Spammers Registering even with Registration Disabled (reg'd not activated)

[Oscworth]

Last night I started getting spammed on my forum so did the usual remove posts ban user.
The spammers just kept registering so after about another 10 users registered I decided to disable registration but they keep on coming.

This morning I set registration to admin approval and got 8 waiting for approval in a matter of minutes.
Now I've taken the forum offline until I find out how to stop it.

Has anyone got any suggestions?   
Anyone else having this problem?

How are they registering with it disabled?

SMF 2.0.2 

[ziycon]

Have a look at using the below mod, make sure you set it up with and api key from the honeypot project.

http://custom.simplemachines.org/mods/index.php?mod=2155

[Storman™]

Also, do you have any Registration Verification questions set-up ?

If not, then set a few up in:

Admin --> Configuration --> Security and Moderation --> Anti-Spam

Add at least two questions.

[Oscworth]

Thanks for the very quick replies 

I already had the captcha with 2 questions setup and up, until last night seemed to be working with only the occasional reg from a spammer. 

Trying to setup the honeypot stuff at the moment but finding a bit confusing in my current stressed out state.
What worries me the most about this is the fact they can register even with SMF set to "disable registration"   What else are these people able to do.....

How secure is SMF??? 
I've had this forum running since 2007 and this is the first time it's ever been attacked like this....

[ziycon]

Have you any mods installed relating to registration?

[Oscworth]

These mods are installed atm

1.    View Voters at Polls 1.0
2.    Team Page 1.1.6    
3.    Users Online Today    2.0.1    
4.    Aeva Media    1.4w    
5.    Quick Translation 0.7 beta
6.    New Hooks    0.2
7.    Dream Portal    1.0.5    
8.    Welcome Topic Mod 2.1    
9.    Highslide 4 SMF

www.grimracing.co.uk/forum

[Oscworth]

The Honeypot is now active    

24 new members in the time taken to setup the honeypot....see attached

I really appreciate the advice  thank you!

[Oscworth]

As far as I am concerned I've setup the honeypot correctly but I'm still getting members.

Reg disabled didn't stop them from registering and they could still post.
Reg set to admin approval allows the reg but they cant post.

[ziycon]

This may be an issue with the Dream Portal mod, does it handle registrations when installed? Maybe pop over to the Dream Portal mod support thread and ask if this has been reported before.

[Oscworth]

I was just wondering the same thing.  I know they have recently released an updated version perhaps I should look into that.

Would disabling the portal be an accurate test to see if it helps?

[ziycon]

Uninstalling the mod should tell you if the mod is responsible or not.

[charlottezweb]

For the record, in the last 24 hours we've seen HUGE increases in spam registrations -- 100's in a day for several different sites that would get 1 or 2 a week otherwise.

[Oscworth]

I've uninstalled the portal....

members waiting for approval is up to 31 now....I'm just keeping track (action:uninstalled DP)

[Oscworth]

Also just for the record,  the forum is running within a joomla 2.5.8 website and this hasn't had any new registrations since the forum started being attacked.

Edit: The 2 aren't linked and are kept on seperate DB's

[mrintech]

Get this mod: http://custom.simplemachines.org/mods/index.php?mod=2815 and configure it properly

AFAIK this MOD is pure PITA for bad bots

[Oscworth]

Since uninstalling Dream Portal I have had 4 new spam/member joined. 

I'm pretty sure the Honeypot is working as the amount of new members has slowed down.
I have been putting IP's from the list into the IP checker on the honeypot site.  The latest ones to join the forum weren't on their list of known spammers but quite a few are on there, which to me says it's blocking and slowing the amount joining.

Thanks mrintech I will check it out.

[ziycon]

Good to see it's slowing down for you, keep any eye on it over the next day or so.

[Oscworth]

I've had 10 new registrations in the past 4 hours.

[Oscworth]

With the registration set to admin approval I stopped the spambots posting but when I started adding the accounts waiting for approval to the bans list and then deleting the accounts they started registering as fast as I could remove them.
Even accounts that were already added to the bans list were able to register.  I now feel like I've lost control and my faith in SMF's security.

I have now put the forum into Maintenance Mode and this is stopping them  (he says expecting it to start again soon)

I am at a total loss what to do 

[GreenMotion]

I have the "Stop Spammer" MOD installed and it does a great job identifying the spammers and not giving them access to my forum.

But with that said, I have seen a HUGE increase in SPAM requests in the last couple of days. During the weeks and months leading up to this week I've only had a couple of spammers a week, at most.

However, since yesterday or so, I have started to experience hundreds of spammers a day. No idea why there is such an influx of a sudden. Very annoying!

I cleared all the spammers out a couple of hours ago and when I just logged in, I had a notification that 45 spammers were detected and awaiting my review with acceptance or denial. Crazy!