Jump to content

Recommended Posts

Posted
6 minutes ago, marklcfc said:

Does this just mean that the emails will continue to bounce but I just won't be notified about it? so I won't be aware of how often it's happening.

Correct.  However again...  you should not need it if you are using other alternatives.  For example with @Jon Erickson's SES integration, you can pick what happens when emails bounce or if someone sends a spam complaint.  For example, to automatically set them back into the validating member group if emails hard bounce.  

Also...  with SESDashboard, I don't need an email notice.  I instead have a web portal that I can see any bounced email, etc.  

If you want to receive notifications via email the event happened, great...  do nothing.  It's working as designed.  Your complaint was however that you're getting tons of those emails when spammers attempt to signup with a fake address.  

You're going to have to pick your poison here.  You can disable email validation and instead do manual user approval for all registrations.  You could leave email validation enabled, but then you have to deal with the ones that just enter fake addresses that will never get approved. 

Posted (edited)

Like I've said though I don't think this is anything to do with the registration process, none of these bounced emails have any accounts in the validation queue. It doesn't go that far, spam is being created through post before register, no users are ever registered through this spam - just emails being sent to fake email addresses.

Edited by marklcfc
Posted
50 minutes ago, marklcfc said:

Like I've said though I don't think this is anything to do with the registration process, none of these bounced emails have any accounts in the validation queue. It doesn't go that far, spam is being created through post before register, no users are ever registered through this spam - just emails being sent to fake email addresses.

Then disable the post before register option. 🙂

Posted
1 hour ago, Randy Calvert said:

Then disable the post before register option. 🙂

I have, I like that feature though and it’s a shame to lose it

Posted

The reality here is if you have the post before register option enabled, you will get people who will try and register with email addresses that don't exist. 

Posted
11 hours ago, marklcfc said:

Like I've said though I don't think this is anything to do with the registration process, none of these bounced emails have any accounts in the validation queue. It doesn't go that far, spam is being created through post before register, no users are ever registered through this spam - just emails being sent to fake email addresses.

You can ask @Makoto if his app prevents post before register with invalid mails. 

 

Posted
1 hour ago, Marc Stridgen said:

The reality here is if you have the post before register option enabled, you will get people who will try and register with email addresses that don't exist. 

Don't you think there should be some kind of capacha to get through? Something just doesn't seem right, they are not trying to register and it never gets to that stage as there are no such accounts in the validation list. The last lot of failures before I turned the feature off all received within the space of a minute

 

An error occurred while trying to deliver the mail to the following recipients:

wpqynggmxckf@gmail.com

An error occurred while trying to deliver the mail to the following recipients:

hlikzpbvxidb@gmail.com

An error occurred while trying to deliver the mail to the following recipients:

zzbtisgbghbw@gmail.com

An error occurred while trying to deliver the mail to the following recipients:

pyisckkkuqqa@gmail.com

An error occurred while trying to deliver the mail to the following recipients:

hcastuxzwxzz@gmail.com

An error occurred while trying to deliver the mail to the following recipients:

gumenfksvhvv@gmail.com

An error occurred while trying to deliver the mail to the following recipients:

lnmduidtcabl@gmail.com

An error occurred while trying to deliver the mail to the following recipients:

unxcqqarbgyy@gmail.com

An error occurred while trying to deliver the mail to the following recipients:

azpwziqmhpun@gmail.com

An error occurred while trying to deliver the mail to the following recipients:

dwkuyslceagf@gmail.com

An error occurred while trying to deliver the mail to the following recipients:

yfuiacxshgml@gmail.com

An error occurred while trying to deliver the mail to the following recipients:

ccpdnzfkcjkb@gmail.com

An error occurred while trying to deliver the mail to the following recipients:

rkhgvdxfuovp@gmail.com

An error occurred while trying to deliver the mail to the following recipients:

rwmfujqojila@gmail.com

An error occurred while trying to deliver the mail to the following recipients:

dwtcmlbpfdyc@gmail.com

An error occurred while trying to deliver the mail to the following recipients:

vrqzdpxgbzyx@gmail.com

An error occurred while trying to deliver the mail to the following recipients:

kfzqcybsmzyl@gmail.com

An error occurred while trying to deliver the mail to the following recipients:

ktjfsqbzosgm@gmail.com

An error occurred while trying to deliver the mail to the following recipients:

cwxtoysjunii@gmail.com

An error occurred while trying to deliver the mail to the following recipients:

dqcssynfbqaj@gmail.com

An error occurred while trying to deliver the mail to the following recipients:

xtelucxsvlqf@gmail.com

An error occurred while trying to deliver the mail to the following recipients:

npbueapojviv@gmail.com

Posted

It does indeed use recaptcha if its set up on your site. Spam prevention measures will never be perfect unfortunately

Posted (edited)

See the stats from last 90 days for Invisible capatcha, you can see the increase when this started to happen and when I turned it off and back on again. Alot seemed to be getting through despite the emails looking ridiculous.

capacha.jpg.e28205e1f4408d61f809e3eff7a7aaab.jpg

I've gone back to checkbox capatcha to see if that helps

Edited by marklcfc
Posted

Spammers are pretty easily able to complete captchas now. There are several toolkits out there that are able to work around and complete them. 

