News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

Lots of new members

Started by Alycat, December 14, 2014, 01:36:00 AM

Previous topic - Next topic

user1234

Quote from: Arantor on December 14, 2014, 02:59:09 PM
Yes, that is how it works.
That's funny. I just edited my post (not realizing you replied to it) after I logged out and checked my forum. I had 6 questions and require 5, but all 6 showed.
But then when I repeated the exercise and required 3, it only showed 3. I must have made a mistake.

Yes, checked it, must have made a counting mistake.
So I guess it would be best to have 20 or 30 Q&A on the list?

Bruce the Shark

hmm i had this issue some time ago when i first installed a test version of SMF on a dummy web site. They some how got in.
But now with a new domain name and more questions added to my captcha it all appears to be running smoothly.
I dont know how long i can keep them out but i suggest to add some more additional  numbers of new question before sign up.
Change them frequently as time goes by.
Also i think its best to add as many anti spam mods to your site as possible and get to learn them well.
It is interesting on how they get in.

user1234

are questions like.....

five plus three minus four equals

.....too simple?

vbgamer45

It can be one of the questions maybe better if you spell it out then numbers.

Generally i try to find something related to your community name.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

user1234

If a question like.....

five plus three minus four plus two equals

.....is passable, it would be easy to make up 50 of them in a few minutes.
Otherwise, it is surprising how many questions come to mind, that have multiple or ambiguous answers!

Arantor

Bots can solve math questions. They can also search Google for some answers.

Westwegoman

I had the same issue last night. Almost 100 in a span of about 6 hours. My site and another fishing site were both hit. We both used anti-spam questions and they were both defeated. Changing the question has helped both of us, for now.

Found it kind of odd that they were able to all of a sudden bust down the door at about the same time. We have been using the same approach without any problems for several years.

Alycat

Thanks for all the replies guys, at least I now "we are not alone".

But why?

Are they planning to keep flooding, and then demand a ransom? Or do they hate SMF? What is their point?

Arantor

It's a low cost way for them to make money. Not by ransom but simply because there are people naive enough to click on the product links, pay them money - and the cost to running such a thing is negligible.

Spam has been an active issue for a number of years. It just so happens that you haven't seen it come through the floodgates like this.

Alycat

Thanks for the info. Mine is a small forum, usually only a new member every few weeks. I have changed the questions, required admin approval and now have closed registrations, at least for the time being. Maybe I am talking too soon, but it looks like mine is easing a little.

Alycat

Yes it seems to have eased off here. They were coming in every 1.5 to 2 minutes, now about 10 minutes. I notice as I type, in the Who's Online, there are two guests, normally they have been showing Viewing board index, or yesterday Registering for an account, one now shows Unknown Action ...

Arantor

'Unknown action' actually is usually a bad mod that didn't update the who's online list of actions.

Alycat

Didn't think I had any mods installed.

Alycat

All I can see under Admin-Package Manager-Installed Packages are:
1. SMF 1.1.20 / 2.0.9 Update 1.0 [ Uninstall ]
2. SMF 2.0.8 Update 1.0 [ Uninstall ]
3. SMF 2.0.7 Update 1.0 [ Uninstall ]
4. SMF 1.1.19 / 2.0.6 Update 1.0 [ Uninstall ]
5. SMF 2.0.5 Update 1.0 [ Uninstall ]
6. SMF 2.0.4 Update 1.0 [ Uninstall ]
7. SMF 2.0.3 Update 1.0

Arantor

Huh... well, that's the *usual* case but by no means the only reason it can happen.

All it means is that someone is going to index.php?action=something (where the something can be anything) and there isn't a matching entry in the who's online language storage, so it doesn't know what action the user is trying.

Alycat

ok, thanks, probably just a bot trying something ... just a bit jumpy here!

Alycat

Looks like they are now trying to guess passwords to log on ...

Arantor

Ahhhh, this is nothing new. In fact this strongly reminds of the behaviour we saw back in 2010, same deal: floods of spam, then floods of trying to brute force accounts.

Sweetwater

Been getting flooded as well.

Slowed it down initally by banning all .ru domains then added a stack of other countries that have nothing to do with what my forum is about, but a few are still getting through. Then added some more unique local questions. They had worked out my existing questions, so there's some new ones. See if that stops them.

timetraveller

Quote from: Arantor on December 14, 2014, 08:40:25 PM
It's a low cost way for them to make money. Not by ransom but simply because there are people naive enough to click on the product links, pay them money - and the cost to running such a thing is negligible.

I have new members set to post approval for the first five posts. Hopefully that's a secure way of stopping them from posting their dodgy links, if for some reason they slip through the member approval net.

Advertisement: