Spam Registrations

  • deeveearr

    (@deeveearr)


    5 years ago

    Hi guys,

    I’m getting lots of spam registrations to my forum and wondered if wpforo had any idea of what’s going off?

    All the registrations seem to come in, change their passwords one minute up to an hour later (which go to a non-existant email address) and then just leave a load of dead weight in my ‘users’ panel.

    In my WordPress General settings, the option of ‘membership – anyone can register’ is UN-checked, so I’m guessing that any spam registrations are coming straight through from wpforo.

    I tried Akismet out last night, but all THAT did was to allow loads of comments coming through, plus the spam registrations were still happening, so I deactivated Akismet and went back to Antispam Bee.

    I then turned all of the wpforo antispam controls to ‘yes’ to see if that worked, but sadly the spam registrations are still coming through.

    In addition to the antispam measures that are invoked by wpforo, would it not be a good practice to enable a ‘honeypot’ feature, ie add a new field that spambots would try to fill in and then ban them when found doing so?

    The honeypot feature works really well on Antispam Bee, catching out hundreds of spammers, and I feel that this system should also be applied on wpforo.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author gVectors Team

    (@gvectors-team)

    5 years ago

    Hi @deeveearr,
    here is a good article about the spam protection:
    https://wpforo.com/community/faq/how-to-stop-spam/

    In addition, i’d say you can try any antispam plugin you want, just make sure it works with wpForo and the user registration process is not stopped.

    Thread Starter deeveearr

    (@deeveearr)

    5 years ago

    Right, I think I’ve worked out why the spammers always go to try and change their passwords at least:

    I just tried using a new browser to add a new forum member, and got an email back with the following link to set my password:

    https://my-site.com/logininformation/?action=rp&key=DZGQGLP6WSBOpHcH9XFo&login=Jonathan https://my-site.com/community/?foro=signin&redirect_to=https%3A%2F%2Fmy-site.com%2Fcommunity

    (my-site.com and logininformation contain the website and hidden login details, so that has been over-written).

    …and on adding the link in my new browser, it came back with ‘this key is invalid’.

    However, there’s also a link to ‘forgot your password?’

    Which is obviously why any spammers then click on that link to re-set their passwords.

    We therefore need a fix for the ‘invalid key’ portion that is sent out to new registrants.

    **edit**

    to clarify, there are TWO links in the above message, the first one is to set a password, and the second looks like a redirect to the forum page.

    This is probably why it comes back with an ‘invalid key’ message.

    How do I get rid of the second link in the message?

    • This reply was modified 5 years ago by deeveearr.
Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Spam Registrations’ is closed to new replies.

  • 2 replies
  • 2 participants
  • Last reply from: deeveearr
  • Last activity: 5 years ago
  • Status: not a support question