Randy Calvert Posted April 11, 2022 Posted April 11, 2022 6 minutes ago, marklcfc said: Does this just mean that the emails will continue to bounce but I just won't be notified about it? so I won't be aware of how often it's happening. Correct. However again... you should not need it if you are using other alternatives. For example with @Jon Erickson's SES integration, you can pick what happens when emails bounce or if someone sends a spam complaint. For example, to automatically set them back into the validating member group if emails hard bounce. Also... with SESDashboard, I don't need an email notice. I instead have a web portal that I can see any bounced email, etc. If you want to receive notifications via email the event happened, great... do nothing. It's working as designed. Your complaint was however that you're getting tons of those emails when spammers attempt to signup with a fake address. You're going to have to pick your poison here. You can disable email validation and instead do manual user approval for all registrations. You could leave email validation enabled, but then you have to deal with the ones that just enter fake addresses that will never get approved.
marklcfc Posted April 11, 2022 Author Posted April 11, 2022 (edited) Like I've said though I don't think this is anything to do with the registration process, none of these bounced emails have any accounts in the validation queue. It doesn't go that far, spam is being created through post before register, no users are ever registered through this spam - just emails being sent to fake email addresses. Edited April 11, 2022 by marklcfc
Randy Calvert Posted April 11, 2022 Posted April 11, 2022 50 minutes ago, marklcfc said: Like I've said though I don't think this is anything to do with the registration process, none of these bounced emails have any accounts in the validation queue. It doesn't go that far, spam is being created through post before register, no users are ever registered through this spam - just emails being sent to fake email addresses. Then disable the post before register option. 🙂
marklcfc Posted April 11, 2022 Author Posted April 11, 2022 1 hour ago, Randy Calvert said: Then disable the post before register option. 🙂 I have, I like that feature though and it’s a shame to lose it
Marc Posted April 12, 2022 Posted April 12, 2022 The reality here is if you have the post before register option enabled, you will get people who will try and register with email addresses that don't exist.
Sonya* Posted April 12, 2022 Posted April 12, 2022 11 hours ago, marklcfc said: Like I've said though I don't think this is anything to do with the registration process, none of these bounced emails have any accounts in the validation queue. It doesn't go that far, spam is being created through post before register, no users are ever registered through this spam - just emails being sent to fake email addresses. You can ask @Makoto if his app prevents post before register with invalid mails.
marklcfc Posted April 12, 2022 Author Posted April 12, 2022 1 hour ago, Marc Stridgen said: The reality here is if you have the post before register option enabled, you will get people who will try and register with email addresses that don't exist. Don't you think there should be some kind of capacha to get through? Something just doesn't seem right, they are not trying to register and it never gets to that stage as there are no such accounts in the validation list. The last lot of failures before I turned the feature off all received within the space of a minute An error occurred while trying to deliver the mail to the following recipients: wpqynggmxckf@gmail.com An error occurred while trying to deliver the mail to the following recipients: hlikzpbvxidb@gmail.com An error occurred while trying to deliver the mail to the following recipients: zzbtisgbghbw@gmail.com An error occurred while trying to deliver the mail to the following recipients: pyisckkkuqqa@gmail.com An error occurred while trying to deliver the mail to the following recipients: hcastuxzwxzz@gmail.com An error occurred while trying to deliver the mail to the following recipients: gumenfksvhvv@gmail.com An error occurred while trying to deliver the mail to the following recipients: lnmduidtcabl@gmail.com An error occurred while trying to deliver the mail to the following recipients: unxcqqarbgyy@gmail.com An error occurred while trying to deliver the mail to the following recipients: azpwziqmhpun@gmail.com An error occurred while trying to deliver the mail to the following recipients: dwkuyslceagf@gmail.com An error occurred while trying to deliver the mail to the following recipients: yfuiacxshgml@gmail.com An error occurred while trying to deliver the mail to the following recipients: ccpdnzfkcjkb@gmail.com An error occurred while trying to deliver the mail to the following recipients: rkhgvdxfuovp@gmail.com An error occurred while trying to deliver the mail to the following recipients: rwmfujqojila@gmail.com An error occurred while trying to deliver the mail to the following recipients: dwtcmlbpfdyc@gmail.com An error occurred while trying to deliver the mail to the following recipients: vrqzdpxgbzyx@gmail.com An error occurred while trying to deliver the mail to the following recipients: kfzqcybsmzyl@gmail.com An error occurred while trying to deliver the mail to the following recipients: ktjfsqbzosgm@gmail.com An error occurred while trying to deliver the mail to the following recipients: cwxtoysjunii@gmail.com An error occurred while trying to deliver the mail to the following recipients: dqcssynfbqaj@gmail.com An error occurred while trying to deliver the mail to the following recipients: xtelucxsvlqf@gmail.com An error occurred while trying to deliver the mail to the following recipients: npbueapojviv@gmail.com
Marc Posted April 12, 2022 Posted April 12, 2022 It does indeed use recaptcha if its set up on your site. Spam prevention measures will never be perfect unfortunately
marklcfc Posted April 12, 2022 Author Posted April 12, 2022 (edited) See the stats from last 90 days for Invisible capatcha, you can see the increase when this started to happen and when I turned it off and back on again. Alot seemed to be getting through despite the emails looking ridiculous. I've gone back to checkbox capatcha to see if that helps Edited April 12, 2022 by marklcfc
Randy Calvert Posted April 12, 2022 Posted April 12, 2022 Spammers are pretty easily able to complete captchas now. There are several toolkits out there that are able to work around and complete them. While they stop the basic “script kiddies” it does not stop the determined threat actors.
