Since the 1st May about 100 new spam users sign up each day in my community. It is some form of automated bot. I have set the default account to read only to stop them spamming. My community is effectively useless.
Oxwall software is good but with no effective anti spam system it is as good as useless.
We build. You grow.
Get best community software hereStart a social network, a fan-site, an education project with oxwall - free opensource community software
SPAM users make oxwall unusable. | Forum
Steve Winter
May 9 '13
If you have this http://www.oxwall.org/store/item/239 Then just use cloudflare.
More details at
Regards,
Steve
John
Jun 2 '13
I installed the Spam Captacha Plugin.
It had no effect. It even increased the SPAM.
There was 1 new spam registration every 45 seconds.
The question was What is the capital of Spain?
The answer 8976876876.
It made no difference.
I have closed down user registration.
That does stop new registrations.
It had no effect. It even increased the SPAM.
There was 1 new spam registration every 45 seconds.
The question was What is the capital of Spain?
The answer 8976876876.
It made no difference.
I have closed down user registration.
That does stop new registrations.
bobbi
Jun 2 '13
we do not use any anti spam plug ins of any description, we just use the humble user approve, we havent had any spammers for ages,
Paul M.
Jun 2 '13
Have you looked to see where the spam is coming from? I had the same problem and just ended up blocking India as that was the source of the spam. Payday loan and quick cash type stuff. I no longer have a problem.
Leader dave
Jun 2 '13
Also john if you only have the one question it may not help. Once they discover the answer the bots pass the answer quickly to other bots. You need to have a min of 10 questions (20 is better) and stay way from the number questions as much as you can.
Use questions that only someone looking at the page can answer, such as ask them the color of a logo on the page or how many of something on the page or even spell something backwards.
Oxwall Accessories
Jun 2 '13
we really shouldn't have to annoy our users with that many questions. It really discourages the users during the sign up process. Its really this simple oxwall needs to figure this out. Studies show the longer it takes to sign up the bigger the risk of them backing out of the process.
Leader dave
Jun 2 '13
It is only one question, but with 10 or 20 to choose from on the list, it has a more random value which is what you want.
Oxwall Accessories
Jun 2 '13
Still oxwall needs to put a stop to this. I dont see other CMS's having this problem.
Leader dave
Jun 2 '13
I agree not to this extreme, but some have days where they do, such as phpbb for instance some days i see complaints of hundreds of spam signups overnight but its no different than any other script, if they find a hole they will exploit it. I have used phpbb for many years and i love it just as i do other scripts but it all comes down to that hole.
And by hole i dont mean just the script, could be server security lacking, could be someone else on the shared server did not protect themselves and they got into that account and into everyones account.
So yes every script needs to have this as an important security issue, but to say its the script is not right either, its everything combined. Every day it is becoming a more and more important issue even with congress.
As companies have to deal with the expendature in time and manpower to handle this, their complaints are heard and maybe not today or tomorrow, but one day it will be much more important and much more of a legal issue to combat the spammers. The more it affects a companies bottom line the more something will happen (its all about the money) and when this becomes such a pain that companies demand action, action will happen.
So its not just Oxwall or any CMS, it is the whole structure from setting up a server to running a web, to everything.
The Forum post is edited by dave Jun 2 '13
Oxwall Accessories
Jun 2 '13
if they find a hole they will exploit it.
We know its a hole in oxwall as many of us are on different servers. My issue is that oxwall seems to be just turning a blind eye to it.
MarkieMark67
Jun 2 '13
This is a difficult subject. But yes Oxwall has a Hole that can be Exploited, and I can't find it. But here is what I know. It seems that when I have posting set in my Roles for new members spammers hit me hard. When I change my Roles so new members can't post. My spammers stop signing up. I did block many countries and have Spam Captacha Plugin and Always adding a new questions. Also Anti spammer. Keeping Them the spammers guessing has been my best weapon. I'm down to just a few spammers a week.
Oxwall Accessories
Jun 2 '13
lets try changing the main roles name to something different and see if that helps.
I dont get any on but every other site i run gets them.
The Forum post is edited by Oxwall Accessories Aug 5 '13
Paul M.
Jun 2 '13
http://www.phpcaptcha.org/documentation/customizing-securimage/#difficulty
/ow_libraries/securimage/secureimage.php
You could try making the captcha more difficult.
Leader dave
Jun 2 '13
Nice post Paul... i dont know if it can be called hole, but i did hear at one time to take the check mark off of pages dashboard and pofile on the bottom of the page so that members cannot customize those pages, the same with groups settings in installed plugings.
I think that i more of a js issue than an actual hole. But again i say folks as have always said, you cant gripe about free, the door swings both ways ya know... And IMO this is much better than Elgg in many ways.
