Strange new users
-
Is there a plugin that simply incorporates Google's Captcha into registration or does bentael's plugin already do that?
-
300? Not cool, and getting absolutely ridiculous since we don't really have control over this spam situation, we have to take matters into our own hands via blocking IPs, disallowing registrations, etc. - whatever we have at our disposal due to a lack of spam settings. So, this needs to be escalated, reviewed, and a solution needs to be resolved as to how to handle this better so that the bots cannot register an account period. Sooner or later someone (like me) will complain, blog about it, and say this has to be the spammiest forum system I've seen in a while and with the lack of account registration restrictions, I refuse to use it over a system that has a robust solution for combating these types of annoyances/problems. Ignoring this and deferring it much long will backfire in the long run.
(Not me ranting, just concerned.)
On a side note, this should be in the core instead of a plugin - or at least worked with closely with the dev team. We shouldn't have to wait on the plugin author to update something that's vital to the application, in which case, spam protection is vital.
-
I agree spam protection is vital, and we should have a captcha system or something similar integrated into core.
-
I had 3 communities in my life. One which i didnt touch for 2 years almost have 40k registered members. From my experience, SPAM protection is one of most important things that every website should have.
The reason for that cause SPAM can kill ur site on many way, which already happen to me on other two communities i started. I was to lazy to solve the spam problem and i finished with 600 spam blogs created and each blog has spammed with so many backlinks to itself. That mean its not only problem on user experience side, but with SEO. CAuse that how Blackhat SEO works. They use our sites to get Tier2/3 links which will they blast with thousands of shitty links from WP comments and other.
And not to mention that it killed my server resources.
Anyway, @julian @baris and other guys should dedicate really serious time finding solution to at least minimize the SPAM.
-
@dylenbrivera said:
I'm getting strange users from time to time on my forum. Any idea what this is about? Spam? These are the usernames. The domains are also strange. Anyone else experience this?
ljzuzfgfks
nipccawhh
owpucgbqr
nfenmdjWhen you have usernames that you can't pronounce, consider them, 99.999% of the time, to be SPAM.
-
With the forums I've managed, I've found that the best approach is to just ask a simple question at registration. The bots are not programmed to provide the correct text response so they always fail. Humans have no problems. Every site can provide their own question and answer. I went from zillions of spambot accounts created to absolutely zero.
Is there a nodebb plugin that will do this?
-
-
Just published a Q&A plugin for the registration page, in case captcha isn't your thing
So, this needs to be escalated, reviewed, and a solution needs to be resolved as to how to handle this better so that the bots cannot register an account period.
FWIW, @dylenbrivera doesn't have any spam plugins enabled, and I think @Scuzz is running on a version of NodeBB that didnt't have captcha support yet
-
@psychobunny Would be a good selling point if you packaged spam protection as standard.
-
Yeah ideally the plugin should be written by one of us so that we can update it right away if any breaking changes are introduced. Not sure what the other two think but bundled spam protection isn't a bad idea at all
-
@psychobunny Shot in the dark, how about allowing NodeBB onto the plugin project for every "official" plugin, so that if something does go, you don't have to wait, not sure that's possible though. Perhaps any that don't allow access are unofficial and unsupported.
-
Maybe you could denote official plugins as ~official~ in some way, like a little tag in the ACP or something, to indicate this.
Just an idea, not sure if I even like it or not.
-
One thing we could do is transfer over officially supported plugins to our organization
And create an official plugin developers group maybe (similar to the documentation translation group). If the original author doesn't get around to upgrading then one of us could step in.
But this is of course, totally up to the original author of the plugin
unless they're running it on a LAN.