Fake Accounts on your site
Asked Modified Viewed 13,354 times
asked
There seems to be an increase in the number of fake accounts being set up on PF sites. They can be easily identified by gibberish usernames and web addresses as well as being very close together with the join dates.
[ulist=disc]Are you having similar problems?
Which captcha are you using?
Are you using any other security measures?
Have you noticed any increase at all?[/ulist]
[ulist=disc]Are you having similar problems?
Which captcha are you using?
Are you using any other security measures?
Have you noticed any increase at all?[/ulist]
answered
Use something like "security question".
answered
Put/check out within system-controls the option:
New members activated by the SuperUser (Yes)
Now you have to manualy accept every new member.
But You've got the control over You're site and there visitors...
Greetings,
New members activated by the SuperUser (Yes)
Now you have to manualy accept every new member.
But You've got the control over You're site and there visitors...
Greetings,
answered
Happening to me as well.... those accounts were spamming **** in forums, so banned them. I use e-mail and admin activation, but still its annoying to delete bunch of them every day.
Anything else to be done to prevent it ?
Anything else to be done to prevent it ?
answered
I am trying to figure out something with this as well. I have 4 sites, and all of them use the secure question. All set up the same way in registration, but for somereason 1 site keeps letting them in I don't get it.
answered
Quote
Vyper69 wrote:
I am trying to figure out something with this as well. I have 4 sites, and all of them use the secure question. All set up the same way in registration, but for somereason 1 site keeps letting them in I don't get it.
Are you using ReCaptcha ?
This have been a problem in long time. Why not just ask a "serious" hacker how they trick the system? Other CMS systems take the hacking very serious, but in here it looks like they dont care much. Imho the registersystem is way to weak. With the register-by-email-verification it should be easy to keep the bots out, but somehow they have found a securityhole. If the email-verification system worked, it should not be able for anyone who use a gibberish email to register.
Edited by Ken on 17-12-2012 13:48,
answered
There is no security holes in registration system, I have no bots at all.
Just use mods for this.
Just use mods for this.
Quote
PolarFox wrote:
There is no security holes in registration system, I have no bots at all.
Just use mods for this.
Maybe your site is not that interesting than others seems to be then. Why the heck do others tell they have problems with bots then?
Hmm it's not easy to discuss (IMO) at least.
As I see it: Hacked sites/hacking in generel comes often from security holes in code(s) - when it's not the FTP they've hacked into or the host firm itself.
When we talk spam it comes from hackers that write script(s) that can bypass eg; the /register.php, the Captcha, Security Questions and so on. Imo it's not caused security holes. Let's say I write a script that can "see" eg; the Captcha and then register - or that can lay 2+15 together (some anti spam bots security script) I don't think it's hacking nor caused security holes. But maybe Im wrong - Im not a hacker..
There is a difference..
As I see it: Hacked sites/hacking in generel comes often from security holes in code(s) - when it's not the FTP they've hacked into or the host firm itself.
When we talk spam it comes from hackers that write script(s) that can bypass eg; the /register.php, the Captcha, Security Questions and so on. Imo it's not caused security holes. Let's say I write a script that can "see" eg; the Captcha and then register - or that can lay 2+15 together (some anti spam bots security script) I don't think it's hacking nor caused security holes. But maybe Im wrong - Im not a hacker..
There is a difference..
Quote
smokeman wrote:
Hmm it's not easy to discuss (IMO) at least.
As I see it: Hacked sites/hacking in generel comes often from security holes in code(s) - when it's not the FTP they've hacked into or the host firm itself.
When we talk spam it comes from hackers that write script(s) that can bypass eg; the /register.php, the Captcha, Security Questions and so on. Imo it's not caused security holes. Let's say I write a script that can "see" eg; the Captcha and then register - or that can lay 2+15 together (some anti spam bots security script) I don't think it's hacking nor caused security holes. But maybe Im wrong - Im not a hacker..
There is a difference..
If you make a program to see something you are not supposed to see, it is hacking. If you make a software to see someones 4 digit code for his creditcard it's hacking! There are no excuse for what they do and there is not a difference.
answered
No, they are just a stupid bots.
No exceptions, and no spam-holes nowadays.
No exceptions, and no spam-holes nowadays.
answered
Just programmes and dummy emails like yopmail etc, etc. No holes in fusion email activation. lol
answered
In my opinion, there is no security holes at PF. Fake accounts cannot be blocked if we activate registration at our website.
