Advertisement:

Author Topic: Registering for an account on the forum - Active limiter -Attemts per day / days  (Read 699 times)

Offline Kiriakos GR

  • Jr. Member
  • **
  • Posts: 170
  • Gender: Male
    • @ITTSB_EU on Twitter
By monitoring my forum activity there is right now huge wave of email theft bots.
The ones trying to test and confirm which email at registration this is occupied or not ... the occupied this get classified as good.

Now my request this is about a setting, this limiting down registration attempt per IP number at adjustable time frame, selected by the admin.

Yes I wish to be able to lock-down such registration attempts for 24 or 48 hours.

Thanks.
   

Offline diegolyanky

  • Jr. Member
  • **
  • Posts: 320
  • Gender: Male
By monitoring my forum activity there is right now huge wave of email theft bots.
The ones trying to test and confirm which email at registration this is occupied or not ... the occupied this get classified as good.

Now my request this is about a setting, this limiting down registration attempt per IP number at adjustable time frame, selected by the admin.

Yes I wish to be able to lock-down such registration attempts for 24 or 48 hours.

Thanks.
 



I join that request too.





SMF ... SimpleMachines ... Simple, but complete if you want it ;)

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 57,808
  • Gender: Male
    • Kindred-999 on GitHub
if they reach the point of receiving a notice of a duplicate email address then you are not doing proper anti-spam measures...

good questions will stop them from even reaching that point.
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 70,540
    • StoryBB/StoryBB on GitHub
You have stupid bots. There are simpler and easier ways to probe for email addresses than the effort of going through registration.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline doug_ips

  • Jr. Member
  • **
  • Posts: 199

Now my request this is about a setting, this limiting down registration attempt per IP number at adjustable time frame, selected by the admin.

Yes I wish to be able to lock-down such registration attempts for 24 or 48 hours.

Thanks.
 

With my mod you are half way there.

https://custom.simplemachines.org/mods/index.php?mod=4170

All you have to do is to modify it, for personal purposes, to add the registration time frame restriction and you are good to go.

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 57,808
  • Gender: Male
    • Kindred-999 on GitHub
IMO, that mod is a TERRIBLE idea....    because I access my account from 8 different computers in 8 different locations, therefore, with 8 different IPs.... not to mention my phone, which has a different IP for each subnet that I travel through.
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline doug_ips

  • Jr. Member
  • **
  • Posts: 199
IMO, that mod is a TERRIBLE idea....    because I access my account from 8 different computers in 8 different locations, therefore, with 8 different IPs.... not to mention my phone, which has a different IP for each subnet that I travel through.

What might be a TERRIBLE idea to you, it might be a PRACTICAL idea to someone else, such as the OP for example.


Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 70,540
    • StoryBB/StoryBB on GitHub
Except it isn’t a practical idea for the OP and doesn’t solve his problem at all. They’ll just make new accounts from new IPs like they already are (since SMF doesn’t like you registering accounts using the same IP)
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline Kiriakos GR

  • Jr. Member
  • **
  • Posts: 170
  • Gender: Male
    • @ITTSB_EU on Twitter
You have stupid bots. There are simpler and easier ways to probe for email addresses than the effort of going through registration.

You may send them your regards at Brazil, South Russia, Africa, Thailand, Argentina.
When they steal an active email, they send threatening messages by speculating that they know your password and then they demand ransoms paid with Bitcoins.
Emails sender this is masked as  Me = Sender & recipient email address this seems identical.   

I am not afraid that artificial intelligence Bots will succeed getting registered, I have good questions and its registration it does pass from my own inspection and approval.     
 
But I thought to make my proposal / request about this mod , so all these little criminals to get further discouraged about attacking our SMF forums.
Therefore if our smarter SMF software developers they wish to setup a good prank for the bad guys, here it is their opportunity. 

Make this mod.



 

Online @rjen

  • Jr. Member
  • **
  • Posts: 364
  • Gender: Male
Quote
Make this mod.

I think I am missing the magic word...  please?

I lack the skills to develop full mods myself, but If I did have the skills I would seriously NOT do it if I were asked this way...
Running SMF 2.0 with Tinyportal 1.6.2 at www.fjr-club.nl
Testing SMF 2.1 RC1 with Tinyportal 1.6.3 at http://test2.fjr-club.nl/

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 57,808
  • Gender: Male
    • Kindred-999 on GitHub
Kiriakos - I can almost guarantee that those "threatening emails" are not received by scraping email addresses in the manner you mention.

