marklcfc Posted March 30, 2022 Posted March 30, 2022 (edited) In the past hour I’ve had around 40 spam failure to deliver messages. It’s happened twice in that hour, around 20 times within a minute, different emails in every failure. Its happening through the post through register from what I see, but how they are doing it so fast I don’t know. Any ideas? I’ve turned it off temporarily Example of one Edited March 30, 2022 by marklcfc
opentype Posted March 30, 2022 Posted March 30, 2022 Probably bots. The Google captcha (if used) is not a big problem for them. I solved this problem by switching to the 3rd-party implementation of hCaptcha.
marklcfc Posted March 30, 2022 Author Posted March 30, 2022 Just now, opentype said: Probably bots. The Google captcha (if used) is not a big problem for them. I solved this problem by switching to the 3rd-party implementation of hCaptcha. On spam prevention I have Invisible reCAPTCHA selected
Jim M Posted March 30, 2022 Posted March 30, 2022 Would guess some form of automated bots and they are getting stopped at your registration page. Being the "did you forget?" email is being sent now, this spam attack happened about a week ago. 1 minute ago, marklcfc said: Invisible reCAPTCHA selected This is Google's CAPTCHA.
marklcfc Posted March 30, 2022 Author Posted March 30, 2022 42 minutes ago, Jim M said: Would guess some form of automated bots and they are getting stopped at your registration page. Being the "did you forget?" email is being sent now, this spam attack happened about a week ago. 43 minutes ago, marklcfc said: So there's no way to stop it? I'm still getting lots of these emails email failures
Randy Calvert Posted March 30, 2022 Posted March 30, 2022 Look at the CleanTalk plugin. It’s done a great job of reducing spam registrations and Contact Us spam messages. rnorth6920 1
Jim M Posted March 30, 2022 Posted March 30, 2022 16 minutes ago, marklcfc said: So there's no way to stop it? I'm still getting lots of these emails email failures I'm afraid, there is no built-in method to do so. I have transferred this to a ticket though to see if we can clean up any of this for you.
marklcfc Posted April 1, 2022 Author Posted April 1, 2022 On 3/30/2022 at 6:12 PM, opentype said: Probably bots. The Google captcha (if used) is not a big problem for them. I solved this problem by switching to the 3rd-party implementation of hCaptcha. Is this what you’re using
Hostingunlock Posted April 6, 2022 Posted April 6, 2022 add question in the registry difficult to answer that's why spam
marklcfc Posted April 6, 2022 Author Posted April 6, 2022 2 hours ago, Hostingunlock said: add question in the registry difficult to answer that's why spam Can I for the post before register page?
CheersnGears Posted April 6, 2022 Posted April 6, 2022 @marklcfc - get the Cleantalk plug-in. It's $8 a year and works really well to block bad bots.
marklcfc Posted April 6, 2022 Author Posted April 6, 2022 1 hour ago, CheersnGears said: @marklcfc - get the Cleantalk plug-in. It's $8 a year and works really well to block bad bots. This one? Isn't showing a price. And do you just install it and it works or any other setting up? Isn
Randy Calvert Posted April 6, 2022 Posted April 6, 2022 8 minutes ago, marklcfc said: This one? Isn't showing a price. And do you just install it and it works or any other setting up? Isn Yes. The plugin is free to install, but for protection to work... you need an activation key that you get from purchasing on their site. In terms of settings... it's pretty simple: There is one other field below this space for your registration key and that's it. Their website portal shows all of the activity such as blocks/allows, etc.
CheersnGears Posted April 6, 2022 Posted April 6, 2022 14 minutes ago, marklcfc said: This one? Isn't showing a price. And do you just install it and it works or any other setting up? Isn Yes, that one. The plug-in is free, but you need to buy the yearly subscription for $8. If you're not an international site you might want to buy up to the plan that lets you blacklist certain countries. It's slightly more, but still very worth it.
marklcfc Posted April 11, 2022 Author Posted April 11, 2022 Does it affect post before register though? That's where I'm getting spam through and nowhere else
Sonya* Posted April 11, 2022 Posted April 11, 2022 13 minutes ago, marklcfc said: Does it affect post before register though? That's where I'm getting spam through and nowhere else It does not prevent writing and submitting. But you do not see those posts anywhere in your community till the user registers and confirms his email. CleanTalk will prevent registering spam users. Their spam posts (that you'll never see) are deleted automatically by IPS after some time. Marc 1
marklcfc Posted April 11, 2022 Author Posted April 11, 2022 (edited) The actual users don't end up registering or in validating though, I just get a load of spam emails whenever Post before register is turned on. Edited April 11, 2022 by marklcfc
Sonya* Posted April 11, 2022 Posted April 11, 2022 I see. I use a different e-mail address for outgoing e-mails. This is a kind of noreply@mycommunity.com. This e-mail does not accept any e-mails. That's why I do not see any Mail Delivery Failure from those who use invalid mails. Incoming mails go to a fully functional e-mail address. Probably this is an approach for you.
Marc Posted April 11, 2022 Posted April 11, 2022 Its not spam emails you are getting there. Its delivery fails because the email addresses dont exist. There is little that can really be done to prevent that
Randy Calvert Posted April 11, 2022 Posted April 11, 2022 You can also just create a server rule to automatically delete those messages as well.
marklcfc Posted April 11, 2022 Author Posted April 11, 2022 (edited) 2 hours ago, Sonya* said: I see. I use a different e-mail address for outgoing e-mails. This is a kind of noreply@mycommunity.com. This e-mail does not accept any e-mails. That's why I do not see any Mail Delivery Failure from those who use invalid mails. Incoming mails go to a fully functional e-mail address. Probably this is an approach for you. I would do that, but I've set it all up in amazon ses, guessing I'd have to set up a new email in ses called noreply@mysite to do that. But then I assume I'm still going to get the failures and I'm only bothered by it as I suspect it will harm my reputation on there having all these delivery failures which are so frequent when post before register is active. My bounce rate is quite high now and that's with me having post before register off for a while now 49 minutes ago, Randy Calvert said: You can also just create a server rule to automatically delete those messages as well. How exactly and would that help with Amazon ses reputation or not? Edited April 11, 2022 by marklcfc
Randy Calvert Posted April 11, 2022 Posted April 11, 2022 You have two different issues here. The mailer daemon messages can be disabled within your SES settings so you don't even generate them. That will remove you getting notices about bounces via email. Under your Notification settings, disable email notification. Now... regarding your reputation... this is indifferent. It's not going to help OR hurt you. Regarding improving your reputation, you need to figure out why emails are bounding. I personally used SESDashboard. https://sesdashboard.com/#features You can set SNS to deliver notifications of all successful and failed messages to the dashboard so you can see what is happening. I personally will go through and look at bounced messages to see if it's legit members who have an old email address, etc. If you're using SES with IPB, I assume you're using Make sure your bounce management is configured and working. I personally for hard bounces have users changed to the validating group so they're forced to update their email address. If it's a complaint, I set the account to "Temporarily Banned". (If they want to stay a member, they're forced to reach out to me and I can educate them about not reporting our mail as spam. Otherwise, they can stay banned.)
marklcfc Posted April 11, 2022 Author Posted April 11, 2022 (edited) 1 hour ago, Randy Calvert said: You have two different issues here. The mailer daemon messages can be disabled within your SES settings so you don't even generate them. That will remove you getting notices about bounces via email. Under your Notification settings, disable email notification. Does this just mean that the emails will continue to bounce but I just won't be notified about it? so I won't be aware of how often it's happening. Edited April 11, 2022 by marklcfc
Recommended Posts