Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted July 7, 20231 yr Hello, this morning there is some major spam attack so I set "allow new registrations?" in admin control panel to no. But somehow the spammers are able to register and post. The forum does a good job flagging most of them through word filters but how do they manage to join when registration should be closed?
July 7, 20231 yr Quote These settings apply only to users who register using the standard registration form. Users may be able to create an account by signing in with a method which is set to create an account when a user signs in for the first time.
July 7, 20231 yr "Users may be able to create an account by signing in with a method" that's right and here's the problem, I don't know if it's bots or people-bots or AI, but they can bypass Q&A, Captcha and even hidden fields (ipsHide). Strange thing.
July 7, 20231 yr Do you allow login via non-standard login methods?(Google/fb/twitter) If so I believe these would bypass all of that. Edited July 7, 20231 yr by Randy Calvert
July 7, 20231 yr Author Thank you everyone. Yes, I think you are correct and they use social sign in to bypass that registration setting.
July 7, 20231 yr This post was recognized by Marc! Nathan Explosion was awarded the badge 'Helpful' and 5 points. Just have to remember to switch this one to 'Reject the sign in' when disabling registrations (and switch it back when allowing them)