Almost every single case of those threatening emails I have received can be traced to a specific and OLD system compromise which grabbed the whole database of names, emails and passwords. (mySpace, TJX, etc etc etc)
I know this because I use very specific password sets and can trace back most compromise hacks based on the password that they CLAIM to know.

Those lists are for sale....   they are not assembled by scrapers


Also, as I said before, the mod that you suggest would be mostly useless -- and if your questions are good, then they are not even reaching the point of being able to scrape the email.
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 70,540
    • StoryBB/StoryBB on GitHub
You can still scrape emails without hitting questions, though... CAPTCHA oh forgot password might be an idea sometime.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline doug_ips

  • Jr. Member
  • **
  • Posts: 199
Quote
Make this mod.

I think I am missing the magic word...  please?

I lack the skills to develop full mods myself, but If I did have the skills I would seriously NOT do it if I were asked this way...

Very well said rjen.

Offline Kiriakos GR

  • Jr. Member
  • **
  • Posts: 170
  • Gender: Male
    • @ITTSB_EU on Twitter
Quote
Make this mod.

I think I am missing the magic word...  please?

I lack the skills to develop full mods myself, but If I did have the skills I would seriously NOT do it if I were asked this way...

SMF mod or a new feature requests these are group therapy sessions because they work for us all.
Therefore magic words they are not needed here.


( it looks like that I do not receive email notifications about this topic new posts)
It might worth an admin to check the server ... and I will not either use here any magic word.   

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 70,540
    • StoryBB/StoryBB on GitHub
No, you’ll just continue to be rude to people that you expect to do work for you for free in their own time.

Maybe I should find out what your day job is and demand you do some of that for me at weekends, for no money.

The hilarity is that you assume these things benefit the rest of us, except it’s long been known that they wouldn’t.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline doug_ips

  • Jr. Member
  • **
  • Posts: 199
No, you’ll just continue to be rude to people that you expect to do work for you for free in their own time.

Maybe I should find out what your day job is and demand you do some of that for me at weekends, for no money.

The hilarity is that you assume these things benefit the rest of us, except it’s long been known that they wouldn’t.

I bet my farm that Kiriakos GR is one of those one way street guys we talked about in the other topic.

It is unbelievable the arrogance of some users who instead of being nice and polite have a big attitude. Luckily Smf has an ignore feature :D

Offline Kiriakos GR

  • Jr. Member
  • **
  • Posts: 170
  • Gender: Male
    • @ITTSB_EU on Twitter
No, you’ll just continue to be rude to people that you expect to do work for you for free in their own time.

Maybe I should find out what your day job is and demand you do some of that for me at weekends, for no money.

The hilarity is that you assume these things benefit the rest of us, except it’s long been known that they wouldn’t.

Mate this is not a local coffeehouse so you to chat with strangers and perform your psychological analysis to its one who posts a message.
If you need love then buy a dog.

If you have nothing to offer in this thread, then stay silent. 
 

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 57,808
  • Gender: Male
    • Kindred-999 on GitHub
The thing is, Kiriakos --  he does have something to offer...    because almost everything you spout about how you thnik the internet works is provably wrong.
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline Kiriakos GR

  • Jr. Member
  • **
  • Posts: 170
  • Gender: Male
    • @ITTSB_EU on Twitter
I am working with electronics and following technology for 35 years.
No one using any more VCR,  black and white TV,  Pentium 600 MHz CPU.

How the world will use software this is his own choice, and there is no right / wrong definitions.

You may simply Like / Dislike one fresh idea.


   

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 70,540
    • StoryBB/StoryBB on GitHub
Let’s dismantle the assertions here.

If the plan was to register and then visit the member list, or profiles, the problem is incorrect privacy settings or permissions.

If the plan was for spammers to continually hit registration to find out about email addresses, for that to meaningfully work they’d have to complete CAPTCHA each time. Why would they do that when they can go to forgot password and do the same thing without a CAPTCHA?

Even if, for the sake of argument, that limiting registrations by IP would be useful, that’s going to work really well when it’s trivial to get a new IP address. I can use mobile and get a new IP address every 15 minutes, or I can use IPv6 and generate a new IP address every second.

I assure you there are right and wrong definitions out there.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.