SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

Login Captcha

Started by Cadilab, May 16, 2024, 12:02:25 PM

Previous topic - Next topic


I think my database has been leaked, since I'm getting bot posts from already registered accounts, how that happened i have no idea.
But anyways, question is, is there a way to enable captcha (recaptcha) on login as well, since all settings are linked to spam protection on registration?


Captcha is useless anyway...

Could be Stealth bot accounts -register and then sit for months until triggering the bot.

You can turn on captcha or questions for posting if they have under a certain post count...  but not for login, iirc


Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."


I have the same problem. I'm not sure if the user database was leaked on the previous host service or if it was leaked on another forum where a lot of my users are registered with the same name and password. Not a good idea but, as usual, the weakest link is right in front of the computer...

I have post moderation set and a group of "Approved Users" that are not moderated. All users with newer registrations were added to that group and old users were moved to that group once they showed they were for real, after being warned about updating passwords and not using the same anywhere else.

New users, Regular Users by default, are moderated and moved to the Approved group after their first decent post.

It's a drag, even for me with a very very slow-moving forum. But I cut the spam down to zero.

Another thing I do, not recommended unless you have a clear understanding of the consequences, is to ban any IP block that I detect trying to register using bots. It's easy to do by looking at the weblogs. Humans take a minute to fill a form, bots do that in less than one second. Humans go from the front page to the registration, bots go right into the registration. However, using htaccess to block IPs is inefficient. Not a big deal for me. For a forum with high traffic, it may impact performance and make your forum invisible to that area of the Internet. This last thing may be a plus. In my case, the forum is limited to a regional audience. So, blocking the whole of Russia, Ukraine, Romania, Africa, India, is almost a blessing  ;D