Gillette
Gillette 10
- Senior Member, joined since
- Contributed 335 posts on the community forums.
- Started 4 threads in the forums
I just deleted 14 fake unactivated accounts today,not a big deal,somthing to do in the morning time.Yes I approve accounts manually
answered
Hi,
i am a member at a small community using php-fusion. lately we have been troubled with spam bots. new members have to be activated by an admin, so no spam bot makes it to our site. but atm we have 3000 unactivated members...
So even if legit people register, we will probably delete them by accident because we cant really check 3000 accounts.
what can be done? i activated email verification today, but at least one new bot registered during the last hours.
http://warhammerers-online.co.uk/news.php
i am a member at a small community using php-fusion. lately we have been troubled with spam bots. new members have to be activated by an admin, so no spam bot makes it to our site. but atm we have 3000 unactivated members...
So even if legit people register, we will probably delete them by accident because we cant really check 3000 accounts.
what can be done? i activated email verification today, but at least one new bot registered during the last hours.
http://warhammerers-online.co.uk/news.php
answered
There is A LOT of mods. Choose wisely.
I wouldn't even use a pre-created MOD IMO. The more popular a MOD becomes, the higher likelihood of a programmer, programming against it.
The reason why you would use a MOD in the first place, is to separate yourself from common code.
The best way is to write something yourself. You can lead a horse to water, but ultimately it's up to him to drink it.
The reason why you would use a MOD in the first place, is to separate yourself from common code.
The best way is to write something yourself. You can lead a horse to water, but ultimately it's up to him to drink it.
answered
Hi,
thank you for your replys.
Writing something ourselfs ist not an option i think, as none of us has writing skills.
I would try the addon/infusion method. Maybe it helps to have a security question for registration. e.g. this http://www.phpfusion-mods.net/infusio...mod_id=518
It says its for version 7.00 , our site says its PHP Version 5.2.17 ind the php info... i guess that might be a problem :(
Is it possible to upgrade?
thank you for your replys.
Writing something ourselfs ist not an option i think, as none of us has writing skills.
I would try the addon/infusion method. Maybe it helps to have a security question for registration. e.g. this http://www.phpfusion-mods.net/infusio...mod_id=518
It says its for version 7.00 , our site says its PHP Version 5.2.17 ind the php info... i guess that might be a problem :(
Is it possible to upgrade?
answered
You have 2 separated versions: PHP Version 5.2.17 AND PHPFusion version ??.??.?? (check out your admin panel).
And you able to upgrade your PHPFusion if needed.
And you able to upgrade your PHPFusion if needed.
Category Forum
Announcements & Security IssuesLabels
None yet
Statistics
- Views 0 views
- Posts 21 posts
- Votes 0 votes
- Topic users 13 members
13 participants
Ken 10
No Support by PM. Please use the forum.
- Senior Member, joined since
- Contributed 713 posts on the community forums.
- Started 43 threads in the forums
Craig 14
- Fusioneer, joined since
- Contributed 4,462 posts on the community forums.
- Started 212 threads in the forums
smokeman 10
- Veteran Member, joined since
- Contributed 920 posts on the community forums.
- Started 79 threads in the forums
HobbyMan 10
Just some Guy
- Veteran Member, joined since
- Contributed 1,486 posts on the community forums.
- Started 91 threads in the forums
- Started this discussions
PolarFox 8
- Veteran Member, joined since
- Contributed 1,633 posts on the community forums.
- Started 29 threads in the forums
icb 10
- Member, joined since
- Contributed 54 posts on the community forums.
- Started 16 threads in the forums
Samuel 10
- Member, joined since
- Contributed 55 posts on the community forums.
- Started 13 threads in the forums
Gillette 10
- Senior Member, joined since
- Contributed 335 posts on the community forums.
- Started 4 threads in the forums
Vyper69 10
Unprecedented Times call for Unprecedented Measures
- Senior Member, joined since
- Contributed 551 posts on the community forums.
- Started 146 threads in the forums
KasteR 10
- Senior Member, joined since
- Contributed 290 posts on the community forums.
- Started 1 thread in the forums
Masy 10
- Newbie, joined since
- Contributed 4 posts on the community forums.
- Started 1 thread in the forums
Notifications
Track thread
You are not receiving notifications from this thread.
Related Questions