When re-run ./nodebb setup, it did ask for the admin user/password (before it was an existing db present) so it's working now, thank you! In case someone would miss that or forget the admin pwd, what's the solution (via redis)? I saw a post somewhere but can't find it any more.
Fast method of deleting spam accounts
-
So I decided to start deleting spam accounts. With more than 150, doing so from the Latest Users tab of the Users page was kinda slow. So I decided to use the Search tab and type in some common keywords that spammers like to register with. From there, it proved to be a lot faster to delete the accounts that came up in the search results.
What are the common keywords? Check out the screenshots below.
Aside from generic, cialis is very common too. online or online pharmacy is also pretty common.
Something about Canadians and enhancement drugs.
levitra and buy tend to be common too, at least on my site.
-
@planner said:
So I decided to start deleting spam accounts. With more than 150, doing so from the Latest Users tab of the Users page was kinda slow. So I decided to use the Search tab and type in some common keywords that spammers like to registers with. From there, it proved to be a lot faster to delete the accounts that came up in the search results.
Jeeze, already? Need to get the ball rolling on the honeypot project then. :squirrel:
-
I find it hilarious that "Canadian" is a common keyword for spammers.
-
Since I started yesterday, I've deleted more than 200 spam accounts.
Less than 20% of the verification emails the system is sending are being delivered. That says a lot.
This screenshot is just from today; and I still have a few hours to go.
-
Thanks @planner -- would like to accelerate overhauling of the user registration system, so you won't have to deal with this any longer. NodeBB originally went with the "anybody can register and post without verifying" model because it's a very low barrier to entry (second to having no registration at all, 4chan style).
We can probably move away from that model now I think
-
I'm using Mandrill as a 3rd-party email provider and another means that I'm using to purge the system of spam accounts is to look at confirmation emails that were not delivered. Obviously, if an email is not delivered, it's very likely that it's a spam registration, even if the username does not contain any of the keywords listed in the OP.
-
What would help plenty is to have a filter in place that will look for admin-configurable keywords/phrases in user registration names. Any that match an entry in the list of keywords/phrases will be refused registration. If such a system is in place on my site now, bot registration will be down by more than 90%.
My list of keywords/phrases?
-
levitra
-
viagra
-
cialis
-
canadian
-
generic
-
online shopping
-
buy levitra/viagra/cialis
-
