Still getting a lot of registrations from spam bots

  • Resolved w-sky

    (@w-sky)


    1 year ago

    Hi there, I think I have set up hCaptcha correctly for all registrations forms, which are only WordPress and bbPress. But still the site it getting about 20 user registrations per week with auto generated, unreal usernames and always changing domains for the mail addresses, which often don’t even exist so that the emails with activation links are undeliverable. Did I miss something or what else can I do to prevent fake registrations?

    I’ve checked whether the social login plugin that we use (“Social Login, Social Sharing by miniOrange”) is a loophole for spam registrations and deactivated that for a while: No difference, same frequency of occurrence.

    The page I need help with: [log in to see the link]

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Contributor kaggdesign

    (@kaggdesign)

    1 year ago

    Hi @w-sky,

    I see that Social Login plugin is still active. Also, are you sure you so not have another point for registration?

    To make sure that registration is made through a form having hCaptcha, please do the following.

    • Turn on Statistics on the hCaptcha General admin page.
    • Deactivate all login and security plugin like miniorange.
    • Wait for next registration.
    • Open the wp_users DB table and find the registration time of the last bot user in the column user_registered
    • Open the wp_hcaptcha_events DB table and look for last events. If you see the same time in the date_gmt column, it means that hCaptcha was solved. You can find the registration form data in source and form_id columns.

    Please note that time is the user_registered column may include the site time zone, but date_gmt contains pure GMT time.

    Kindly let me know what you have found.

    Thread Starter w-sky

    (@w-sky)

    1 year ago

    Thanks @kaggdesign

    I compared that and checked the latest spam registrations: Yes, they’re all listed in the hcaptcha_events table. Some have no source [] and form_id 0, most have source: [“WordPress”] and form_id: register.

    Does this mean the spammers are “smart” enough to pass the hCaptcha test?

    Plugin Contributor kaggdesign

    (@kaggdesign)

    1 year ago

    Thank you for the update.

    What these entries like ["WordPress"] + register, corresponding by time to bot registrations, have in the error_codes column?

    Thread Starter w-sky

    (@w-sky)

    1 year ago

    It’s either [] or ["empty"]

    Plugin Contributor kaggdesign

    (@kaggdesign)

    1 year ago

    If you have entries like ["WordPress"] + register + ["empty"], corresponding by time to bot registrations, it means that hCaptcha was not solved, but it was unable to stop the bot registration. It may happen due to the presence of other plugins. Have you followed the advice “Deactivate all login and security plugins like Miniorange”, proposed above?

    Thread Starter w-sky

    (@w-sky)

    1 year ago

    Yes I had deactivated Miniorange temporarily for a few days and the fake registrations did not stop nor become less frequent. I will check some other plugins that the site has (bbPress, Solid Security Basic, Stop Spammers, wpDiscuz)

    I looked at the table very careful now. The succesful registrations all have the entries: ["WordPress"] + register + []

    Between those, there are many of other entries like [] + 0 + ["empty"] and some entries like ["WordPress"] + register + ["empty"], which all are not linked to successful registrations.

    Plugin Contributor kaggdesign

    (@kaggdesign)

    1 year ago

    Than you for the update.

    I see now that only  ["WordPress"] + register + [] entries correspond to the successful registration. They say that hCaptcha was solved: [].

    From this point, it looks like that spam bots may use a human service for solving hCaptcha (there are such ones). You can try to implement two solutions:

    • Raise the complexity level of hCaptcha on the hcaptcha.com site – set the Passing Threshold to Difficult. It helped on one site.
    • Add anti-spam service to your site like Akismet. I never tried it before, but plant to integrate with Akismet in the next release.

    Kindly let me if these advices above helped.

    Thread Starter w-sky

    (@w-sky)

    1 year ago

    Yes, that would be very likely. I can observe what they are trying to do: Post spam comments or use the BBpress forum to post spam. But usually (around 90%) they fail and their posts are flagged as spam. Also they insert a lot of keyword spam in various languages into their profile “about me” text.
    The site has the “Stop Spammers” plugin which helps a lot.

    Thank you for the advice. I’ve raised the difficulty and will observe. Also I’ve set the language at hCaptcha Appearance settings (instead using automatic) because the site language is German and everyone with a different language setting is probably a spammer, so why make it easier for them. 🙂

    Plugin Contributor kaggdesign

    (@kaggdesign)

    1 year ago

    OK, thank you for the update.

    Plugin Contributor kaggdesign

    (@kaggdesign)

    12 months ago

    I closed this ticket due to a week of inactivity. Please do not hesitate to contact me here or create another ticket with questions. Thank you for the collaboration.

Viewing 10 replies - 1 through 10 (of 10 total)

The topic ‘Still getting a lot of registrations from spam bots’ is closed to new replies.