Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
virap1 Posted July 7, 2023 Posted July 7, 2023 Hello, this morning there is some major spam attack so I set "allow new registrations?" in admin control panel to no. But somehow the spammers are able to register and post. The forum does a good job flagging most of them through word filters but how do they manage to join when registration should be closed?
Nathan Explosion Posted July 7, 2023 Posted July 7, 2023 Quote These settings apply only to users who register using the standard registration form. Users may be able to create an account by signing in with a method which is set to create an account when a user signs in for the first time.
SeNioR- Posted July 7, 2023 Posted July 7, 2023 "Users may be able to create an account by signing in with a method" that's right and here's the problem, I don't know if it's bots or people-bots or AI, but they can bypass Q&A, Captcha and even hidden fields (ipsHide). Strange thing.
Randy Calvert Posted July 7, 2023 Posted July 7, 2023 (edited) Do you allow login via non-standard login methods?(Google/fb/twitter) If so I believe these would bypass all of that. Edited July 7, 2023 by Randy Calvert
virap1 Posted July 7, 2023 Author Posted July 7, 2023 Thank you everyone. Yes, I think you are correct and they use social sign in to bypass that registration setting.
Nathan Explosion Posted July 7, 2023 Posted July 7, 2023 This post was recognized by Marc! Nathan Explosion was awarded the badge 'Helpful' and 5 points. Just have to remember to switch this one to 'Reject the sign in' when disabling registrations (and switch it back when allowing them)
Recommended Posts