Disabled "About me" and "Signature" profile elements as the "Spam Be Gone" plugin does not check these
This, I feel, will help us a lot. We have a lot of bots using this vector and really see essentially no legitimate usage of it.
Greetings, long time NodeBB user here.
Currently running: NodeBB v1.14.3-beta.14
Over the years and growing popularity the amount of spam/scam registrations despite enforcing hCaptcha and E-Mail registration on my installation is becoming unbearable. I have the following countermeasures in place which seem to not do much:
Pardon if I come across a bit heated but it seems like there's either not enough built-in anti-spam functionality or I'm missing something, I'd really appreciate some insights and how to handle this other than banning entire IP-ranges.
Thanks for reading, cheers
User pages shouldn't be visible if the user is still in the approval queue since the user account isn't created yet.
You can increase the reputation required to enter a "About me" text which usually takes care of spam users. Set it to 1-2 reputation.
If you remove the
View Users privilege from guests, users who are not logged in won't be able to see the profiles of other users.
@baris ah, perfect, I somehow missed that, I applied the two suggestions, thanks! Will monitor the situation.
@nefarius For what its worth, spam-be-gone is still very much actively maintained, but we don't get to many bugs for it because it just works
I'm not saying it's the perfect solution, by any means, but we will definitely fix up issues if reported.
@nefarius One thing I am uncertain about: What is your default setting for user email addresses, i.e. ACP :
Account Settings> Hide email from uses (ON)
This knob sets a nice default.
@gotwf pardon the late response, I've adopted your suggestion, thanks!
Hopefully it stays that way so I can focus on content