Welcome Guest! To enable all features please Login or Register.
Options
View
Go to last post Go to first unread
Offline squirrel  
#1 Posted : Thursday, May 10, 2018 9:36:52 PM(UTC)
squirrel


Rank: YAF Leader

Reputation:

Medals: YAF.NET Supporter: Loves YAF.NET!YAF.NET Supporter: Supports the YAF.NET project with a contribution.YAF.NET Purple Supporter: Purple heart for being an Asset to the YAF.NET Community.YAF.NET Supporter: Supports our efforts. Thank you.Medal of Honor for the Support King: A huge help to the YAF.NET community!

Joined: 1/14/2010(UTC)
Posts: 925

Thanks: 249 times
Was thanked: 170 time(s) in 161 post(s)
It's been a LONG time since I've been to the YAF forums - but we're due for an upgrade, and have had an old problem rear it's head again.

In the past, this wasn't an option - but does YAF now have a feature/function where admins can enter in a list of email address top-level domains that can be blacklisted on registration?

I would hope it would be a simple feature, if it doesn't exist - and if not, am willing to put some time into it although I'm nowhere near the seasoned .NET developer that this team already has - but it's worth it to me to contribute where I can if this feature can be added. Currently, I'm being hit with almost 100 spam registrations a day. They're getting around the new-user security and have the ability to post in forums that their accounts have not been approved for. We've audited our security and logs and can't find anywhere where an admin is logging in after the account is created and approving them for "regular membership".

Currently, they register and have access to only one forum for new members - from there, we would "approve" an account that allows post access to all other forums on the site. Somehow, they're getting registered and approved for full membership without interaction from our admins or moderators, and access logs verify this. I'm not sure what analysis we can provide to find out where the weakness is. Either way, we need to find a way to stop them at the gate, and even reCaptcha isn't slowing them down at all anymore...

Any advice?
If you can't find it using the forum search, try my signature link -- searches this site using Google: Google is my Friend
Sponsor
Offline tha_watcha  
#2 Posted : Friday, May 11, 2018 10:16:35 AM(UTC)
tha_watcha


Rank: YAF.NET Project Lead

Reputation:

Medals: Medal of Honor: Portal Puzzle Master: Portal Puzzle Master for DNNMedal of Honor Key: Given to pillars of the community who are key players in the YAF community and project.DNN Master: DNN Module ManBug Killer Medal of Honor: Medal for being a kick-ass bug killer!Medal of Honor for the Support King: Support King! Amazing asset to the YAF.NET Community.

Joined: 3/6/2010(UTC)
Posts: 3,832
Germany

Thanks: 70 times
Was thanked: 1174 time(s) in 1004 post(s)
Please check my article on how to prevent SPAM

https://github.com/YAFNE...AF.NET-against-Spam-BOTS

Atleast for the support forum the best solution is to use the StopForumSpam.com and BotScout.com service to detect and block spammers during registration. This detects 98% of all Spammers here. and the rest i report back to the service.

Also checking the content is very effective by using the internal spam words. Or block users if they posts more then x amount of urls in one post

Quote:
In the past, this wasn't an option - but does YAF now have a feature/function where admins can enter in a list of email address top-level domains that can be blacklisted on registration?


Yes it is possbile Black list of email/ip address and user names. And you can use regex syntax something simlar like...

Code:
.*@gmail.com
Rss Feed  Atom Feed
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Notification

Icon
Error