getting page after page of russian based member login that are never validated...

[anyweb]

hi,

I've noticed spam/abuse emails bouncing back in my inbox due to members failing validate their accounts in the last few weeks, so i looked into it and can page after page of russian based ip addresses attached to probably comprimised email addresses, however the IPB spam filter that I'm paying for is not doing about it,

surely you can notice when countless russian ip addresses are being used to sign up ?? is there any way to BLOCK russia entirely using IPB ?

 

thanks in advance for any ideas...

cheers

 

 

[Jim M]

If your community does not cater to Russia at all, why not just block them at your server/network's firewall? No need to have them flooding your community or server if you don't cater to them. Would contact your hosting provider for assistance here to see what's available.

[anyweb]

so IPB can't do anything ? great. I guess we'll have to solve it then.

[Jim M]

24 minutes ago, anyweb said:

so IPB can't do anything ? great. I guess we'll have to solve it then.

It's not that we can't do anything but rather putting your best foot forward. Blocking and processing this at the software level would take valuable resources away from your server for a userbase you may not be serving/catering to. If you have no reason to cater to Russian traffic, why not block it at the network level and not even have them reach your server?

With regards to spam in general, there are pretty heavy spam attacks going on right now. The suggestions if you are experiencing this in countries you do cater to would be to:

1. Switch to hCAPTCHA, if you're not already using it and ensure you configure hCAPTCHA's "Passing Threshold" to "Difficult"
2. Ensure you have capable Question/Answer Challenges in place that are not easy for a bot/human to pass but are easy for your audience to pass.
3. Ensure you do mark any spammers which do get through with the "Flag as Spammer" functionality. This will tell our Spam Defense system that this is a spammer and you can use that functionality to automatically hide or delete their content if you choose to.
4. If you do want to block IP addresses in the software from registering/logging in, you can do this in ACP -> Members -> Ban Filters. However, it is highly more efficient to do this at the server/network level.

Keep in mind that the Spam Defense system is a learning system and any Spam Prevention plan is not 100% effective. If you are being hit by a new spam attack, unfortunately, there is little we can do about that. However, the above should hopefully put up a good barrier that will slow them down.

There are improvements to spam prevention which are being talked about internally as we do acknowledge there is a lot going on as of late but it is not just our software which has noticed this.

 

[Ocean West]

You could also use CloudFlair to combat intense attacks. 

[anyweb]

we already had captcha enabled via the IPB forum settings, i've now flipped it to use hcaptcha based on your recommendation,

we have pages and pages of these signups (442 or so since early june) so I'm not going to manually ban+flag spammer on each of the signups that's nuts,

what we've done is to block the most common ranges seen trying to sign up from Russia, using iptables on the server level, that seems to have contained it for now,

thanks

if anyone wants a CSV file with these ips, here they are

Members possibly russian not validated yett.csv