06-10, 11:48 PM)nixer55 Wrote: To remove - I'd use phpmyadmin, if you have access.

Open the mybb_users table, then the SQL tab.

DELETE FROM FROM mybb_users WHERE usergroup = 5;

It will give you a chance to 'dry run' before deleting.  So a good sanity check.  Another decent sanity check is a simple select query:

SELECT * FROM mybb_users WHERE usergroup = 5;

Confirm you have the right group first.  As with all bulk delete queries - good idea to backup the database first. Wink

You could also use the phpmyadmin search tab, which would enable you list up to 500 at a time. 

cheers...
Ive just given that a go, and it looks like its cleared them, however, it is still showing the message at the top of the screen that there is 11,734 users awaiting activation. Im not sure if it will clear on its own, it might not refresh this too often?

Edit:
now i see at the bottom of my forum that I have over 12,000 registered users!
This doesnt look good, but it appears there are users on the list showing now with their names crossed out, im not sure if these are banned ones from an earlier point in time.
I did make a backup of the DB

(2021-06-11, 08:28 PM)Ben Wrote: Good suggestions above, out of curiosity over what time frame did you have that amount of registrations and do you have a captcha selected and security questions etc already?
It looked like most of this happened over about a month. I originally thought I had captha selected, but it wasnt, but even after activating it, im still getting a few registrations each day, about 20 or so currently. Down much more than earlier though.


RE: Spammed with over 10,000 user accounts - nixer55 - 2021-06-17

(2021-06-17, 06:15 AM)nzoomed Wrote: Ive just given that a go, and it looks like its cleared them, however, it is still showing the message at the top of the screen that there is 11,734 users awaiting activation. Im not sure if it will clear on its own, it might not refresh this too often?

Edit:
now i see at the bottom of my forum that I have over 12,000 registered users!
This doesnt look good, but it appears there are users on the list showing now with their names crossed out, im not sure if these are banned ones from an earlier point in time.
I did make a backup of the DB


You probably need to run a Recount & Rebuild - ACP -  Tools & Maintenance - Recount & Rebuild.  Been a while since I needed to rebuild counters - but Recount Statistics and Rebuild Forum Counters are likely suspects.  @Ben could advise better than I. Smile


RE: Spammed with over 10,000 user accounts - nzoomed - 2021-06-17

(2021-06-17, 08:49 AM)nixer55 Wrote:
(2021-06-17, 06:15 AM)nzoomed Wrote: Ive just given that a go, and it looks like its cleared them, however, it is still showing the message at the top of the screen that there is 11,734 users awaiting activation. Im not sure if it will clear on its own, it might not refresh this too often?

Edit:
now i see at the bottom of my forum that I have over 12,000 registered users!
This doesnt look good, but it appears there are users on the list showing now with their names crossed out, im not sure if these are banned ones from an earlier point in time.
I did make a backup of the DB


You probably need to run a Recount & Rebuild - ACP -  Tools & Maintenance - Recount & Rebuild.  Been a while since I needed to rebuild counters - but Recount Statistics and Rebuild Forum Counters are likely suspects.  @Ben could advise better than I. Smile
Yes that looks like it did the trick!
Hopefully no more new signups from bots after adding more security questions other than the default 2+2!


RE: Spammed with over 10,000 user accounts - Ben - 2021-06-17

Hopefully that is you sorted now, but 10,000 is a huge amount of spammers. If you do still have issues, I can suggest that you replace the Powered by MyBB notice with an image. We have heard of cases where that has reduced the number of spammers, assuming they are using that to search for forums running MyBB.


RE: Spammed with over 10,000 user accounts - nzoomed - 2021-06-17

(2021-06-17, 02:28 PM)Ben Wrote: Hopefully that is you sorted now, but 10,000 is a huge amount of spammers. If you do still have issues, I can suggest that you replace the Powered by MyBB notice with an image. We have heard of cases where that has reduced the number of spammers, assuming they are using that to search for forums running MyBB.
thats interesting, obviously the bots are looking for that.
Seems ive only been targeted recently, over the last 12 months, i have had relatively few bot signups.


RE: Spammed with over 10,000 user accounts - Ben - 2021-06-18

It is, and just shows how smart they are becoming in some cases. If you think about it, what is the easiest way to differentiate between phpBB -> MyBB ? The copyright notice in the footer.

How long has your forum been running? It may be the case that you are only now beginning to be indexed by search engines, or perhaps throughout the COVID pandemic people are trying to take the opportunity to exploit the web further.