Lots of fake registrations
- RobertvanderHulst
- OFFLINE
-
Banned
- Posts: 102
- Thanks: 15
- Karma: 5
2 months 2 days ago #337315
by RobertvanderHulst
Lots of fake registrations was created by RobertvanderHulst
I am seeing lots and lots of fake registrations on our website (xsharp.eu). We use cblogin for the login and registration page and we have enabled recaptcha v3.
Some registrations are with fake email addresses, but many others seem to have real email addresses and get confirmed.
Some of these registrations then start to post messages on our forum.
We have configured our forum to make sure that new posts need to be approved first, so I can block these posts, but it costs a significant amount of time to remove these users and messages.
I have the impression that many of these users come from Russia, but some also use IP addresses from (ghost?) computers elsewhere.
Are others seeing this too?
Is maybe our configuration wrong, so the recaptcha is not working?
Are these people abusing a leak on Joomla (4.4.3) and/or CB (2.9.1) ?
Robert
Some registrations are with fake email addresses, but many others seem to have real email addresses and get confirmed.
Some of these registrations then start to post messages on our forum.
We have configured our forum to make sure that new posts need to be approved first, so I can block these posts, but it costs a significant amount of time to remove these users and messages.
I have the impression that many of these users come from Russia, but some also use IP addresses from (ghost?) computers elsewhere.
Are others seeing this too?
Is maybe our configuration wrong, so the recaptcha is not working?
Are these people abusing a leak on Joomla (4.4.3) and/or CB (2.9.1) ?
Robert
Please Log in to join the conversation.
krileon
Team Member- OFFLINE
- Posts: 68528
- Thanks: 9093
- Karma: 1434
2 months 1 day ago #337320
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic Lots of fake registrations
reCaptcha is pretty easy for a bot to beat these days. Maybe try switching to internal code based captcha or adjusting its "Score Threshold" to be more aggressive? We use internal captcha and have more success with it since we can change it regularly to trip up the bots. In a future release we'll also provide hCaptcha and Cloudflare Turnstile, but honestly I doubt they'll do much better.
Additionally if your forums are Kunena we provide a forum antispam plugin with CB AntiSpam to blocks bots from spamming links on the forums. It will only allow external links after a posting threshold.
I also recommend using mod_security and using an aggressive filter list. That often can catch a lot of bad actors including bots.
CB AntiSpam can IP block. In addition to blocking entire ranges of IP addresses. It's typically best to do that server side to stop them from ever reaching your site, but you can configure it from CB AntiSpam as well if you want to quick test blocking a range of IP addresses if you think there's a range specifically targeting you.
Unfortunately AI bots can basically beat any registration requirements. There isn't much more you can do about it I'm afraid.
Additionally if your forums are Kunena we provide a forum antispam plugin with CB AntiSpam to blocks bots from spamming links on the forums. It will only allow external links after a posting threshold.
I also recommend using mod_security and using an aggressive filter list. That often can catch a lot of bad actors including bots.
CB AntiSpam can IP block. In addition to blocking entire ranges of IP addresses. It's typically best to do that server side to stop them from ever reaching your site, but you can configure it from CB AntiSpam as well if you want to quick test blocking a range of IP addresses if you think there's a range specifically targeting you.
Unfortunately AI bots can basically beat any registration requirements. There isn't much more you can do about it I'm afraid.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Please Log in to join the conversation.
- RobertvanderHulst
- OFFLINE
-
Banned
- Posts: 102
- Thanks: 15
- Karma: 5
2 months 11 hours ago #337334
by RobertvanderHulst
Replied by RobertvanderHulst on topic Lots of fake registrations
Kyle,
Thanks. I have added some IP range blocks, and that seems to reduce some of the attacks.
Robert
Thanks. I have added some IP range blocks, and that seems to reduce some of the attacks.
Robert
Please Log in to join the conversation.
Moderators: beat, nant, krileon
Time to create page: 0.300 seconds
-
You are here:
- Home
- Forums
- Support and Presales
- Developer Members Support
- Lots of fake registrations