Strange new users

kinderjaje

I had 3 communities in my life. One which i didnt touch for 2 years almost have 40k registered members. From my experience, SPAM protection is one of most important things that every website should have.

The reason for that cause SPAM can kill ur site on many way, which already happen to me on other two communities i started. I was to lazy to solve the spam problem and i finished with 600 spam blogs created and each blog has spammed with so many backlinks to itself. That mean its not only problem on user experience side, but with SEO. CAuse that how Blackhat SEO works. They use our sites to get Tier2/3 links which will they blast with thousands of shitty links from WP comments and other.

And not to mention that it killed my server resources.

Anyway, @julian @baris and other guys should dedicate really serious time finding solution to at least minimize the SPAM.

Scuzz

@trevor We have 44 actual users who are know to be human. On Sunday I had just under 400.
I have disabled registration until we can stop it.

julian

@Scuzz is it possible that the CAPTCHA is just not working? If you re-enable it on your forum and try to register and input an incorrect answer, the account is not created, right?

finid

@dylenbrivera said:

I'm getting strange users from time to time on my forum. Any idea what this is about? Spam? These are the usernames. The domains are also strange. Anyone else experience this?
ljzuzfgfks
nipccawhh
owpucgbqr
nfenmdj

When you have usernames that you can't pronounce, consider them, 99.999% of the time, to be SPAM.

Scuzz

@julian the last time I check, captcha did not work on 0.4.3. The honeypot api is enabled though.

a_5mith

@julian it doesn't, reported in this topic.

Spam be gone plugin.

As I didn't see the discussion in the plugins category, I have a question, it's apparent that it works, but looking through the users on nodebb, I'm seeing a...

NodeBB Community (community.nodebb.org)

art

With the forums I've managed, I've found that the best approach is to just ask a simple question at registration. The bots are not programmed to provide the correct text response so they always fail. Humans have no problems. Every site can provide their own question and answer. I went from zillions of spambot accounts created to absolutely zero.

Is there a nodebb plugin that will do this?

a_5mith

@art we've been calling for it for a while. But, the spam plugin doesn't have it yet. Things like this, as @trevor said, should be core or in the dependencies, who wouldn't run a forum without spam prevention? unless they're running it on a LAN.

psychobunny

Just published a Q&A plugin for the registration page, in case captcha isn't your thing

So, this needs to be escalated, reviewed, and a solution needs to be resolved as to how to handle this better so that the bots cannot register an account period.

FWIW, @dylenbrivera doesn't have any spam plugins enabled, and I think @Scuzz is running on a version of NodeBB that didnt't have captcha support yet

a_5mith

@psychobunny Would be a good selling point if you packaged spam protection as standard.

psychobunny

Yeah ideally the plugin should be written by one of us so that we can update it right away if any breaking changes are introduced. Not sure what the other two think but bundled spam protection isn't a bad idea at all

a_5mith

@psychobunny Shot in the dark, how about allowing NodeBB onto the plugin project for every "official" plugin, so that if something does go, you don't have to wait, not sure that's possible though. Perhaps any that don't allow access are unofficial and unsupported.

Tanner

Maybe you could denote official plugins as ~official~ in some way, like a little tag in the ACP or something, to indicate this.

Just an idea, not sure if I even like it or not.

psychobunny

One thing we could do is transfer over officially supported plugins to our organization

NodeBB

NodeBB has 90 repositories available. Follow their code on GitHub.

GitHub (github.com)

And create an official plugin developers group maybe (similar to the documentation translation group). If the original author doesn't get around to upgrading then one of us could step in.

But this is of course, totally up to the original author of the plugin

a_5mith

@psychobunny Cheers buddy, doesn't seem to work for me though. Not sure if I'm using it wrong though.

$(window).on('action:posts.reply', function() {
    $('.js-lazyYT').lazyYT();
});

Seems to only pull the video details on a refresh at the minute.

psychobunny

I think you posted in the wrong thread by accident (I sure hope it's not because of a confusion when I forked the previous thread)

The hooks actually are action:composer.topics.post, action:composer.posts.reply, action:composer.posts.edit

a_5mith

@psychobunny I did.

scottalanmiller

@Scuzz said:

@trevor We have 44 actual users who are know to be human. On Sunday I had just under 400.
I have disabled registration until we can stop it.

We have thousands of SPAM accounts now.

scottalanmiller

@Tanner said:

Maybe you could denote official plugins as ~official~ in some way, like a little tag in the ACP or something, to indicate this.

That would be handy. There should be a way to identify them.

julian

@scottalanmiller Are you utilising spam-be-gone now? (Have you been using it all along?)

We unofficially take abandoned plugins under the NodeBB umbrella... but don't want to set a precedent... otherwise that org is going to be a dumping ground for half-finished, broken NodeBB plugins