Registering for an account on the forum - Active limiter -Attemts per day / days

Started by Kiriakos GR, March 07, 2019, 11:28:52 AM

Previous topic - Next topic

Kiriakos GR

By monitoring my forum activity there is right now huge wave of email theft bots.
The ones trying to test and confirm which email at registration this is occupied or not ... the occupied this get classified as good.

Now my request this is about a setting, this limiting down registration attempt per IP number at adjustable time frame, selected by the admin.

Yes I wish to be able to lock-down such registration attempts for 24 or 48 hours.

Thanks.
   

diegolyanky

Quote from: Kiriakos GR on March 07, 2019, 11:28:52 AM
By monitoring my forum activity there is right now huge wave of email theft bots.
The ones trying to test and confirm which email at registration this is occupied or not ... the occupied this get classified as good.

Now my request this is about a setting, this limiting down registration attempt per IP number at adjustable time frame, selected by the admin.

Yes I wish to be able to lock-down such registration attempts for 24 or 48 hours.

Thanks.




I join that request too.





SMF ... SimpleMachines ... Simple, but complete if you want it ;)

Kindred

if they reach the point of receiving a notice of a duplicate email address then you are not doing proper anti-spam measures...

good questions will stop them from even reaching that point.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Arantor

You have stupid bots. There are simpler and easier ways to probe for email addresses than the effort of going through registration.

Doug Heffernan

Quote from: Kiriakos GR on March 07, 2019, 11:28:52 AM

Now my request this is about a setting, this limiting down registration attempt per IP number at adjustable time frame, selected by the admin.

Yes I wish to be able to lock-down such registration attempts for 24 or 48 hours.

Thanks.


With my mod you are half way there.

https://custom.simplemachines.org/mods/index.php?mod=4170

All you have to do is to modify it, for personal purposes, to add the registration time frame restriction and you are good to go.

Kindred

IMO, that mod is a TERRIBLE idea....    because I access my account from 8 different computers in 8 different locations, therefore, with 8 different IPs.... not to mention my phone, which has a different IP for each subnet that I travel through.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Doug Heffernan

Quote from: Kindred on March 07, 2019, 05:43:12 PM
IMO, that mod is a TERRIBLE idea....    because I access my account from 8 different computers in 8 different locations, therefore, with 8 different IPs.... not to mention my phone, which has a different IP for each subnet that I travel through.

What might be a TERRIBLE idea to you, it might be a PRACTICAL idea to someone else, such as the OP for example.


Arantor

Except it isn't a practical idea for the OP and doesn't solve his problem at all. They'll just make new accounts from new IPs like they already are (since SMF doesn't like you registering accounts using the same IP)

Kiriakos GR

Quote from: Arantor on March 07, 2019, 01:47:13 PM
You have stupid bots. There are simpler and easier ways to probe for email addresses than the effort of going through registration.

You may send them your regards at Brazil, South Russia, Africa, Thailand, Argentina.
When they steal an active email, they send threatening messages by speculating that they know your password and then they demand ransoms paid with Bitcoins.
Emails sender this is masked as  Me = Sender & recipient email address this seems identical.   

I am not afraid that artificial intelligence Bots will succeed getting registered, I have good questions and its registration it does pass from my own inspection and approval.     
 
But I thought to make my proposal / request about this mod , so all these little criminals to get further discouraged about attacking our SMF forums.
Therefore if our smarter SMF software developers they wish to setup a good prank for the bad guys, here it is their opportunity. 

Make this mod.




@rjen

QuoteMake this mod.

I think I am missing the magic word...  please?

I lack the skills to develop full mods myself, but If I did have the skills I would seriously NOT do it if I were asked this way...
Running SMF 2.1 with latest TinyPortal at www.fjr-club.nl

Kindred

Kiriakos - I can almost guarantee that those "threatening emails" are not received by scraping email addresses in the manner you mention.

Almost every single case of those threatening emails I have received can be traced to a specific and OLD system compromise which grabbed the whole database of names, emails and passwords. (mySpace, TJX, etc etc etc)
I know this because I use very specific password sets and can trace back most compromise hacks based on the password that they CLAIM to know.

Those lists are for sale....   they are not assembled by scrapers


Also, as I said before, the mod that you suggest would be mostly useless -- and if your questions are good, then they are not even reaching the point of being able to scrape the email.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Arantor

You can still scrape emails without hitting questions, though... CAPTCHA oh forgot password might be an idea sometime.

Doug Heffernan

Quote from: @rjen on March 12, 2019, 10:05:42 AM
QuoteMake this mod.

I think I am missing the magic word...  please?

I lack the skills to develop full mods myself, but If I did have the skills I would seriously NOT do it if I were asked this way...

Very well said rjen.

Kiriakos GR

Quote from: @rjen on March 12, 2019, 10:05:42 AM
QuoteMake this mod.

I think I am missing the magic word...  please?

I lack the skills to develop full mods myself, but If I did have the skills I would seriously NOT do it if I were asked this way...

SMF mod or a new feature requests these are group therapy sessions because they work for us all.
Therefore magic words they are not needed here.


( it looks like that I do not receive email notifications about this topic new posts)
It might worth an admin to check the server ... and I will not either use here any magic word.   

Arantor

No, you'll just continue to be rude to people that you expect to do work for you for free in their own time.

Maybe I should find out what your day job is and demand you do some of that for me at weekends, for no money.

The hilarity is that you assume these things benefit the rest of us, except it's long been known that they wouldn't.

Doug Heffernan

Quote from: Arantor on March 13, 2019, 04:36:42 AM
No, you'll just continue to be rude to people that you expect to do work for you for free in their own time.

Maybe I should find out what your day job is and demand you do some of that for me at weekends, for no money.

The hilarity is that you assume these things benefit the rest of us, except it's long been known that they wouldn't.

I bet my farm that Kiriakos GR is one of those one way street guys we talked about in the other topic.

It is unbelievable the arrogance of some users who instead of being nice and polite have a big attitude. Luckily Smf has an ignore feature :D

Kiriakos GR

Quote from: Arantor on March 13, 2019, 04:36:42 AM
No, you'll just continue to be rude to people that you expect to do work for you for free in their own time.

Maybe I should find out what your day job is and demand you do some of that for me at weekends, for no money.

The hilarity is that you assume these things benefit the rest of us, except it's long been known that they wouldn't.

Mate this is not a local coffeehouse so you to chat with strangers and perform your psychological analysis to its one who posts a message.
If you need love then buy a dog.

If you have nothing to offer in this thread, then stay silent. 
 

Kindred

The thing is, Kiriakos --  he does have something to offer...    because almost everything you spout about how you thnik the internet works is provably wrong.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Kiriakos GR

I am working with electronics and following technology for 35 years.
No one using any more VCR,  black and white TV,  Pentium 600 MHz CPU.

How the world will use software this is his own choice, and there is no right / wrong definitions.

You may simply Like / Dislike one fresh idea.


   

Arantor

Let's dismantle the assertions here.

If the plan was to register and then visit the member list, or profiles, the problem is incorrect privacy settings or permissions.

If the plan was for spammers to continually hit registration to find out about email addresses, for that to meaningfully work they'd have to complete CAPTCHA each time. Why would they do that when they can go to forgot password and do the same thing without a CAPTCHA?

Even if, for the sake of argument, that limiting registrations by IP would be useful, that's going to work really well when it's trivial to get a new IP address. I can use mobile and get a new IP address every 15 minutes, or I can use IPv6 and generate a new IP address every second.

I assure you there are right and wrong definitions out there.

Advertisement: