Spam be gone plugin.
-
As I didn't see the discussion in the plugins category, I have a question, it's apparent that it works, but looking through the users on nodebb, I'm seeing a lot of typical spam accounts, am I right in thinking it just stops the account from posting? As the account is still created.
-
I think that honeypot plugin was supposed to prevent registrations yeah? I actually haven't had the chance to look at them yet but I thought one prevented registrations and the other one checked some API for spammy posts
-
Yeah, the thing that I don't like about the Honey pot system is that it is hard for me to contribute back. They have proprietary code for creating honey pots, and I am not allowed to modify them for Node.js, so we cannot contribute back.
Their system catches spammers here, although looking over the logs, we haven't caught any recently... so they're not 100%, but anything helps!
-
@meetdilip said:
Guess they are crawling bots. Or dedicated attack towards NodeBB by someone who dislikes NodeBB.
Well I'm thinking its a dedicated attack towards NodeBB and any site that runs the platform. I've been checking my logs recently ... and:
warn: Route requested but not found: /register+[PLM=0][R]+GET+http://convoe.com/register+[0,10326,13099]+-%3E+[R]+POST+http://convoe.com/register+[R=302][0,0,281]+-%3E+[R]+GET+http://convoe.com/register+[4998,0,13099] ``` I've been getting at least 200 of those per day. Additionally, the Honeypot plugin is not totally effective as @baris mentioned but it does indeed help. I'd say out of 20 bots, at least 2 get through somehow. -
Yep, we had a lot of spam account registrations 2-10 / day even with honeypot enabled.
With the new captcha solution there is zero new spam-registrations! Very happy and recommend everyone enabling it! -
-
Just a word of warning, be careful with "npm upgrade", as it will update you to the latest version of the package in the npm repository, which might be too new if one is running v0.4.3 (and not the latest commits from master). I'm not sure whether it takes
package.jsoninto account. -
-
Yep, removed about 100 spam account registrations. Not a single post. They might just create accounts now..
conspiracy theory
...and then one day they start a massive spamming attack against all nodebb installations
-
I can't seem to get this plugin working, I've installed it (I think, there were errors about it needing a version of nod ebb-lavander-theme and nodebb-vanilla-theme that it couldn't get on version 0.4.x, but it shows up in ACP after I editing packages.json) and I've added the API keys and enabled all the options. But nothing comes up on the regos page (Which is now broken completely) :(.
-
Yeah they still get through somehow, lol.
So for every 6 or 7 real people that sign up, I get 1 bot.We need to be able to block certain email addresses and certain usernames using wildcards. What do you guys think? Also in the ACP we should have the ability to search by email address for example
@sina.com, and we should be able to mass purge all of those users.Perhaps post 0.5.5+
@hek said:
Yep, removed about 100 spam account registrations. Not a single post. They might just create accounts now..
conspiracy theory
...and then one day they start a massive spamming attack against all nodebb installationsThat sounds pretty evil. :rage1: ...but not likely, unless you don't have your account verifications settings checked in the ACP.
-
Worst spammers ever.
(I always use relatively close to master, I live life on "Le Edge")