Bot attack

meetdilip

Not sure about the reason but a lot of bots are registering on my site. Please advise any possible counter measures possible.

a_5mith

@meetdilip npm install nodebb-plugin-spam-be-gone

Go to this page once you've created an account and copy your HTTP:BL key into the spam be gone plugin. I've not tested it with nodebb yet. But I use it on SMF and it's incredible.

Giorgio Chiodi

please update if successful @meetdilip

Julian Lam

Can confirm that spam-be-gone works great... blocking many registration attempts.

These are the last 10 lines from this community's output log:

warn: [plugins/spam-be-gone] Joshuadal | duoduosha2@gmail.com was detected as spammer and was denied registration.
warn: [plugins/spam-be-gone] ZnSGUwavuCo | hia.t.u.s.c.y.np.z.z.do@gmail.com was detected as spammer and was denied registration.
warn: [plugins/spam-be-gone] ZnSGUwavuCo | h.iatusc.y.np.z.zd.o@gmail.com was detected as spammer and was denied registration.
warn: [plugins/spam-be-gone] BPtiTRyfdu |  was detected as spammer and was denied registration.
warn: [plugins/spam-be-gone] BPtiTRyfdu |  was detected as spammer and was denied registration.
warn: [socket.io] Unrecognized message: meta.updateHeader
warn: [socket.io] Unrecognized message: meta.updateHeader
warn: [plugins/spam-be-gone] Joshuadal | duoduosha2@gmail.com was detected as spammer and was denied registration.
warn: [plugins/spam-be-gone] Martinor | anjlvendel@hotmail.com was detected as spammer and was denied registration.
warn: [plugins/spam-be-gone] Joshuadal | duoduosha2@gmail.com was detected as spammer and was denied registration.

Edit

warn: [socket.io] Unrecognized message: meta.updateHeader

Speaking of that -- who the heck is still browsing NodeBB with client scripts from 2 weeks ago? F5 already...!

Steve

@a_5mith said:

npm install nodebb-plugin-spam-be-gone

FYI @julian when I turn on the Akismet portion I get the exact same results as the CashMod issue we went back and forth on the other day. Blank pages, pagination issues, etc..

a_5mith

@Steve Hmm, I didn't activate akismet, I've never actually used it in a live environment. It's usually the first thing I delete with something like Wordpress etc.

meetdilip

Thanks for the input guys. Will try and update. AFK for sometime.

Steve

@a_5mith said:

@Steve Hmm, I didn't activate akismet, I've never actually used it in a live environment. It's usually the first thing I delete with something like Wordpress etc.

Yeah I don't generally use it either but I have a key and figured might as well plug it in and let er rip. No bueno.

trevor

Same here with the bot attack. Works just fine now!

Julian Lam

Three cheers for @bentael

trevor

Thanks @bentael

meetdilip

@julian , @psychobunny

Any way to add Q&A to the forum ? Also any update on log in attempt restriction ?

a_5mith

@meetdilip Log in attempts has been in for weeks, go into your ACP, General Settings, then User, it's about half way down, you can specify how many attempts and for how long they're locked out. As for Q&A, someone can ask a question, someone else can provide the answer in the form of a comment. If you're referring to a way of changing the order based on a best answer, then this issue should be relevant to your interests. #450

bentael

ur welcome boyz. Captcha support is added, but not published yet pending PR merge,

trevor

warn: [plugins/spam-be-gone] hgmgcrxzd | jh.u.a.mgab.hz.d.g@gmail.com was detected as spammer and was denied registration.
info: [plugins] Problem executing hook: filter:user.create
warn: [plugins/spam-be-gone] hgmgcrxzd | j.hua.mg.ab.hz.dg@gmail.com was detected as spammer and was denied registration.

??? info: [plugins] Problem executing hook: filter:user.create
What?

meetdilip

@a_5mith said:

@meetdilip Log in attempts has been in for weeks, go into your ACP, General Settings, then User, it's about half way down, you can specify how many attempts and for how long they're locked out. As for Q&A, someone can ask a question, someone else can provide the answer in the form of a comment. If you're referring to a way of changing the order based on a best answer, then this issue should be relevant to your interests. #450

Thanks. I thought it will be a plugin. As for Q&A, I mentioned while on registration.

a_5mith

@meetdilip oh you meant as validation, bentael has submitted a PR with captcha, not sure if Q&A is included.

meetdilip

@a_5mith said:

@meetdilip oh you meant as validation, bentael has submitted a PR with captcha, not sure if Q&A is included.

Can you give the link please ....

a_5mith

@meetdilip https://github.com/akhoury/nodebb-plugin-spam-be-gone

meetdilip

@a_5mith said:

@meetdilip https://github.com/akhoury/nodebb-plugin-spam-be-gone

Thanks. I am a bit reluctant as our ISP is a government owned and gives dynamic IP. These are highly misused by spammers. So I will be in effect blocking my target audience. Is there any way that I can add an extra layer of protection which does not involve blocking blacklisted IPs ?

Bot attack

Suggested Topics

System Tags
General Discussion • tags • • JN

Copyright date
General Discussion • • dunlix

how allow google-bot read private forum
General Discussion • • David LevTov

UNSOLVED Browsing Users for chats
General Discussion • • dunlix

Is it possible to recover a deleted user account?
General Discussion • • wellenreiter

Bot attack

Suggested Topics

System Tags General Discussion • tags • • JN

Copyright date General Discussion • • dunlix

how allow google-bot read private forum General Discussion • • David LevTov

UNSOLVED Browsing Users for chats General Discussion • • dunlix

Is it possible to recover a deleted user account? General Discussion • • wellenreiter

System Tags
General Discussion • tags • • JN

Copyright date
General Discussion • • dunlix

how allow google-bot read private forum
General Discussion • • David LevTov

UNSOLVED Browsing Users for chats
General Discussion • • dunlix

Is it possible to recover a deleted user account?
General Discussion • • wellenreiter