Since the upgrade, our forum has been inundated with spam posts originating from our members' accounts. It appears that these spammers are utilizing our members' accounts to submit posts containing spam URLs. Despite our implementation of hCaptcha, the issue persists unabated.

This influx of spam posts is not only disruptive but also undermines the integrity and usability of our forum for our genuine members. It is imperative that we find a solution to this problem promptly to maintain the quality of our platform and user experience.

I kindly request your assistance in investigating this matter and implementing measures to mitigate the occurrence of such spam posts in the future. If there are any further details or actions required from my end to facilitate this process, please do not hesitate to let me know.

Thank you, Marc Stridgen. I've forced all members to reset their passwords, but despite this, the same spam issue persists. Even after all members have reset their passwords, spam continues to come from numerous accounts.

 

 

I'm afraid, this is not a security issue. However, it is a case of spammers trying to sneak under the radar and access counts they've setup in the past.. Keep in mind that a spammer can reset a password to an account if they have access to the email address tied to the account.

 

Ok, so what solution do you propose specifically? How can we protect ourselves from this and fix the problem that depends on us?

 

Ok, so what solution do you propose specifically? How can we protect ourselves from this and fix the problem that depends on us?

You will want to do the following Spam Prevention items mentioned in this guide: https://invisioncommunity.com/4guides/security-and-rules/spam-prevention-r9/

Looking at your registration form, you are still using CAPTCHA2. You will want to switch to hCAPTCHA to prevent more automated spam bots.

Check that your Spam Defense is configured correctly for our services in ACP -> Members -> Spam Prevention.

Configure the Flag as Spammer option to be used by you and your administrator/moderator teams to quickly remove spam posts and ban spammers.

You will also want to rotate your Question and Answer challenges frequently and ensure that they are things which you are target audience knows but is not easily Googled. This will prevent spam human users from registering.

If you are seeing spammers from a certain country that your community does not serve, you can also block them in ACP -> Members -> Spam Prevention -> Geolocation Settings.

Finally, if you believe spammers are gaining access to accounts through means of exposed credentials from the dark web. Enabling and requiring Two Factor Authentication will help prevent that.

Outside of the items mentioned above, the next steps would be to take moderation action. Require your base member group to have 1 or more posts approved by a moderator prior to them showing up to the rest of your community without being moderated. Use the automated moderation tools so that if a post is reported x times as spam, the system will automatically hide it for your team to review.

If any spammers do get through, be sure to use the Flag as Spammer option as that will report it to our system and help your fellow administrators.

I will say that no 1 spam prevention method will be 100%. However, hopefully, with all the above, it should cut enough down that you are able to not just wake up to a bunch of spam posts that plague your community. If you deploy the moderation techniques, you will not have your community publicly plagued by spammers.

Unfortunately, in the event that a spammer has dormant account(s) on your site and they have already surpassed an acceptable amount of posts (I say acceptable as some may be borderline that your moderation team may still allow) to bypass the moderation queue, the only thing that will help are successful moderation practices by humans and staying vigilant about the future with the above.

Despite all the measures taken, today there was again spam in our forum, which is extremely annoying to me and the users. I'm sure you have a bug in IPS that occurred after an update from the beginning of March. Our problems continue. 😣

 

Unfortunately, I do not see that you have seen all measures taken.

Unfortunately, without an example, we cannot review that. However, I looked at the user who you just recently banned in your administrator log, and they have indeed been a part of a data breach of non-IPS sites. You can use https://haveibeenpwned.com/ to check their email and see if their password(s) have been exposed from other website breaches. 

We have taken enough measures, I ask that you now take measures and look very carefully at the code from the beginning of March, because we have not had such problems before. It is clear that precisely from this period the problems with spammers on the IPS platform started massively. I can't sit all day and clean the forum of spammers after the version is paid for and obviously the problem is yours.

@Svetozar Angelov - Sorry to see you are having issues with spam here. I just wanted to pick up on where we are here, as there appears to be a lot of confusion, and I want to clear up where we are.

We understand you have an issue with spam, and I feel you believe we are in some manner ignoring this. Let me assure you this is certainly not the case. 

• You have stated there is a "Hole" here, without any evidence of this in any way. Just an assumption. While I understand the frustration, this isn't going to help your issue. We have no known security issues on the platform, and from what my colleague has seen so far, it seems the users are logging in and posting as normal, and they are standard users, who have logged in with a password.
  
  A few things to note on that. If they have logged in with the password, then they have the password. There is no way in which to get a users password on the software. To make this very clear. If I have access to your database directly, with your database credentials, and have full FTP access, I still could not obtain what a users password is on your system, due to the way the passwords are encypted. And they are encrypted with PHP methods useds throughout the internet (not only our software). Quite simply, nobody has gained the password of a user through your software. 
   
• My colleague has also shown you there where to check if a user has had their details compromised on another site. Most users will use the same passwords across multiple sites. So if a site elsewhere has been hacked where their password can be identified, they have an email/password combination that may work on the site. Therefore they would simply be able to log in with those details. I'm sure you understand, thats not something we have any control over
   
• You can use 2 factor authentication for all users. There is unfortunately an issue with the google one at present that we are looking into, but you can use question and answers. This would force users to at least have another action to log in, meaning if someone does know the password, they may stumble at the question/answer stage

 

We are more than happy to look at your settings to see what we can advise. But you do appear to be quite hostile toward people who are trying to help you. Both staff and other customers. I can only assume that is out of frustration. A frustration I can fully understand. But please do help us to help you. We are on your side, and do not like spam any more than you do 🙂 

 

Could you tell me how to log in to the forum?

We have released a patch to address this issue. Please go to AdminCP > System > Support and apply the patch from the first/top left box. If you do not see an option to install the patch, you already have the latest release.