Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Spam accounts are created even I have enabled the captcha
I'm using Vanilla 2.1.3 with basic registration, that has the captcha activated.
Also, I have enabled the "Require users to confirm email addresses".
Current behavior is:
- people is creating spam accounts (it seems there is an unprotected URL somewhere and they can avoid filling the form with the captcha)
- spam accounts can create content and tags, even they don't have confirmed their email (user role seems to be assigned before they confirm their email)
How can I protect my forum against this? Is really annoying...