Spam be gone plugin.


  • Global Moderator

    As I didn't see the discussion in the plugins category, I have a question, it's apparent that it works, but looking through the users on nodebb, I'm seeing a lot of typical spam accounts, am I right in thinking it just stops the account from posting? As the account is still created.


  • Admin

    I think it just doesn't catch everything.


  • Global Moderator

    @baris Bit weird how they register but don't post though. :confused: Worst spammers ever.


  • GNU/Linux

    Guess they are crawling bots. Or dedicated attack towards NodeBB by someone who dislikes NodeBB.


  • Admin

    I think that honeypot plugin was supposed to prevent registrations yeah? I actually haven't had the chance to look at them yet but I thought one prevented registrations and the other one checked some API for spammy posts



  • I think it depends on what API you use, Honeypot stops registrations, Capcha stops registrations and the other one stops the spam post?


  • Global Moderator

    @Scuzz thought honeypot was used here?

    this user for example and many others have dodgy looking usernames. At least they're unable to post. :D


  • Admin

    Yeah, the thing that I don't like about the Honey pot system is that it is hard for me to contribute back. They have proprietary code for creating honey pots, and I am not allowed to modify them for Node.js, so we cannot contribute back.

    Their system catches spammers here, although looking over the logs, we haven't caught any recently... so they're not 100%, but anything helps! :)


  • Plugin & Theme Dev

    @meetdilip said:

    Guess they are crawling bots. Or dedicated attack towards NodeBB by someone who dislikes NodeBB.

    Well I'm thinking its a dedicated attack towards NodeBB and any site that runs the platform. I've been checking my logs recently ... and:

    warn: Route requested but not found: /register+[PLM=0][R]+GET+http://convoe.com/register+[0,10326,13099]+-%3E+[R]+POST+http://convoe.com/register+[R=302][0,0,281]+-%3E+[R]+GET+http://convoe.com/register+[4998,0,13099]
    ```
    
    I've been getting at least 200 of those per day. Additionally, the Honeypot plugin is not totally effective as @baris mentioned but it does indeed help. I'd say out of 20 bots, at least 2 get through somehow.

  • Plugin & Theme Dev

    Yep, we had a lot of spam account registrations 2-10 / day even with honeypot enabled.
    With the new captcha solution there is zero new spam-registrations! Very happy and recommend everyone enabling it!



  • @hek @julian How did you enable the new captcha version? I'm on 0.4.3, or git master @ 05872ad458ead1a34836985835dc8bdc84684d8c.

    I was thinking:

    ./nodebb stop
    git pull
    npm install
    npm install nodebb-plugin-spam-be-gone@latest
    ./nodebb start
    

  • Global Moderator

    @Guiri

    Git pull
    ./nodebb upgrade
    Npm up
    Then the @latest one.

  • Admin

    Just a word of warning, be careful with "npm upgrade", as it will update you to the latest version of the package in the npm repository, which might be too new if one is running v0.4.3 (and not the latest commits from master). I'm not sure whether it takes package.json into account.


  • Global Moderator

    @julian Hmm, didn't know this, yes, be careful. :laughing: (I always use relatively close to master, I live life on "Le Edge")



  • @a_5mith said:

    @baris Bit weird how they register but don't post though. :confused: Worst spammers ever.

    We have tons of those. Super lazy spammers.


  • Plugin & Theme Dev

    Yep, removed about 100 spam account registrations. Not a single post. They might just create accounts now..

    conspiracy theory
    ...and then one day they start a massive spamming attack against all nodebb installations :angry:


  • Global Moderator

    @hek The only thing I can think of is the plugin runs AFTER they've had the account created. At that point they're banned, but as user delete isn't actually in yet. It just leaves them there.

    Or the conspiracy theory is real.



  • I can't seem to get this plugin working, I've installed it (I think, there were errors about it needing a version of nod ebb-lavander-theme and nodebb-vanilla-theme that it couldn't get on version 0.4.x, but it shows up in ACP after I editing packages.json) and I've added the API keys and enabled all the options. But nothing comes up on the regos page (Which is now broken completely) :(.


  • Plugin & Theme Dev

    Yeah they still get through somehow, lol.
    So for every 6 or 7 real people that sign up, I get 1 bot.

    We need to be able to block certain email addresses and certain usernames using wildcards. What do you guys think? Also in the ACP we should have the ability to search by email address for example @sina.com, and we should be able to mass purge all of those users.

    Perhaps post 0.5.5+

    @hek said:

    Yep, removed about 100 spam account registrations. Not a single post. They might just create accounts now..

    conspiracy theory
    ...and then one day they start a massive spamming attack against all nodebb installations :angry:

    That sounds pretty evil. :rage1: ...but not likely, unless you don't have your account verifications settings checked in the ACP. :+1:


  • Global Moderator

    @bentael plugin doesn't work with 0.5.0-1, doesn't appear on the registration page, so registering gives error wrong captcha every time. @julian, might want to disable captcha until this is fixed. It stops people being able to register.


Log in to reply
 


Looks like your connection to NodeBB was lost, please wait while we try to reconnect.