Bogus members!

[jamzapper]

Hi,

Is it just me or just recently there have been some bogus members joining only to advertise their websites (SPAM). I've done a search on google and they seem to be joining all the simplemachines forums.

Is this the norm.

jamzapper

[vbgamer45]

May happen depending on your SMF version and what settings that you have on user registration.
Highly suggest the latest SMF version with CAPTCHA enabled on registration.

[jamzapper]

Hi,

I'm currently using version 1.1.4 and when registering people still have to enter a code (CAPTCHA) if I understand you correctly. So someone must be visiting all the simplemachines forums and doing it manually, maybe via a google search??

If this carries on, I might activate member approval registration. Not ideal.

jamzapper

[vbgamer45]

What level of CAPTCHA are you using on your forum? Admin -> Registration -> Settings

[jamzapper]

There is no option called CAPTCHA when I chose those options. My current theme is for version 1.1.3 of Simplemachines. If this is the problem?

jamzapper

[vbgamer45]

Sorry meant the following setting "Complexity of visual verification image"

Also I do suggest to always have the latest version of SMF. I belive inside the package manager there is an option to upgrade to SMF 1.1.4

[jamzapper]

Hi the current setting is 'Medium - Overlapping colored letters, with noise' and my version of SMF is 1.1.4, only the theme is 1.1.3 complient. I forgot to add it is a custom theme I have designed myself when running 1.1.3.

jamzapper

[青山 素子]

I suppose the general question is if those members have managed to post or are only joining? Often, big-time spammers will have real humans solve the captcha images for them (you'd be surprised the various methods they use). I've seen signups from obvious spam accounts, but never an activation (I require e-mail activation on the boards I run).

Any theme for 1.1.3 should work fine with 1.1.4 as no theme items were changed on that update.

[Smurfbutcher Bob]

And FYI - at least one jerk has automated the breaking of medium strength captcha - takes him about .4 seconds between the request for the img and his submission of the (correct) answer. It might be the same guy that hit you - he registered, but never completed the "click-thru" email.

So, use high strength.  Or, stick with medium and combine it with the "Are you human" mod, which is (for now) offering quite a few people some strong results.

If you're somewhat accustomed to PHP, you might also tweak the captcha generation - make the chars have random spacing and offset, more rotation, and make the number of chars random from 5 to 7.

[elfishtroll]

And FYI - at least one jerk has automated the breaking of medium strength captcha - takes him about .4 seconds between the request for the img and his submission of the (correct) answer. It might be the same guy that hit you - he registered, but never completed the "click-thru" email.

So, use high strength.  Or, stick with medium and combine it with the "Are you human" mod, which is (for now) offering quite a few people some strong results.

If you're somewhat accustomed to PHP, you might also tweak the captcha generation - make the chars have random spacing and offset, more rotation, and make the number of chars random from 5 to 7.

I'm not sure how you timed it, but you could always put in a check - if less than 10 seconds since request for image before submission of answer. discard the response, since it wasnt likely made by a human?