XF 2.2 Spam problem

[Dzgsm]

Hallo,
i have a spam problem, not with registration but from the members themselves, as there are members using very weak passwords like: 123456
there are several methods to detect weak passwords or request inactive members to update their passwords?

 

[Rhody]

They were probably in a breach at some other site, and using the SAME password and email on your site.

 

[Mr Lucky]

Yes this was a thing a few months back - make older/inactive accounts reset passwords. and /or r use Xon's addon

Resource icon X

Password Tools

Oct 1, 2018

Cause safer passwords are better passwords.

• Xon
• hibp limitations password zxcvbn
• Add-ons [2.x]

 

[beerForo]

Per group:
Require two-step verification
Yes
No
Never

 

[Mr Lucky]

Per group:
Require two-step verification
Yes
No
Never

I have that for admins and mods, but I think we would lose members by forcing yet another annoying (albeit sensible) 2 factor.

 

[Suzanne O]

I have @Xon's sign up and abuse add on it along with cloudflare turnstile works like a dream.
If you're getting data breeched you might want to get the users affected to change their passwords.

 

[Dzgsm]

They were probably in a breach at some other site, and using the SAME password and email on your site.

I don't think so because the number of members on my site is more than 233,631

 

[Dzgsm]

Yes this was a thing a few months back - make older/inactive accounts reset passwords. and /or r use Xon's addon

Resource icon X

Password Tools

Oct 1, 2018

Cause safer passwords are better passwords.

• Xon
• hibp limitations password zxcvbn
• Add-ons [2.x]

I will try it.. thank 's bro

 

[Dzgsm]

I have that for admins and mods, but I think we would lose members by forcing yet another annoying (albeit sensible) 2 factor.

Same opinion

 

[Dzgsm]

I have @Xon's sign up and abuse add on it along with cloudflare turnstile works like a dream.
If you're getting data breeched you might want to get the users affected to change their passwords.

can explain more ..plz

 

[CedricV]

I have @Xon's sign up and abuse add on it along with cloudflare turnstile works like a dream.
If you're getting data breeched you might want to get the users affected to change their passwords.

Are you sure you don't have registrations turned off? 7 Members.

 

[Suzanne O]

can explain more ..plz

X

Signup abuse detection and blocking

Nov 20, 2018

Provides a toolkit to reduce signup spam

• Xon
• Add-ons [2.x]

Then you will have no more spam.

 

[Dzgsm]

No solution worked because the spam members were registered a year ago, i want a way to force old members to change password !

 

[Mr Lucky]

No solution worked because the spam members were registered a year ago, i want a way to force old members to change password !

Did you try forcing them to change/reset password? (batch update)

- make older/inactive accounts reset passwords.

 

[woody]

Did you try forcing them to change/reset password? (batch update)




View attachment 298092

Did this a couple years ago, worked great. Be prepared to address users who no longer have access to their registration email...I have literally dealt with thousands of them, and still get one or more every week.

 

[Mr Lucky]

Be prepared to address users who no longer have access to their registration email...I have literally dealt with thousands of them, and still get one or more every week.

Depends what you use

• If you use change password they do not need an email, they get a notice on the site so just need to put in their old password then choose a new one.
• If you use reset password, a password reset request is sent by email (but no old password required) - this one is best if they have forgotten their password.

 

[AndyB]

You might like this add-on:

https://xenforo.com/community/resources/security-lock-manager.9311/

 

[Suzanne O]

You could put a notice up for all old accounts to contact you to reset their passwords.

 

[Ozzy47]

This free addon will prevent old breached accounts from logging in, https://xenforo.com/community/resources/ozzmodz-security-lock-old-accounts.9372/

 

[Dzgsm]

Did you try forcing them to change/reset password? (batch update)




View attachment 298092

Yes, I'm looking for it, but I don't have itI my version 2.2.9.
plz bro how do I find it?