Notifications
Clear all

[Closed] undesired users

11 Posts
5 Users
0 Reactions
2,876 Views
Posts: 37
(@dronebot-workshop)
Trusted Member
Joined: 5 years ago

I'm experiencing a similar issue, it's not so much of a problem as it is an annoyance.

I get users who sign up with "weird" email addresses.  By "weird" I mean that they are one of the following:

  • They are GMail users who have odd names like es.ta.te.s.h.aron.@gmail.com and e.s.t.a.te.shar.on.@gmail.com, I will typically get a bunch (about 5-10) of these within a 15-minute period, at least 5 or 6 times a day. They all use the same "name pattern", with different periods to make them unique.  And they generally choose a female user name.
  • Others come from the domain "namnerbca.com" and have names with random gibberish, i.e. duyolu@fdfdf.namnerbca.com. Again these seem to come in groups.

 

Oddly these users all sign up, are sent the confirmation letter and receive it (I confirmed this using Mailgun) but they never complete the registration process.

It started happening in late July, my forum is a new one and only stated at the end of June so I only have 740 members.  

I go through the member list daily and ban all of them. I haven't deleted them, just in case one of them is indeed legitimate, but I'll probably delete them soon as they are obviously fake.

Again, this is an annoyance, not a problem. But I have to admit that I'm puzzled about them and what their intentions are.  I thought that perhaps they were probing my site for vulnerabilities, but it's just a theory.

I've implemented the Google reCAPTCHA and I use Akismet and have since day one. But it has no effect on these addresses registering.

BTW, I do notice that wpForo is still using the old Google reCAPTCHA V2, which most spambots have figured out how to circumvent. Might be an idea to update to the more modern Google reCAPTCHA V3, and also implement the Honeypot technique in the next release of wpForo.

 

 

Posts: 1602
(@anonymous20)
Noble Member
Joined: 9 years ago

@dronebot-workshop

But all those registrations are not handled by wpForo but from Wordpress script. Why wpForo to implement for example honeypots etc etc. All those are already available in hunderds of plugins.

Don't you use a security plugin for your site ?

Page 2 / 2