We highly recommend you stay up to date for the latest security fixes.
This looks more like a cacheing issue though. You can try running a rebuild and restart, that should reset the cache buster.
Not sure about the reason but a lot of bots are registering on my site. Please advise any possible counter measures possible.
@meetdilip npm install nodebb-plugin-spam-be-gone
Go to this page once you've created an account and copy your HTTP:BL key into the spam be gone plugin. I've not tested it with nodebb yet. But I use it on SMF and it's incredible.
please update if successful @meetdilip
Can confirm that spam-be-gone works great... blocking many registration attempts.
These are the last 10 lines from this community's output log:
warn: [plugins/spam-be-gone] Joshuadal | duoduosha2@gmail.com was detected as spammer and was denied registration.
warn: [plugins/spam-be-gone] ZnSGUwavuCo | hia.t.u.s.c.y.np.z.z.do@gmail.com was detected as spammer and was denied registration.
warn: [plugins/spam-be-gone] ZnSGUwavuCo | h.iatusc.y.np.z.zd.o@gmail.com was detected as spammer and was denied registration.
warn: [plugins/spam-be-gone] BPtiTRyfdu | was detected as spammer and was denied registration.
warn: [plugins/spam-be-gone] BPtiTRyfdu | was detected as spammer and was denied registration.
warn: [socket.io] Unrecognized message: meta.updateHeader
warn: [socket.io] Unrecognized message: meta.updateHeader
warn: [plugins/spam-be-gone] Joshuadal | duoduosha2@gmail.com was detected as spammer and was denied registration.
warn: [plugins/spam-be-gone] Martinor | anjlvendel@hotmail.com was detected as spammer and was denied registration.
warn: [plugins/spam-be-gone] Joshuadal | duoduosha2@gmail.com was detected as spammer and was denied registration.
Edit
warn: [socket.io] Unrecognized message: meta.updateHeader
Speaking of that -- who the heck is still browsing NodeBB with client scripts from 2 weeks ago? F5 already...!
@Steve Hmm, I didn't activate akismet, I've never actually used it in a live environment. It's usually the first thing I delete with something like Wordpress etc.
Thanks for the input guys. Will try and update. AFK for sometime.
Same here with the bot attack. Works just fine now!
Three cheers for @bentael
Thanks @bentael
Any way to add Q&A to the forum ? Also any update on log in attempt restriction ?
@meetdilip Log in attempts has been in for weeks, go into your ACP, General Settings, then User, it's about half way down, you can specify how many attempts and for how long they're locked out. As for Q&A, someone can ask a question, someone else can provide the answer in the form of a comment. If you're referring to a way of changing the order based on a best answer, then this issue should be relevant to your interests. #450
ur welcome boyz. Captcha support is added, but not published yet pending PR merge,
warn: [plugins/spam-be-gone] hgmgcrxzd | jh.u.a.mgab.hz.d.g@gmail.com was detected as spammer and was denied registration.
info: [plugins] Problem executing hook: filter:user.create
warn: [plugins/spam-be-gone] hgmgcrxzd | j.hua.mg.ab.hz.dg@gmail.com was detected as spammer and was denied registration.
??? info: [plugins] Problem executing hook: filter:user.create
What?
@a_5mith said:
@meetdilip Log in attempts has been in for weeks, go into your ACP, General Settings, then User, it's about half way down, you can specify how many attempts and for how long they're locked out. As for Q&A, someone can ask a question, someone else can provide the answer in the form of a comment. If you're referring to a way of changing the order based on a best answer, then this issue should be relevant to your interests. #450
Thanks. I thought it will be a plugin. As for Q&A, I mentioned while on registration.
@meetdilip oh you meant as validation, bentael has submitted a PR with captcha, not sure if Q&A is included.
@a_5mith said:
@meetdilip oh you meant as validation, bentael has submitted a PR with captcha, not sure if Q&A is included.
Can you give the link please ....
@a_5mith said:
@meetdilip https://github.com/akhoury/nodebb-plugin-spam-be-gone
Thanks. I am a bit reluctant as our ISP is a government owned and gives dynamic IP. These are highly misused by spammers. So I will be in effect blocking my target audience. Is there any way that I can add an extra layer of protection which does not involve blocking blacklisted IPs ?