use_port is no longer used, just don't put the port number in the url field and set up a reverse proxy (https://docs.nodebb.org/configuring/proxies/nginx/)
How to enable Email verificatiion
-
The bot attack is still there for me. I badly need a Q & A plug in. Or a mass bot cleaner. Like delete users who have not been online for more than one minute in last 10 days etc.
Saving that request for a later point of time, I have installed Mandrill plugin on my site. Would nice if someone can tell how to enable email verification and if possible an option to delete non verified accounts. Thanks.
-
I've enabled email verification through the admin panel - though I haven't verified if users can post without verification or not. I'll give ti a quick test.
In the mean time:
Admin > General Settings > User >"Require Email Confirmation" -
@meetdilip Ninja'd...
Make sure mandrill is working before you do this. You will need to confirm your own account too.
-
I was just able to create a new account, not verify email, and create a thread on my board.
Perhaps once we get some more groups, there will be a group for those unactivated which will allow for some permissions to be set.
-
-
@baris, thanks for the link. An issue I've ran into the past is that many bots are beating Captcha and Recaptcha. Hopefully in the future we'll see other potential spam plugins. For the time being, however, this is definitely getting installed!
-
@Albus Get an api key from honeypot. I've had 0 registrations since enabling it.
-
@a_5mith With Project Honeypot and Recaptcha both working on registrations, there shouldn't bee too much of an inconvenience to the user, though it doesn't seem like both would be necessary. I've been looking into Project Honeypot since you suggested it, and it seems promising. Might not keep spammy users away, but at the least it should prevent the bots. Thanks for the tip!
-
@Albus It keeps away known spammers, but not those targeting just your site for the sake of being annoying. But that's probably where someone builds the hellban plugin.
warn: [plugins/spam-be-gone] Wrong Captcha warn: [plugins/spam-be-gone] wjrezbvletaj | bxvh4q1@hotmail.com was detected as spammer and was denied registration. warn: [plugins/spam-be-gone] Wrong Captcha warn: [plugins/spam-be-gone] wjrezbvletaj | mwxn2f7@hotmail.com was detected as spammer and was denied registration.Working nicely.
-
@a_5mith is there a hellban plugin yet?
If not seems simple enough to create once user permissions progress a bit. -
@Albus said:
I've enabled email verification through the admin panel - though I haven't verified if users can post without verification or not. I'll give ti a quick test.
In the mean time:
Admin > General Settings > User >"Require Email Confirmation"I cannot find that option. Early adopter of 0.4.3 . I see " Allow local log in " though.
-
@baris said:
https://github.com/akhoury/nodebb-plugin-spam-be-gone helps a lot.
I have it installed. But friends complained that they were not able to register. So had to put it down. No way to delete bots as a whole as well. Q & A would have helped, I guess. Now clicking rows of bots one by one and deleting them.
-
@meetdilip Not sure when this option was added, might be after 0.4.3 stable.
-
@a_5mith then would running commands to update to the latest commit solve the matter for @meetdilip ?
-
@Albus said:
@a_5mith then would running commands to update to the latest commit solve the matter for @meetdilip ?
Ah ! Don't mention it. If not for @a_5mith , my site would be down trying to use the latest version.
-
@Albus Texhnically, yes. But that depends on whether he wants to risk running on master branch (not recommended for a live environment).
However this guide outlines the upgrade process. However with 0.5.0 just around the corner, it may be more beneficial to wait until then for the stability.
-
Yep, it too am waiting for 0.5. Hope whoever is behind this bot attack will help us build a good antispam system.
-
@a_5mith Thanks for such a thorough answer, and the advice. This even answered a question I had earlier today as well.
-
ping @julian @baris @psychobunny
