Strange new users

dylenbrivera

I'm getting strange users from time to time on my forum. Any idea what this is about? Spam? These are the usernames. The domains are also strange. Anyone else experience this?
ljzuzfgfks
nipccawhh
owpucgbqr
nfenmdj

trevor

@dylenbrivera said:

I'm getting strange users from time to time on my forum. Any idea what this is about? Spam? These are the usernames. The domains are also strange. Anyone else experience this?

This spam stuff should be revisited and a proper filter system needs to be implemented; email, IP, and username restrictions. Most forums have this because of this very exact problem. @sina.com defintely will be blocked whenever we get an email filter.

Scuzz

I got 300 of those over the weekend.

a_5mith

Pinging @bentael to update his spam plugin so it works with 0.5.0

Tanner

Is there a plugin that simply incorporates Google's Captcha into registration or does bentael's plugin already do that?

Scuzz

I thought the spam be gone plugin did this but it was only available for 0.5.x?

trevor

300? Not cool, and getting absolutely ridiculous since we don't really have control over this spam situation, we have to take matters into our own hands via blocking IPs, disallowing registrations, etc. - whatever we have at our disposal due to a lack of spam settings. So, this needs to be escalated, reviewed, and a solution needs to be resolved as to how to handle this better so that the bots cannot register an account period. Sooner or later someone (like me) will complain, blog about it, and say this has to be the spammiest forum system I've seen in a while and with the lack of account registration restrictions, I refuse to use it over a system that has a robust solution for combating these types of annoyances/problems. Ignoring this and deferring it much long will backfire in the long run.

(Not me ranting, just concerned.)

On a side note, this should be in the core instead of a plugin - or at least worked with closely with the dev team. We shouldn't have to wait on the plugin author to update something that's vital to the application, in which case, spam protection is vital.

Tanner

I agree spam protection is vital, and we should have a captcha system or something similar integrated into core.

kinderjaje

I had 3 communities in my life. One which i didnt touch for 2 years almost have 40k registered members. From my experience, SPAM protection is one of most important things that every website should have.

The reason for that cause SPAM can kill ur site on many way, which already happen to me on other two communities i started. I was to lazy to solve the spam problem and i finished with 600 spam blogs created and each blog has spammed with so many backlinks to itself. That mean its not only problem on user experience side, but with SEO. CAuse that how Blackhat SEO works. They use our sites to get Tier2/3 links which will they blast with thousands of shitty links from WP comments and other.

And not to mention that it killed my server resources.

Anyway, @julian @baris and other guys should dedicate really serious time finding solution to at least minimize the SPAM.

Scuzz

@trevor We have 44 actual users who are know to be human. On Sunday I had just under 400.
I have disabled registration until we can stop it.

julian

@Scuzz is it possible that the CAPTCHA is just not working? If you re-enable it on your forum and try to register and input an incorrect answer, the account is not created, right?

finid

@dylenbrivera said:

I'm getting strange users from time to time on my forum. Any idea what this is about? Spam? These are the usernames. The domains are also strange. Anyone else experience this?
ljzuzfgfks
nipccawhh
owpucgbqr
nfenmdj

When you have usernames that you can't pronounce, consider them, 99.999% of the time, to be SPAM.

Scuzz

@julian the last time I check, captcha did not work on 0.4.3. The honeypot api is enabled though.

a_5mith

@julian it doesn't, reported in this topic.

https://community.nodebb.org/topic/1669/spam-be-gone-plugin

art

With the forums I've managed, I've found that the best approach is to just ask a simple question at registration. The bots are not programmed to provide the correct text response so they always fail. Humans have no problems. Every site can provide their own question and answer. I went from zillions of spambot accounts created to absolutely zero.

Is there a nodebb plugin that will do this?

a_5mith

@art we've been calling for it for a while. But, the spam plugin doesn't have it yet. Things like this, as @trevor said, should be core or in the dependencies, who wouldn't run a forum without spam prevention? unless they're running it on a LAN.

psychobunny

Just published a Q&A plugin for the registration page, in case captcha isn't your thing

So, this needs to be escalated, reviewed, and a solution needs to be resolved as to how to handle this better so that the bots cannot register an account period.

FWIW, @dylenbrivera doesn't have any spam plugins enabled, and I think @Scuzz is running on a version of NodeBB that didnt't have captcha support yet

a_5mith

@psychobunny Would be a good selling point if you packaged spam protection as standard.

psychobunny

Yeah ideally the plugin should be written by one of us so that we can update it right away if any breaking changes are introduced. Not sure what the other two think but bundled spam protection isn't a bad idea at all

a_5mith

@psychobunny Shot in the dark, how about allowing NodeBB onto the plugin project for every "official" plugin, so that if something does go, you don't have to wait, not sure that's possible though. Perhaps any that don't allow access are unofficial and unsupported.