News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

How do people get on my site without registering

Started by Kathryn_, June 19, 2019, 01:28:44 PM

Previous topic - Next topic

Kathryn_

OK so I am in a bit of a pickle..I have people that are registered on my site that bypassed the registration. I ran the ips on stopforumspam and of pages of entries as toxic Ok so I tried to ban them on my cpanel -no go out of range IP's when I tried to ban them the forum said Member not found. The best I could do was delete them.
Am I a sitting duck on a free site?  I don't allow anyone to post but me for that reason They can reply but not post and still .....

My Site

Illori

do you have tapatalk installed? if so uninstall it and this will stop happening.

Kathryn_

No I don't have it installed to my knowledge  I  have no chats or anything like that..  btw everyone of them were Russian

Illori

check your list of installed mods to confirm.

Kathryn_

I had checked my database in packages and my mods on the site and the installed page in packages but nope no tap talk 

LiroyvH

Quote
I have people that are registered on my site that bypassed the registration.

Exactly what do you mean with bypassed registration?
Do you mean they're posting as guests?
((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

Kathryn_

no its creepy to me...this morning I went on my forum as I do to check things. There was a new sign in...I ran the IP at stopforumspam and he was an offender. So I got him on the ban list and went to delete his membership from the list, and there were 4 others on the memberlist that did not have  a sign in page, I clicked on their names and nothing, like a dead link. So, I put all info-username, email and ip  on the ban page, and SMF told me there is no such member. I could not ban them all I could do was delete them.

GigaWatt

Quote from: Kathryn_ on June 19, 2019, 06:00:50 PM
no its creepy to me...this morning I went on my forum as I do to check things. There was a new sign in...I ran the IP at stopforumspam and he was an offender.

Did this person/bot register or not? Does he/she/it has a valid account (registration time/date, email address, etc.)?

And what do you mean by "a sign in page"? Do you mean the user's profile page? And how did you get the email address of the user if they don't have a profile page?

Forum link? User activity screenshots?
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

Sir Osis of Liver

Just took a look, you currently have registration set for email activation, with two simple (and ineffective) verification questions.  I don't see any members awaiting activation or approval.  There are no mods currently installed that would cause this problem.  You have done multiple installs of several anti-spam mods over the past few days, it's likely one or more didn't uninstall cleanly and something's broken. 

Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

njtweb

use a verification question

This is like mine
Spell ##baseball exactly as you see it in the field

I've found, for over a year since I started using double hash and requires activation that nothing has gotten by me.

Kathryn_

Quote from: Sir Osis of Liver on June 19, 2019, 08:56:19 PM
Just took a look, you currently have registration set for email activation, with two simple (and ineffective) verification questions.  I don't see any members awaiting activation or approval.  There are no mods currently installed that would cause this problem.  You have done multiple installs of several anti-spam mods over the past few days, it's likely one or more didn't uninstall cleanly and something's broken.

I tried captcha..nope it happened when  I had that on, I had askamet it would not let me post, O want to be able to do other things aside babysit the forum. Today, nothing..

Aleksi "Lex" Kilpinen

Just to be clear, how do you figure those users "bypassed registration" if they are indeed registered users? If they have a profile, they have been registered.

Email verification is near useless, so are verification questions that can be solved programmatically ( ie. 1+1 or abcd...? Type of questions. )

I suggest you set up a large variety of questions, (20-50) and ask only a couple at a time. Combine that with email verification, and possibly a mod like httpbl ( http://custom.simplemachines.org/mods/index.php?mod=2155 ). This should get you fairly far.
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Kathryn_

Thank you everyone for your suggestions I have taken all of them into account and beefed up the questions and added configured post modification from a tutorial I found here. I think I am good for now buttoned up but not stifled  :)

Kathryn_

So all of a sudden... I checked my guests which is only showing 1 online but there are actually 4  this is the one that scares me because I have verification and post mod and google recaptcha..

Guest (I blocked his IP)    10:30 AM    Activating their account.   How in God's name???


Kathryn_

Quote from: Kathryn_ on June 20, 2019, 04:09:16 PM
Thank you everyone for your suggestions I have taken all of them into account and beefed up the questions and added configured post modification from a tutorial I found here. I think I am good for now buttoned up but not stifled  :)

when I log in I can see new members..so I decided to take a look at the new member...2 other people on there so I wanted to check their IP..on stop forum spam-mega entries on there so I wanted to enter their info in the Ban List in the forum...." The User is non existent, that's what it said. how did their emails and personal info get on there if they are non existent?

Kathryn_

Quote from: njtweb on June 20, 2019, 12:49:40 PM
use a verification question

This is like mine
Spell ##baseball exactly as you see it in the field

I've found, for over a year since I started using double hash and requires activation that nothing has gotten by me.

good Idea

Illori

if you ban by username, then delete the user the ban has been deleted as well. if you delete the user then want to ban by the user, you cannot as the users details no longer exist.

Kathryn_

Quote from: njtweb on June 20, 2019, 12:49:40 PM
use a verification question

This is like mine
Spell ##baseball exactly as you see it in the field

I've found, for over a year since I started using double hash and requires activation that nothing has gotten by me.

Well I took your advice and I use verification with all functions a guest has... there is nit cause to register at this time. I have not figured the come on yet everything is free..

Advertisement: