We got hit pretty hard this morning on account sign ups. Settings in place did pretty well 41 sign ups and 13 made it in. I pumped up to reCAPTCHA V2 so hopefully that breaks there bot or whatever is going on.

Looking over things and the reason for my post, is there are 2 level 3's in the log. This should flag them for manual approval, only 1 of them was actually flagged. the other made it in and they signed in with Google. Made a post to new member section.

The other one that was actually flagged for approval was not a google sign in and worked correctly.

A few others from Google Sign in that got in ok as level 1

This might be something you guys want to look in to, mainly why a level 3 bypassed admin manual approval with google sign in and made it in the forums to post without admin approval. Im not deleting anything yet so if you want to get in and take a look.

Glad to hear that the Spam Defense system is working for you. We also recommend that you use hCAPTCHA as many of our clients have seen improved spam protection with that.

Looks like both level 3s triggered admin validation. However, due to these third-party login providers terms of service (the user used Google login), we are limited in restricting access to your community even when they trigger a spam action. I have tagged our developer team to this to ensure that this is still valid in how we're handling that.

We have been crushed by spam over the last two days as well. We were already using recaptchav2 but we will change it to hcaptcha as per Jims suggestion. Fingers crossed.

we got hit again. just updated to hcaptcha, see how that goes.

i believe its the same source as the other day. although IPs are bounced and from all over, Timezone is always Kolkata or Karachi.

saw some of the same domain emails as well.

3 hours ago, Rich N said:

we got hit again. just updated to hcaptcha, see how that goes.

i believe its the same source as the other day. although IPs are bounced and from all over, Timezone is always Kolkata or Karachi.

saw some of the same domain emails as well.

We are still getting slammed even after moving to hcaptcha, so dont expect much. hundreds of spam accounts per hour. Its crazy!

Someone mentioned they were getting sent emails from the spammers, so perhaps there is a security vulnerability somewhere.

@Matt @Jim Any chance for some help/guidance? Thanks!

we are not getting that many but enough. are the accounts being activated, like they are verifying email? Also when you look at the time zone under the created profile what is is? im just curious I get a few account attempts with same ups which vary all over the world but the time zone is 98% Kolkata. Ive turned on manual verification for now.

Im guessing the timezone is being sent from the users device regardless of there vpn location.. which makes me think maybe we could create a filter for this to flag users further. This would have stopped accounts that got in to start posting. 🤷🏼‍♂️

9 hours ago, Rich N said:

we are not getting that many but enough. are the accounts being activated, like they are verifying email? Also when you look at the time zone under the created profile what is is? im just curious I get a few account attempts with same ups which vary all over the world but the time zone is 98% Kolkata. Ive turned on manual verification for now.

Im guessing the timezone is being sent from the users device regardless of there vpn location.. which makes me think maybe we could create a filter for this to flag users further. This would have stopped accounts that got in to start posting. 🤷🏼‍♂️

Yup at first it was all Kolkata but now it’s moved to Russia and other parts.

Edited May 27May 27 by maddog107_merged

And its they are all verifying their emails. Its just page after page of bans. our team cant ban them fast enough.

If you update your login details, I can certainly log in to see if there is anything obviously wrong there for you

I think mine are up to date.. I’ll update just in case.

9 minutes ago, Rich N said:

I think mine are up to date.. I’ll update just in case.

Try adding in some question and answer challenges. Its never going to be an exact science, but if you add a few of those it will help. Try and avoid over generic things like math questions

It does however seem spammers are very active at present. The spam service has blocked 17 registering on your site today

9 hours ago, Marc said:

If you update your login details, I can certainly log in to see if there is anything obviously wrong there for you

the ips support credentials should still be up to date on our site. We ended up disabling all new registrations.

And we do have a question and answer challenge and we increased hcaptcha to the most difficult but didnt make a difference.

Let me know if you cant get in. Thanks.

11 minutes ago, maddog107_merged said:

the ips support credentials should still be up to date on our site. We ended up disabling all new registrations.

And we do have a question and answer challenge and we increased hcaptcha to the most difficult but didnt make a difference.

Let me know if you cant get in. Thanks.

Unfortunately, it looks like you have logged the display name rather than the email address as your login page requires email address. Please update.

10 hours ago, Jim M said:

Unfortunately, it looks like you have logged the display name rather than the email address as your login page requires email address. Please update.

Ok I have updated the credentials in your system. Let me know if you still have issues. Thanks

3 hours ago, maddog107_merged said:

Ok I have updated the credentials in your system. Let me know if you still have issues. Thanks

The only 2 things I can see there are as follows

• You have an application which is for preventing spam. While this may seem counter intuitive, disable that so you can check its not actually causing issues with the rest. Just with the timing in which you installed it.
  

• You have validation method set to "Administrator validation". Therefore nobody at all has to validate their email address, and can register with a false email. If you want to validate them also, I would advise on "Email and administrator validation"

9 hours ago, Marc said:

The only 2 things I can see there are as follows

• You have an application which is for preventing spam. While this may seem counter intuitive, disable that so you can check its not actually causing issues with the rest. Just with the timing in which you installed it.
  

• You have validation method set to "Administrator validation". Therefore nobody at all has to validate their email address, and can register with a false email. If you want to validate them also, I would advise on "Email and administrator validation"

We had the validate email previously, and they all were verifying it. So we just disabled all registrations over the last 2 days. The spam app was installed weeks ago and this flood only started over memorial day weekend, but I will go ahead and disable it.

Also is there a way to prevent anyone from Kolkata from registering? it seems like the vast majority of the bots have that set as their timezone.

@maddog107_merged i think something would have to be done custom to push new signups with a certain time zone.. could maybe be something in the future for country watch filtering. I mean if Kolkata is the time zone for a US IP maybe we can mark it as a 3 or 4

the majority of mine, time zone is Kolkata but that’s not always case.

2 hours ago, maddog107_merged said:

Also is there a way to prevent anyone from Kolkata from registering? it seems like the vast majority of the bots have that set as their timezone.

You can exclude countries from registering in ACP -> Members -> Spam Prevention -> Geolocation Settings.

If you're still on V4.7, I highly recommend Cleantalk.org @CleanTalk . You can ban entire countries from accessing your site. It's the best $20 a year you can spend on your site.

The problem is it’s the time zone not the country.

If they use a VPN and IP is US or UK or whatever… the time zone is Kolkata. This is certainly a red flag.

I’m just assuming but we must be capturing time zone from the browser settings or users computer on submit. Or my theory is out the door, but where else is time zone coming from..

8 minutes ago, Rich N said:

The problem is it’s the time zone not the country.

If they use a VPN and IP is US or UK or whatever… the time zone is Kolkata. This is certainly a red flag.

I’m just assuming but we must be capturing time zone from the browser settings or users computer on submit. Or my theory is out the door, but where else is time zone coming from..

This is not a feature, I'm afraid. Time zone is more easily manipulated than VPN. Any user can change that in their settings of their device.

yep, I was just pointing out in this scenario. Where blocking India is not going to stop this wave.

1 hour ago, CheersnGears said:

If you're still on V4.7, I highly recommend Cleantalk.org @CleanTalk . You can ban entire countries from accessing your site. It's the best $20 a year you can spend on your site.

there's a v5 version out now

47 minutes ago, sound said:

there's a v5 version out now

Cool! I hope so.. I don't see it available as a download on my Cleantalk dashboard.