Bots registering and webhosting blocked mail function

[Bazim]

Hello, today i get a email from my webhosting which i using for my Chevereto site.

They allerted me because so many bots registering to my Chevereto site and sending an spam emails. So my webhostgin blocked mail() function for me.

They said i need fix that with captcha or something. And yes if i see to a registered users. So many bots are here.

 

[Ricardo]

Hey @Bazim

You should enable reCaptcha at /dashboard/settings/external-services and use an external email provider (like SendGrid) to avoid interruptions.

Hope it helps!

 

[Rodolfo]

sending an spam emails

I really doubt about that. There isn't a email or PM feature between users so most likely it was just the welcome or account confirmation email.

 

[SirMoo]

I really doubt about that. There isn't a email or PM feature between users so most likely it was just the welcome or account confirmation email.

Indeed. Had this issue on Coppermine Gallery before. And many a forum.

They allerted me because so many bots registering to my Chevereto site and sending an spam emails. So my webhostgin blocked mail() function for me.

Set up a mail service to send out your transactional emails for you. This will help keep you whitelisted. I use https://mailgun.com but there are plenty out there. You should almost never use the mail() function...

 

[lovedigit]

I would definitely suggest to use https://www.sparkpost.com. Their free tier is way too generous. They are just awesome.

 

[gobzer]

I switched to mailgun.org from mandrill.com (they removed free option).
But I still have registrations flood. And emails from users complaining about that.
Look:

Going to add some captchas. But I personally don't like them.

 

[Rodolfo]

Going to add some captchas. But I personally don't like them.

No one likes captchas but you must use it if you run any web service. Can you confirm if the IP is the same?

 

[gobzer]

Can you confirm if the IP is the same?

No. They are different all the time.
I set reCaptcha with threshold 0. Sad

 

[Lastopp]

Captcha is no problem on registration. Your users will fully understand.

 

[lovedigit]

To make things easier for legit users, use human friendly captcha. You can set it in your Google recaptcha settings.

 

[gobzer]

Can you confirm if the IP is the same?

I just checked last 10 "awaiting confirmation" profiles and found that 7 IPs are in the http://www.stopforumspam.com/ database.

 

[Rodolfo]

I will add a flood prevention on sign-up but you should still use reCaptcha.

 

[SirMoo]

I just checked last 10 "awaiting confirmation" profiles and found that 7 IPs are in the http://www.stopforumspam.com/ database.

I asked months ago for StopFourmSpam integration into CVH. :c

 

[Bazim]

Repatcha worked for me thanks.

 

[gobzer]

After you fixed bots registrations it's time to find all these users.
You can also block IPs that make a lots of registrations.
With this query you can count users awaiting confirmation by their IP address:

SELECT COUNT(`user_id`) AS cnt, `user_registration_ip` FROM prefix_users WHERE `user_status` = 'awaiting-confirmation' AND `user_registration_ip` not like '' GROUP BY `user_registration_ip` ORDER BY `cnt` DESC

I found that blocking 8 IPs blocks 90% of fake registrations.

 

[lovedigit]

Also, Add these IP address to your block list.

http://pastebin.com/F0Lfxgcp

 

[Rodolfo]

Check this: https://chevereto.com/community/threads/testers-needed-for-upcoming-account-cleanup-function.7900/

 

[Rodolfo]

System now detects registration flood so I think that it should fix this issue. Keep me updated if you still have issues.