Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Can't Stop Spammers

135

Comments

  • DenisSDenisS My brain hurts Buriram ✭✭
    edited January 2015

    @peregrine said:
    if you have confirm e-mail turned off - you shouldn't see this

    >

    I know but I do see them

    anabelchattencnr377 anabelchattencnr377@nokiamail.com Confirm Email 10:43PM 10:43PM 100.32.210.141 EditDelete

    best to post your config.php minus salts passwords, etc. Not sure what this means!

    also post your permissions for guest role and applicant role. _**Applicant role sign in was "allow" I have disallowed this now. **_

    if you want to delete all users in the confirm e-mail status (which i assume you want to do. _I have already done this _

    use cleanser.

    anyone who still has confirm e-mail role, will still be able to self register, without your approval.

    >
    _I know that I will be redirecting the 2.0.18.14 site to my new 2.1.6 site soon, I going thought this exercise to hopefully stop these spammers on my new upgraded site. Hopefully this will help the Vanilla developers at the same time. _

  • DenisSDenisS My brain hurts Buriram ✭✭

    None of the things applied, have worked to stop registration: between 11am and 11;15 6 new "members"

  • DenisSDenisS My brain hurts Buriram ✭✭
    edited January 2015

    I had my first::::: There is currently 1 applicant :::

    JamieCorbi (tackyhypocrite2jh7p@outlook.com) 12:33PM
    >
    {I want to {see new threads|follow the discussion|be part here|see new additions|access all parts|contibute|say something|reply to a thread|reply to a user|message a user|contact a user|read everything}.
    >
    Approve, Decline
    >
    >

    I can see there are set fields here is this how they are getting through?

  • DenisSDenisS My brain hurts Buriram ✭✭
    edited January 2015

    I was using default settings, but have now changed a few settings mainly applicant role, but some of the terminology really does not explain what checking or un-checking means. In the roles.

    @peregrine said:
    http://vanillaforums.org/discussion/comment/223099/#Comment_223099

    I think you are not properly configuring permissions or roles, if you are still getting new people becoming members without your approval. Also you may have lots of unconfirmed e-mail role who can still bypass approval.

    At worst you should get lots of applicants, but no one should be able to become a member or be able to post without your approval, if you have permissions and roles set properly and the userrole table in proper order and don't allow confirm e-mail

    I suggest re-reading some of the comments carefully. then re-read them a few more times. then have lunch and re-read them again. then repeat.

  • peregrineperegrine MVP
    edited January 2015

    @DenisS said:
    I had my first::::: There is currently 1 applicant :::

    I can see there are set fields here is this how they are getting through?

    then when you upgrade to 2.1 use what whu606 suggested

    whu606 said: in comment

    http://vanillaforums.org/discussion/comment/222551/#Comment_222551

    @DenisS‌
    What are your current anti-spam methods?
    I use registration approval with Add Registration Question and Registration Restrict Logger, and don't get any spam applicants anymore.
    If you make your registration question specific to your site user interests, the odds of a spambot hacking it successfully will be pretty remote.

    Registration restrict Logger plugin when used in 2.1.6 will stop lots of the applicant spam issues you are having and you will not have that kind of issue that you have in this link

    Applicant does not equal member.

    for applicants - this is all they might need.

    since you said you will be upgrading to 2.1.6 in two weeks about a week ago, in about a week you will be spending less time fighting spam. If you pay attention to the comments.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • x00x00 MVP
    edited January 2015

    Just to recap when was the last spam message posted on the forum, and what context?

    You may not stop spam applications. I am asking for the last spam post.

    grep is your friend.

  • DenisSDenisS My brain hurts Buriram ✭✭
    edited January 2015

    I read your message when to my site and there are another 2 within the last few min's
    last recent message in discussion unread comment
    >

    raneescifreslmz803raneescifreslmz803 4:48PM QuoteAutoExpire
    >

    (off)EditAnnounceSinkCloseDelete Discussion Bump FlagThanks

    >
    178.36.63.241 Private Message to raneescifreslmz803Posts: 1
    >

    Use Windows Os Product Key
    Because it includes your precious information, the hard drive can be an essential electronics component of your PC. In Windows XP, as an example, it is possible to access power is scanned and repair by your hard-drive from the control panel's administrative menu. Verify the web site focused on your Linux offer to discover how-to manage your Linux Application. There are certainly a number of analytic application suites you can use to identify and restore your hard disk drive in the event the hard drive power contained in your OS fails to identify or repair the problem.

