I have had an ongoing problem on my forum: spam account registrations.
I have had the forum set to manually approve new members, but it's a HUGE pain to have to sift through hundreds of fake accounts every week in order to find the few legitimate ones. I've finally said "uncle" and actually disabled registration on the forum - and I STILL see new accounts being created! How the heck is this even possible?
http://screencast.com/t/E2q6G5tym [nofollow]
I'm sure I'll get dogpiled by people who love SMF, but frankly I think it's ridiculously vulnerable to spam. I've tried a bunch of different methods for stopping spam registration and NOTHING seems to work worth a damn. The fact that spammers can still register accounts even with registration turned off is troubling to say the least. I know a ton about Wordpress but not much about SMF - if I did, I would just rename or move the appropriate files so that spammers couldn't use the defaults to attack my forum. That seems like a simple solution, but again, I don't know enough about SMF to fiddle with file names or directory names.
Currently I have installed:
- No Spam by Guests!
- Bad Behavior
- httpBL
- reCaptcha for SMF
- Stop Spammer
This list does not include packages that I've tried, have done nothing and have since uninstalled.
It seems I may as well have nothing installed and left the door wide open. This has been an ongoing problem and frankly, I'm a bit disgusted by the whole thing. Yes, there are spammers, but the apparent ease with which they can get through SMF is pathetic. I run a number of very popular Wordpress sites and spam is 99% under control on those. To me, the icing on the cake is having registration disabled and still seeing new spam accounts created. Unbelievable.
Vic
The screenshot you provided does not show anything except that the users have never been online. It doesn't show the date and time they registered. Have you clicked on any of the names to view their profile and verify that they registered AFTER you disabled registration? I am not saying it did not happen, simply that the screenshot does not show that.
If they are getting past httpBl and Stop Spammer, you possibly have it installed incorrectly or not enabled in the admin control panel. From the looks of the screenie, a portion of Stop spammer is not installed, or at least the icons are not.
Can you post a link and I will attempt to register on your site. If an average guest cannot, neither can a bot.
Thanks for replying. Of course what I did was clean out all the spam accounts, disable registration, and make sure I didn't miss any accounts.
I took this screenshot AFTER I disabled registration. At this point I disabled it two days ago and I am STILL getting new accounts created.
Here's the link to the forum: http://www.advancediron.org/forums/ - however just because you won't be able to register will not convince me bots can't, especially when I see new accounts being created before my own eyes. Here is a link to a profile that was created today:
http://www.advancediron.org/forums/index.php?action=profile;u=9463
Thanks again,
Vic
I couldn't register of course, I got the message that registration is disabled. Unfortunately, I could not see the profile for the second link since I am not logged in. Can you post a screenie of that one as well, particularly the summary page that shows when they registered and the last time online.
Also, your forum version is 2 steps out of date. There were some security fixes since 1.1.12. I can't say that is the issue, but it would benefit you to upgrade to 1.1.14
Here you go:
http://www.screencast.com/t/amzipPkH3r
And it's been an ongoing problem for many, many months (years?) regardless of previous version updates. I'm sure that if I update it (and I will) it will make no difference. Every solution I find, prior to implementing it, results in comments of "oh, yeah, that will fix it."
But it never does.
I've just updated to 1.1.14 and deleted the latest spam accounts. If tomorrow I see more I'll know this didn't work. If I don't see new ones, that's something - although I'll still keep registration disabled.
Vic
Yep. 4 new spam accounts created with version 1.1.14 installed and registration disabled.
Brilliant.
You may want to file a security report here, and have someone from staff to look into it.
http://www.simplemachines.org/about/smf/security.php
Hi. I've recently had the same problem. Last sunday I deleted all accounts, themes and posts.
Unfortunately verification of new members by using the letters-picture doesn't work. Probably the spammers are real people. I have already changed the registration terms to "activation by the admin".
Is there an option to forbid registration with domains like .pl , .ru , .co.uk , ...
This would keep at least 30% of the spammers out of the forum.
Thanks
Lainaus käyttäjältä: vich - elokuu 27, 2011, 10:44:06 AP
Yep. 4 new spam accounts created with version 1.1.14 installed and registration disabled.
Very likely someone has installed a back door into your account, or they've stolen passwords.
1. Check for files that don't belong to SMF (check filenames against a fresh copy)
2. Look at "last changed" dates on legit files -- any inexplicably recent changes to your files?
3. Talk to your host about access logs -- has someone other than you been getting in?
4. Scan all PCs used to access your account for Trojans, spyware, viruses, and especially keystroke loggers and password sniffers
5. Change every password in sight, including hosting access, ftp, admin accounts, etc.
6. It's unlikely, but not impossible, that someone knows a way in through SMF, so
do file that security report