I just used the plugin image upload, but the image can't show how to fix it?
Guess they are crawling bots. Or dedicated attack towards NodeBB by someone who dislikes NodeBB.
Well I'm thinking its a dedicated attack towards NodeBB and any site that runs the platform. I've been checking my logs recently ... and:
warn: Route requested but not found: /register+[PLM=0][R]+GET+http://convoe.com/register+[0,10326,13099]+-%3E+[R]+POST+http://convoe.com/register+[R=302][0,0,281]+-%3E+[R]+GET+http://convoe.com/register+[4998,0,13099] ``` I've been getting at least 200 of those per day. Additionally, the Honeypot plugin is not totally effective as @baris mentioned but it does indeed help. I'd say out of 20 bots, at least 2 get through somehow.
Just a word of warning, be careful with "npm upgrade", as it will update you to the latest version of the package in the npm repository, which might be too new if one is running v0.4.3 (and not the latest commits from master). I'm not sure whether it takes
package.json into account.
I can't seem to get this plugin working, I've installed it (I think, there were errors about it needing a version of nod ebb-lavander-theme and nodebb-vanilla-theme that it couldn't get on version 0.4.x, but it shows up in ACP after I editing packages.json) and I've added the API keys and enabled all the options. But nothing comes up on the regos page (Which is now broken completely) :(.
Yeah they still get through somehow, lol.
So for every 6 or 7 real people that sign up, I get 1 bot.
We need to be able to block certain email addresses and certain usernames using wildcards. What do you guys think? Also in the ACP we should have the ability to search by email address for example
@sina.com, and we should be able to mass purge all of those users.
Perhaps post 0.5.5+
Yep, removed about 100 spam account registrations. Not a single post. They might just create accounts now..
...and then one day they start a massive spamming attack against all nodebb installations
That sounds pretty evil. :rage1: ...but not likely, unless you don't have your account verifications settings checked in the ACP.