Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Can't Stop Spammers

124

Comments

  • DenisSDenisS My brain hurts Buriram ✭✭

    JamieCorbi (tackyhypocrite2jh7p@outlook.com) 12:33PM

    {I want to {see new threads|follow the discussion|be part here|see new additions|access all parts|contibute|say something|reply to a thread|reply to a user|message a user|contact a user|read everything}.

    This is the routine they are getting through all the sercurity with. How do you stop this?

  • denis please don't post email addresses of people trying to help you :smile:

    http://vanillaforums.org/discussion/comment/223202/#Comment_223202

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • peregrineperegrine MVP
    edited January 2015

    @DenisS said:
    JamieCorbi (tackyhypocrite2jh7p@outlook.com) 12:33PM

    {I want to {see new threads|follow the discussion|be part here|see new additions|access all parts|contibute|say something|reply to a thread|reply to a user|message a user|contact a user|read everything}.

    This is the routine they are getting through all the sercurity with. How do you stop this?

    registration restrict logger plugin as said ad infinitum!
    http://vanillaforums.org/addon/registrationrestrictlogger-plugin

    that is not security per se. it is an applicant request. the way to restrict applicant requests is via plugin.

    please re-read and answer the questions in the last few comments !

    you don't want to be helped if you can't post screenshots.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • DenisSDenisS My brain hurts Buriram ✭✭
    edited January 2015

    Applicants

    I turn off comments after the screen shot.
    >

    >



  • DenisSDenisS My brain hurts Buriram ✭✭
  • DenisSDenisS My brain hurts Buriram ✭✭
  • DenisSDenisS My brain hurts Buriram ✭✭

    Guest

  • peregrineperegrine MVP
    edited January 2015

    your member role settings permissions is not set up well.

    member role should not have add users!

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • peregrineperegrine MVP
    edited January 2015

    this is an example of default member permissions

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • good catch!

    what is happening @DenisS is you have an insider. They are approving the membership of these spammers. You should find out who they are so you can ban them.

    grep is your friend.

  • you need to search your access log for this string
    user/edit

    note the IP, then compare to IPs in the Gdn_Usertable.

    grep is your friend.

  • DenisSDenisS My brain hurts Buriram ✭✭
    edited January 2015

    This a few min's ago as you can see xOO tride to join but is as Applicant the rest by-pass the system and join and become full members.

  • @DenisS add me as a member

    grep is your friend.

  • DenisSDenisS My brain hurts Buriram ✭✭
    edited January 2015

    Bye thanks for your help, Go to an appointment: I have to keep the 2.0.18.14 site up for a few days but I'm hurrying on the 2.1.6 install now, see if they get through that security
    >
    >
    >
    they all seemed to be coming from one domain now

    nokiamail.com
    >
    I have sent nokiamail.com an email with all the spam account I have saved.

  • Denis you need to read carefully this discussion, as we are trying to help, it is not always clear if you are following every detail.

    grep is your friend.

  • peregrineperegrine MVP
    edited January 2015

    you have multiple problems. aside from the member permissions. http://vanillaforums.org/discussion/comment/223218/#Comment_223218

    you still have users in the confirm email status!!!!

    you should delete users in the the confirm email status, since they can bypass approval as mentioned numerous times before.

    what don't you comprehend about posting your conf/config.php? just change passwords and email in it when you post).

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • DenisSDenisS My brain hurts Buriram ✭✭
    edited January 2015

    They are the members who had just join that screenshot is 10 sec's before i deleted them
    Where is my config.php?

  • AnonymooseAnonymoose ✭✭
    edited January 2015

    @x00 said:
    Denis you need to read carefully this discussion, as we are trying to help, it is not always clear if you are following every detail.

    @peregrine said:
    member role should not have add users!

    Whoops.

    I have sent nokiamail.com an email with all the spam account I have saved.

    Have you? But that's not going to do much.

  • @DenisS said:
    They are the members who had just join that screenshot is 10 sec's before i deleted them
    Where is my config.php?

    you should have a config.php in the conf folder, if you set up vanilla forum properly.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • x00x00 MVP
    edited January 2015

    strip out

    $Configuration['Database']['Name']
    $Configuration['Database']['Host']
    $Configuration['Database']['User']
    $Configuration['Database']['Password']
    $Configuration['Garden']['Cookie']['Salt']
    $Configuration['Garden']['Registration']['CaptchaPrivateKey']
    $Configuration['Garden']['Registration']['CaptchaPublicKey']
    $Configuration['Garden']['InstallationID']
    $Configuration['Garden']['InstallationSecret']
    $Configuration['Garden']['Email']['SupportName']
    $Configuration['Garden']['Email']['SupportAddress']
    $Configuration['Garden']['Email']['UseSmtp']
    $Configuration['Garden']['Email']['SmtpHost']
    $Configuration['Garden']['Email']['SmtpUser']
    $Configuration['Garden']['Email']['SmtpPassword']
    $Configuration['Garden']['Email']['SmtpPort']
    $Configuration['Garden']['Email']['SmtpSecurity']
    

    When posting config.php

    You can post like so

    ~~~
    [code goes here]
    ~~~
    

    grep is your friend.

Sign In or Register to comment.