Jump to content

Spam Registrations Increase


Day_

Recommended Posts

Not a major issue as I approve accounts manually, it’s just the past couple weeks we have had a shed load of spam registrations from Russia, Holland and Finland.

Hosted at IPS community in the Cloud, not made any changes to captcha or security, but we’re getting maybe 5+ a day, sometimes 10.

Is there something wonky going on, my first obvious step is to change up the Q&A.

Just wasn’t sure if there was a known issue at all?

Link to comment
Share on other sites

Would suggest switching to hCAPTCHA if you haven't yet as that is proven to be better at preventing spam. 

Changing Q&A is a good idea as well to help prevent human spammers.

Link to comment
Share on other sites

Hoping this isn't against forum rules as it's one of the IP's, however it's definitely spam, but also known to have tried SQL injections and brute force attempts. Been multiple registrations, each time the same IP with different last digits. Now done a wild card ban for 37.139.53.*

https://cleantalk.org/blacklists/37.139.53.17#reviewanchor

Wasn't sure if it was something you wanted to add maybe server level. Just sharing the info with you to do as you please. But yeah, the GeoLocation wasn't preventing that one.

Link to comment
Share on other sites

5 hours ago, Day_ said:

 Now done a wild card ban for 37.139.53.*

https://cleantalk.org/blacklists/37.139.53.17#reviewanchor

 

I've had 10 or more signups over the last few days using that IP and all using either @kmaill.xyz or *@hmaill.xyz
 

5 hours ago, Day_ said:

But yeah, the GeoLocation wasn't preventing that one.

 

I get an error log when I try to use GeoIP blocks
 


 

Quote

 

GeoIP Error

Requested IP: Array

Response:
IPS\Http\Response Object
(
    [httpResponseVersion] => 1.1
    [httpResponseCode] => 414
    [httpResponseText] => Request-URI Too Large
    [httpHeaders] => Array
        (
            [Server] => CloudFront
            [Date] => Sat, 10 Feb 2024 20:09:56 GMT
            [Content-Type] => text/html
            [Content-Length] => 915
            [Connection] => close
            [X-Cache] => Error from cloudfront
            [Via] => 1.1 c1bfc7dbcf7f9782aa3be590b7ce3d6a.cloudfront.net (CloudFront)
            [X-Amz-Cf-Pop] => IAD12-P1
            [X-Amz-Cf-Id] => t8GCeEIKMI_yrmTw6QSL2l1BRd3PUp0zwLuV20xIEiFGkwt4r9IAyA==
        )

    [cookies] => Array
        (
        )

    [content] => <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>414 ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
Bad request.
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront)
Request ID: t8GCeEIKMI_yrmTw6QSL2l1BRd3PUp0zwLuV20xIEiFGkwt4r9IAyA==
</PRE>
<ADDRESS>
</ADDRESS>
</BODY></HTML>
)

 

 

Link to comment
Share on other sites

3 hours ago, Jelly Belly™ said:

I've had 10 or more signups over the last few days using that IP and all using either @kmaill.xyz or *@hmaill.xyz

That's the one, same email address on mine. Added a wildcard block *@*.xyz

Looks like they are targeting IPS sites

Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...