While they stop the basic “script kiddies” it does not stop the determined threat actors. 

Posted
25 minutes ago, marklcfc said:

Just woke up to 120+ emails of spam, what a mess

There is little else we can be of assistance with on this unfortuanetly. If you have these notifications (these are not spam, and actually notifications from your server) switched on, and have post before register switched on, you will be notified by your server if someone uses an email that doesnt exist. 

Posted
28 minutes ago, Marc Stridgen said:

There is little else we can be of assistance with on this unfortuanetly. If you have these notifications (these are not spam, and actually notifications from your server) switched on, and have post before register switched on, you will be notified by your server if someone uses an email that doesnt exist. 

Amazon ses is still trying to send the emails out though and going against my reputation though isn't it, that's my problem.

Posted

I repeat my suggestion to use hCaptcha. I am using it on my websites where I also use Amazon SES and I have no problems with bounces. 

If that still doesn’t help, you might need to stop using ‘post before register’. In my experience, those spammers seem to put the websites they target on some kind of list and the automated attacks keep coming. 

Posted
24 minutes ago, opentype said:

I repeat my suggestion to use hCaptcha. I am using it on my websites where I also use Amazon SES and I have no problems with bounces. 

I've just bought that, lets see if any difference

Posted (edited)

That hCaptcha mod doesn't work by the way, impossible to sign up. You enter your details click create my account, it gives you the captcha to go through and then just goes back to the sign in form every single time. Gone back to invisible captcha and account can be created, just won't have to use post before register. 😔

How do I get a refund?

Edited by marklcfc
Posted
22 hours ago, marklcfc said:

How do I get a refund?

I would contact the developer of the mod first. If there is an issue, it would help him to fix it (not only for you but for everyone). If the developer does not react at an appropriate time then ask for a refund by IPS.

Posted
On 3/30/2022 at 12:02 PM, marklcfc said:

In the past hour I’ve had around 40 spam failure to deliver messages. It’s happened twice in that hour, around 20 times within a minute, different emails in every failure.

Its happening through the post through register from what I see, but how they are doing it so fast I don’t know. Any ideas? I’ve turned it off temporarily

We don't have any issue like this because we don't require an email address for a guest to post before registration. Are you aware of this option?

guestpost.thumb.png.7f72981042e061152aa8b1f6bb62abcc.png

Posted
2 hours ago, bradybarrows said:

We don't have any issue like this because we don't require an email address for a guest to post before registration. Are you aware of this option?

guestpost.thumb.png.7f72981042e061152aa8b1f6bb62abcc.png

That is disabling the post before register. The only difference is guest posting is still allowed. Be careful as these forums may end up with spam attacks in them. 

Posted
7 hours ago, Randy Calvert said:

That is disabling the post before register. The only difference is guest posting is still allowed. Be careful as these forums may end up with spam attacks in them. 

Not sure what you mean 'disabling the post before register' but if you mean it requires a moderator to approve the guest post before it is published, that is correct. The caveat is that even when using the block word filter tool spammers and trollers find ways around this and continue to try to post their wares and narfarious posts and they have to be deleted which is a huge task for our volunteers. Using the word filter tool does cut down on this but it amazes me how they get around it and haven't figured out how they do it, but I have noticed a huge drop in guest spam posts after using this tool. The other caveat that takes up lots of volunteer time for moderation is the number of bogus INVOICES that are created by these nafarious trolls. I wish I could prevent that from happening or at least cut down the number of bogus invoices created in Subscriptions with some sort of filter. Any ideas?

Posted
2 hours ago, Hostingunlock said:

your solution would be to deactivate the publication before registering that those bots are like a plague that no matter how much you put security they always mock it

You probably are correct in the long run, but so far, using the word filter tool IC came up with, I have been blocking http://anything.ru and copy and pasting certain Russian words with Cyrillic letters (the word filter accepts Russian Cyrillic words) and so far the spam guest posts have dropped significantly. It was huge before using the block word filter tool. 

Do you have any idea how to reduce the number of bogus invoices created by guests who go through the subscription checkout without registering anything?  That is a huge amount of tedious work to delete. I like having the PAID subscription invoices and keep them since they have the contact data needed for registered members. I just don't like wading through forty or fifty bogus invoices that are just useless. There must be some kind of workaround without having to purchase a plugin. Every time I purchase a plugin they give me issues later. I am extremely careful about using plugins and stick with a developer who actually works with us and keeps the plugin updated. 

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...