Hi,

you can move this topic to whatever part of the forum you like, however it does not answer the issue.

You have said and stated but given no right of reply to the following:

"We've looked through the posts related to spam and decided to sum up the anti spam solutions, you can take advantage of:


1. Anti spam plug-ins, for example, Watchdog plug-in

2. IP Tracker – so you could find out the IP range of spammers and block it. You can do that in the Cpanel of your hosting server. Also CloudFlare has the option (in the Threat Control area) to ban IP ranges.

3. User roles – change the user roles, so that the new users can't post. The negative side of this action, you'll have to change the roles of each member to normal later.

4. If your website, oriented to some specific country, you're free to block the IP s of undesired countries.

5. Adding required custom sign-up questions – this will cause additional troubles for the spam software to make verification post to the database with sign-up section. You can add such a question here: Admin Panel>>Users>>Profile Questions>>Add Question.


If none of this works, there's an opportunity that these profiles were created manually by real person(s). We can suggest using the Mandatory approve feature, that will decrease the spammers' activity. You should simply go to Admin Area > Privacy & Permissions and check the 'Mandatory user approve' box. In this case you will have to approve users before they get an access to the site."


Ok, my questions are simple.

1. I have anti spam running

2. I have asked the hosting company to help me find and block spammers via their IP address, and I have also signed up for CloudFlare as my hosting company suggested and it has been configured correctly by my web host.

3. User roles are kind of useless as I have to manually accept members to the website in order for them to become members, if I don't accept then they don't post.

4. Again I have asked my web host to block well known problem countries.

5. Additional questions are *required to sign up along with a picture, now the people who are signing up have no picture added, so this must mean there is a security problem with Oxwall.

If none of this works then you suggest using the Mandatory approve feature which I have been using but keep getting an overwhelming amount of bogus sign ups.

Thing is point 5 is quite remarkable, as your sign up *required fields don't seem to work, as an image is very much required at my website and yet so many of the spam members seem to join without one. Why?

i only use user approve but i have noticed since i updated to 1.7.1 i have not had a single spammer register on my site, i can see from the visitor logs that spammers are visiting my site but none have made a account i know registration works as i have tested it and we have had a couple of new members, <br/>

was there something implemented in the latest update to make it harder for spam bots to register,

Dale, 

1. what software version do you have? (since 1.7) it is practically impossible for the auto spammers to login)

2. what required profile fields have you created?

3. please provide a screenshot that you set those fields as required in the Profile section in the admin panel. 

4. please provide a screenshot where you set the display of the avatar as required. www.yoursite.com/admin/settings/user

Also I recommend you to create a required profile questions of the URL answer type. This way you limit the option of the spammers, disregarding whether they are auto or manually registered to enter some random text in the field. 

The only thing left is the spammers who registered manually. Of course,  you can block their IP or IP range (more than often they are on the proxy),by doing this you can eliminate real "good" members from registering. 

Hi Ross,

1) I have 1.7.1 running and have loads of spam members, all female which is very odd.

2) I have asked specific questions in the required profile fields such as location (since Oxwall has promised locations in their next update for a few years now and NEVER delivered)

3) I'd prefer not to supply screen shots due to the nature of the website, however if your give me your email address I will send you a link to the website so you may see the sign up process for yourself.

4) Again I would prefer to keep screenshots private due to the nature and content of my website plus I would prefer to keep my members anonymity a priority.

However attached is a picture of the official  image when people sign up without a picture, which is difficult as it's a required section of the sign up process, and next to it is an image of someone who has compromised the website.

I've attached the images for correct sign up and non correct sign up.

The one in the blue is the default and it's added by the site, the one in grey has nothing to do with the website at all, and as far as I know it has nothing to do with Oxwall either. But I could be wrong on that.

you can me the screenshot in the private message here.