XF 2.1 Spam accounts getting through manual checks

S

subsequent

Member
Hi guys, I have a few issues with spam accounts that I was wondering if I could get some feedback on.

We've had a lot of spam accounts being created constantly and have mostly solved the issue.

We have the following settings:

Link to images here:
To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.

User registration

1581443991211.png

Spam management

1581443856264.png

Banned emails

1581443886263.png

However, we are still receiving about 5 or so accounts a day who are somehow not only registering, but getting their accounts approved.

Additionally, we have a ton of "Unable to send mail" notices in the Server error logs

1581444432620.png

Additionally, I presume this is related. We got this message from our hosting company:

Hello,

It came to our attention that there is a spamming script found on the account with the username /simfbaah/.

We managed to pull up the location of the script:

/home/simfbaah/public_html/wiki

Looking at the mail logs we do see that the emails look like this:

2020-02-05 10:56:20 1izN2K-0000Tr-0E <= admin@simfba.com U=simfbaah P=local S=1381 id=simfbaah_mw19237-mwln_.5e3ae5a3e2f784.48638671@simfba.com T="SFA Wiki email address confirmation" for ramirotommie@enelopes.com
2020-02-05 10:56:20 cwd=/home/simfbaah/public_html/wiki 5 args: /usr/sbin/sendmail -t -i -f admin@simfba.com
2020-02-05 10:56:20 1izN2K-0000Uh-Kx <= admin@simfba.com U=simfbaah P=local S=1386 id=simfbaah_mw19237-mwln_.5e3ae5a49113d0.59133572@simfba.com T="SFA Wiki email address confirmation" for kassie.sabo@cdn71.mailna.us
2020-02-05 10:56:23 cwd=/home/simfbaah/public_html/wiki 5 args: /usr/sbin/sendmail -t -i -f admin@simfba.com
2020-02-05 10:56:23 1izN2N-0000YC-DI <= admin@simfba.com U=simfbaah P=local S=1379 id=simfbaah_mw19237-mwln_.5e3ae5a7359813.58599663@simfba.com T="SFA Wiki email address confirmation" for laruefreddy@enelopes.com

It looks like the registration form was used by bots in order to create numerous accounts on the site.
The best way out of this situation would be to implement the Captcha challenge on the registrations page.
It will keep the bots away.

Unfortunately we had to restrict web access to the website in order to stop the sending, thus we would need to have your IP address, so we can allow you access for the setup of Captcha.
Please check your IPv4 address here : ipfinder.us

Looking forward to your reply,
Click to expand...

I would appreciate any help or suggestions, thanks!
 

Attachments

  • 1581443914270.webp
    1581443914270.webp
    10.9 KB · Views: 4
  • 1581444151312.webp
    1581444151312.webp
    94 KB · Views: 4
Last edited:
Sort by date Sort by votes
Manster54 said:
xenforo.com

[OzzModz] Registration Spaminator Stop Spam Bot Registrations

There is a 10% tax added to our products. We do not offer invoices, you need to use your PayPal Receipt for your accounting or VAT needs. Tax will be added at checkout. This addon is another tool in fighting spam bot registrations at your forum...
xenforo.com xenforo.com
Click to expand...

Thanks. I had seen this suggested a few times and was thinking of picking it up.

Did you see anything wrong with my settings? Wanted to also make sure I wasn't messing with something there as I'm not sure how accounts are being approved without me doing it manually.
 
Upvote 0 Downvote
It's hard to read the screenshots as we do some resizing, but if you have manual approval enabled and accounts appear to be bypassing that, the first thing to check would be add-ons as the only time we've had reports of that, it's tracked by to an add-on. As an example, in the past, I believe Tapatalk has caused related issues because I think they have their own system for registering users.

Mail sending is probably unrelated, though the bit you quoted from your host might be the cause of that. However, it looks like the emails they listed there aren't generated by XF (they appear to be coming from your wiki). In terms of debugging why mails aren't being sent, that would have to be found in the mail logs on the server which is likely something your host would have to check.
 
Upvote 0 Downvote
Manster54 said:
I can't bring up those images onclick, to read them clearly enough to make a call.
Click to expand...

Weird, here they are:
To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.

Manster54 said:
If you want ALL accounts to have to be manually approved, that's in the usergroup perms.
Click to expand...

I meant that bots are somehow able to create an account and have it approved by bypassing the need for me to go into the queue and approve/deny their accounts. (The little moderator approval queue in the top left corner)
 
Upvote 0 Downvote
Mike said:
It's hard to read the screenshots as we do some resizing, but if you have manual approval enabled and accounts appear to be bypassing that, the first thing to check would be add-ons as the only time we've had reports of that, it's tracked by to an add-on. As an example, in the past, I believe Tapatalk has caused related issues because I think they have their own system for registering users.

Mail sending is probably unrelated, though the bit you quoted from your host might be the cause of that. However, it looks like the emails they listed there aren't generated by XF (they appear to be coming from your wiki). In terms of debugging why mails aren't being sent, that would have to be found in the mail logs on the server which is likely something your host would have to check.
Click to expand...

Sorry! Here is a link to the images in a more legible format:
To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.

Let me know if you see anything wrong with my settings.

Perhaps I should try disabling add-ons until I can narrow down what is going on.

I'll try to work with the host to see what's up with the wiki stuff. We haven't been able to narrow it down further to that.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

polle
  • Question Question
XF 2.2 Rule to block spam accounts using gmail
Replies
3
Views
190
Ozzy47
Ozzy47
Chimpie
  • Question Question
XF 2.1 Spam Accounts Seem To Be Getting Through Registration
Replies
8
Views
1K
Ozzy47
Ozzy47
P
  • Question Question
XF 1.5 Spam accounts and spam bots
Replies
6
Views
2K
Pilgrim
P
G
  • Question Question
XF 1.3 Spam Accounts/Postings
Replies
15
Views
568
garlandk
G
Divinum Fiat
  • Question Question
XF 1.3 Spam is getting through
Replies
4
Views
838
SchmitzIT
SchmitzIT
Back
Top Bottom