Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Spam accounts are created even I have enabled the captcha
ppazos
New
I'm using Vanilla 2.1.3 with basic registration, that has the captcha activated.
Also, I have enabled the "Require users to confirm email addresses".
Current behavior is:
- people is creating spam accounts (it seems there is an unprotected URL somewhere and they can avoid filling the form with the captcha)
- spam accounts can create content and tags, even they don't have confirmed their email (user role seems to be assigned before they confirm their email)
How can I protect my forum against this? Is really annoying...
Tagged:
0
Comments
Hello!
Spammers could be doing many things to get into your forum. The two most likely are:
It also sounds like your permissions are not set up properly. Guest and Unconfirmed roles should not be able to add anything.
You can also add/enable some SPAM addons like Akismet and StopForumSpam. I highly recommend both.
Search first
Check out the Documentation! We are always looking for new content and pull requests.
Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.
hgtonight is most likely correct, there is a user registration vulnerability in Vanilla 2.1.8 that is actively exploitet by spammers. That would also explain how they are able to bypass your permissions.
Upgrading to 2.1.11 is the best solution. If you still experience such issues afterwards, think about upgrading to the master branch (more secure but less tested on alternative server configurations).
Perfect. Will update right away and wait a little to evaluate if I get new bogus users. Also will check those addons!
So far, no spam accounts are created since upgrade!