Spam be gone plugin.

General Discussion
  • #5

    I think that honeypot plugin was supposed to prevent registrations yeah? I actually haven't had the chance to look at them yet but I thought one prevented registrations and the other one checked some API for spammy posts

  • #6

    I think it depends on what API you use, Honeypot stops registrations, Capcha stops registrations and the other one stops the spam post?

  • #7

    @Scuzz thought honeypot was used here?

    this user for example and many others have dodgy looking usernames. At least they're unable to post. 😄

  • GNU/Linux

    Yeah, the thing that I don't like about the Honey pot system is that it is hard for me to contribute back. They have proprietary code for creating honey pots, and I am not allowed to modify them for Node.js, so we cannot contribute back.

    Their system catches spammers here, although looking over the logs, we haven't caught any recently... so they're not 100%, but anything helps! 🙂

  • Plugin & Theme Dev Anime Lovers GNU/Linux

    @meetdilip said:

    Guess they are crawling bots. Or dedicated attack towards NodeBB by someone who dislikes NodeBB.

    Well I'm thinking its a dedicated attack towards NodeBB and any site that runs the platform. I've been checking my logs recently ... and:

    warn: Route requested but not found: /register+[PLM=0][R]+GET+[0,10326,13099]+-%3E+[R]+POST+[R=302][0,0,281]+-%3E+[R]+GET+[4998,0,13099]
    I've been getting at least 200 of those per day. Additionally, the Honeypot plugin is not totally effective as @baris mentioned but it does indeed help. I'd say out of 20 bots, at least 2 get through somehow.
  • Plugin & Theme Dev

    Yep, we had a lot of spam account registrations 2-10 / day even with honeypot enabled.
    With the new captcha solution there is zero new spam-registrations! Very happy and recommend everyone enabling it!

  • #11

    @hek @julian How did you enable the new captcha version? I'm on 0.4.3, or git master @ 05872ad458ead1a34836985835dc8bdc84684d8c.

    I was thinking:

    ./nodebb stop
    git pull
    npm install
    npm install [email protected]
    ./nodebb start
  • #12


    Git pull
    ./nodebb upgrade
    Npm up
    Then the @latest one.
  • GNU/Linux

    Just a word of warning, be careful with "npm upgrade", as it will update you to the latest version of the package in the npm repository, which might be too new if one is running v0.4.3 (and not the latest commits from master). I'm not sure whether it takes package.json into account.

  • #14

    @julian Hmm, didn't know this, yes, be careful. 😆 (I always use relatively close to master, I live life on "Le Edge")

  • Community Rep

    @a_5mith said:

    @baris Bit weird how they register but don't post though. 😕 Worst spammers ever.

    We have tons of those. Super lazy spammers.

  • Plugin & Theme Dev

    Yep, removed about 100 spam account registrations. Not a single post. They might just create accounts now..

    conspiracy theory
    ...and then one day they start a massive spamming attack against all nodebb installations 😠

  • #17

    @hek The only thing I can think of is the plugin runs AFTER they've had the account created. At that point they're banned, but as user delete isn't actually in yet. It just leaves them there.

    Or the conspiracy theory is real.

  • #18

    I can't seem to get this plugin working, I've installed it (I think, there were errors about it needing a version of nod ebb-lavander-theme and nodebb-vanilla-theme that it couldn't get on version 0.4.x, but it shows up in ACP after I editing packages.json) and I've added the API keys and enabled all the options. But nothing comes up on the regos page (Which is now broken completely) :(.

  • Plugin & Theme Dev Anime Lovers GNU/Linux

    Yeah they still get through somehow, lol.
    So for every 6 or 7 real people that sign up, I get 1 bot.

    We need to be able to block certain email addresses and certain usernames using wildcards. What do you guys think? Also in the ACP we should have the ability to search by email address for example, and we should be able to mass purge all of those users.

    Perhaps post 0.5.5+

    @hek said:

    Yep, removed about 100 spam account registrations. Not a single post. They might just create accounts now..

    conspiracy theory
    ...and then one day they start a massive spamming attack against all nodebb installations 😠

    That sounds pretty evil. :rage1: ...but not likely, unless you don't have your account verifications settings checked in the ACP. 👍

  • #20

    @bentael plugin doesn't work with 0.5.0-1, doesn't appear on the registration page, so registering gives error wrong captcha every time. @julian, might want to disable captcha until this is fixed. It stops people being able to register.

  • NodeBB

    Looks like @bentael needs to npm publish the latest version that supports the regFormEntry.

  • NodeBB

    @psychobunny updated the plugin to latest from the repo, registration should work now.

  • #23

    Glad you're thorough @a_5mith, we probably wouldn't have noticed for months

  • #24

    @psychobunny 😆 Once you've got an account, it's rare you go back to the Registration Process, but I needed a throwaway account on my site to test the blog commenting.

Suggested Topics

| | | |