    Protogo can be a Mac repair software collection which contains three of the best repair instruments that are Mac of Micromat; TechTool Pro DiskStudio , TechTool Pro Vintage, and 6. Protogo makes any of your methods together with a bootable repair resource with one of these methods on the portable hard drive or thumb drive. Protogo allows you optimize in addition to defragment, to restore and recover data from problematic hard drives, and safely remove data. Memtest OS X is actually a storage testing software for Mac OS X. It's a commandline electricity so that it might be ran in OS X or in Simple -User Mode in case your Mac will not start.

    To start with, develop a DVD utilizing the device on another system that has an identical hardware setup as your Mac and then use this bootable disc on top of that your Mac that is struggling and rebuild the damaged listing of your method.

    Onyx is just marketing, a preservation, and customization utility for Mac OS X. It enables you to manage hard disk diagnostics, run program maintenance projects, eliminate caches, and arrange plenty of OS X concealed attributes.Hard Drive Repair Software

    Hard drive repair application tests the hard-drive to identify problems' big event, including conditions that may require mechanical fix. Some hard application fix bad areas, and format, will allow you to reconfigure your hard drive configurations and repartition your disk drive. Many hard drive repair application suites provide a trial edition of the application online for download. You also have to recover the data and if your hard drive has failed, the push should not be formatted by you. Try a couple of unique test packages in the event the first people cannot is downloaded by you recover your data.

  • peregrineperegrine MVP
    edited January 2015

    what role does the user raneescifreslmz803 have?
    or did they have before you modify anything.

    if the user is a members when did they become member. what is their join date,

    post screenshots of all your roles and all your permissions. (don't need admin role or moderator role) but all others would be helpful to see what you are doing.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • does the spamming coincide when your computer is on?

    grep is your friend.

  • whu606whu606 I'm not a SuperHero; I just like wearing tights... MVP
    edited January 2015

    @‌DenisS

    Here's what works for me:

    I created a new role called Waiting

    For that role, the only boxes ticked are

    Garden - Signin - View

    Vanilla - Comments - Me

    Default Category Permissions - Discussions - View

    I assigned Applicants to this role.

    I use Add Registration Question and Registration Restrict Logger.

    I no longer get Spambot applicants.

    None. Nada. Niente.

    I know you are getting different bits of advice, but all I can say is that does the trick for me.

  • Not appearing in activity suggests injection

    grep is your friend.

  • Disable all the social login pluigns. I don’t think they are culprit but it one more thing you don't need.

    grep is your friend.

  • peregrineperegrine MVP
    edited January 2015

    we still have no idea what permissions and roles he has set up. nor has he posted screenshott of all roles and all permissions of those roles and he doesn't understand when I asked him to post his config.php (without sensitive passwords , etc). so I figute this is a guessing game with Denis giving a recap of how many spammers he has on a daily basis.

    but I don't know how to say this in any clearer words.

    It is a bit of energy you are wasting, when you could be applying it to upgrading to 2.16 period!

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • The normal approval method is working as expected.

    But I agree answers to question are always helpful.

    grep is your friend.

  • DenisSDenisS My brain hurts Buriram ✭✭

    my internet goes on and off most days, i have to live with it.

  • DenisSDenisS My brain hurts Buriram ✭✭
    edited January 2015

    They join , post all at the same time. If you try and join the normal way this is what happens and it's correct.
    >
    x00 (**********@yahoo.com) 5:11PM
    test
    Approve, Decline

  • x00x00 MVP
    edited January 2015

    They are elevated to members.

    I think the application spam may not be related to the injection spam. If they are then, it is a two step process.

    What you need to do is look at your access, logs, to see what urls are coinciding with theses times. This is something best done by your host if you not confident with that. They can also turn on capturing of the request so they can get all the headers such as post, which will reveal the injection method.

    Times are everything, you need the exact times and time zones, for both when they are joining and thier first spma post.

    Injection could work through an exploit in vanilla, a plugin, or any part of your site.

    Also it is possible the there is XSS, when you visit a page the inserted script then uses your privileges, to update their roles.

    grep is your friend.

  • DenisS that is me don't post my email.

    grep is your friend.

  • DenisSDenisS My brain hurts Buriram ✭✭

    My applicants are set as you say peregrine.

  • peregrineperegrine MVP
    edited January 2015

    I am giving up here until you post screen shots of your roles and permissions and your config.php (remove the passwords and email). I don't need you to say it is, just post screenshots!

    also get this plugin http://vanillaforums.org/addon/noroleassigned-plugin

    and post a screenshot of results

    otherwise we are wasting time. it could be as x00 says. but it could also be a result of poor settings.

    and we want know until you make the effort to read this message, understand it, and post screenshots!

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

Sign In or Register to comment.