marklcfc Posted April 13, 2022 Author Posted April 13, 2022 Just woke up to 120+ emails of spam, what a mess
Marc Posted April 13, 2022 Posted April 13, 2022 25 minutes ago, marklcfc said: Just woke up to 120+ emails of spam, what a mess There is little else we can be of assistance with on this unfortuanetly. If you have these notifications (these are not spam, and actually notifications from your server) switched on, and have post before register switched on, you will be notified by your server if someone uses an email that doesnt exist.
marklcfc Posted April 13, 2022 Author Posted April 13, 2022 28 minutes ago, Marc Stridgen said: There is little else we can be of assistance with on this unfortuanetly. If you have these notifications (these are not spam, and actually notifications from your server) switched on, and have post before register switched on, you will be notified by your server if someone uses an email that doesnt exist. Amazon ses is still trying to send the emails out though and going against my reputation though isn't it, that's my problem.
opentype Posted April 13, 2022 Posted April 13, 2022 I repeat my suggestion to use hCaptcha. I am using it on my websites where I also use Amazon SES and I have no problems with bounces. If that still doesn’t help, you might need to stop using ‘post before register’. In my experience, those spammers seem to put the websites they target on some kind of list and the automated attacks keep coming. Sonya* 1
Sonya* Posted April 13, 2022 Posted April 13, 2022 9 minutes ago, opentype said: put the websites they target on some kind of list and the automated attacks keep coming.
marklcfc Posted April 13, 2022 Author Posted April 13, 2022 24 minutes ago, opentype said: I repeat my suggestion to use hCaptcha. I am using it on my websites where I also use Amazon SES and I have no problems with bounces. I've just bought that, lets see if any difference
marklcfc Posted April 14, 2022 Author Posted April 14, 2022 (edited) That hCaptcha mod doesn't work by the way, impossible to sign up. You enter your details click create my account, it gives you the captcha to go through and then just goes back to the sign in form every single time. Gone back to invisible captcha and account can be created, just won't have to use post before register. 😔 How do I get a refund? Edited April 14, 2022 by marklcfc
Sonya* Posted April 15, 2022 Posted April 15, 2022 22 hours ago, marklcfc said: How do I get a refund? I would contact the developer of the mod first. If there is an issue, it would help him to fix it (not only for you but for everyone). If the developer does not react at an appropriate time then ask for a refund by IPS.
bradybarrows Posted April 22, 2022 Posted April 22, 2022 On 3/30/2022 at 12:02 PM, marklcfc said: In the past hour I’ve had around 40 spam failure to deliver messages. It’s happened twice in that hour, around 20 times within a minute, different emails in every failure. Its happening through the post through register from what I see, but how they are doing it so fast I don’t know. Any ideas? I’ve turned it off temporarily We don't have any issue like this because we don't require an email address for a guest to post before registration. Are you aware of this option?
Randy Calvert Posted April 22, 2022 Posted April 22, 2022 2 hours ago, bradybarrows said: We don't have any issue like this because we don't require an email address for a guest to post before registration. Are you aware of this option? That is disabling the post before register. The only difference is guest posting is still allowed. Be careful as these forums may end up with spam attacks in them.
bradybarrows Posted April 22, 2022 Posted April 22, 2022 7 hours ago, Randy Calvert said: That is disabling the post before register. The only difference is guest posting is still allowed. Be careful as these forums may end up with spam attacks in them. Not sure what you mean 'disabling the post before register' but if you mean it requires a moderator to approve the guest post before it is published, that is correct. The caveat is that even when using the block word filter tool spammers and trollers find ways around this and continue to try to post their wares and narfarious posts and they have to be deleted which is a huge task for our volunteers. Using the word filter tool does cut down on this but it amazes me how they get around it and haven't figured out how they do it, but I have noticed a huge drop in guest spam posts after using this tool. The other caveat that takes up lots of volunteer time for moderation is the number of bogus INVOICES that are created by these nafarious trolls. I wish I could prevent that from happening or at least cut down the number of bogus invoices created in Subscriptions with some sort of filter. Any ideas?
Hostingunlock Posted April 22, 2022 Posted April 22, 2022 your solution would be to deactivate the publication before registering that those bots are like a plague that no matter how much you put security they always mock it
bradybarrows Posted April 22, 2022 Posted April 22, 2022 2 hours ago, Hostingunlock said: your solution would be to deactivate the publication before registering that those bots are like a plague that no matter how much you put security they always mock it You probably are correct in the long run, but so far, using the word filter tool IC came up with, I have been blocking http://anything.ru and copy and pasting certain Russian words with Cyrillic letters (the word filter accepts Russian Cyrillic words) and so far the spam guest posts have dropped significantly. It was huge before using the block word filter tool. Do you have any idea how to reduce the number of bogus invoices created by guests who go through the subscription checkout without registering anything? That is a huge amount of tedious work to delete. I like having the PAID subscription invoices and keep them since they have the contact data needed for registered members. I just don't like wading through forty or fifty bogus invoices that are just useless. There must be some kind of workaround without having to purchase a plugin. Every time I purchase a plugin they give me issues later. I am extremely careful about using plugins and stick with a developer who actually works with us and keeps the plugin updated.
Sonya* Posted April 22, 2022 Posted April 22, 2022 5 hours ago, bradybarrows said: Not sure what you mean 'disabling the post before register' It is an IPS feature
Recommended Posts