Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Sign In
Not a member yet? Click here to register.

Fake Accounts on your site

There seems to be an increase in the number of fake accounts being set up on PF sites. They can be easily identified by gibberish usernames and web addresses as well as being very close together with the join dates.

  • Are you having similar problems?
  • Which captcha are you using?
  • Are you using any other security measures?
  • Have you noticed any increase at all?
Use something like "security question".
Put/check out within system-controls the option:

New members activated by the SuperUser (Yes)

Now you have to manualy accept every new member.

But You've got the control over You're site and there visitors...

Greetings,
Happening to me as well.... those accounts were spamming **** in forums, so banned them. I use e-mail and admin activation, but still its annoying to delete bunch of them every day.

Anything else to be done to prevent it ?
I am trying to figure out something with this as well. I have 4 sites, and all of them use the secure question. All set up the same way in registration, but for somereason 1 site keeps letting them in I don't get it.

Quote

Vyper69 wrote:

I am trying to figure out something with this as well. I have 4 sites, and all of them use the secure question. All set up the same way in registration, but for somereason 1 site keeps letting them in I don't get it.


Are you using ReCaptcha ?
This have been a problem in long time. Why not just ask a "serious" hacker how they trick the system? Other CMS systems take the hacking very serious, but in here it looks like they dont care much. Imho the registersystem is way to weak. With the register-by-email-verification it should be easy to keep the bots out, but somehow they have found a securityhole. If the email-verification system worked, it should not be able for anyone who use a gibberish email to register.
There is no security holes in registration system, I have no bots at all.

Just use mods for this.

Quote

PolarFox wrote:

There is no security holes in registration system, I have no bots at all.

Just use mods for this.

Maybe your site is not that interesting than others seems to be then. Why the heck do others tell they have problems with bots then?
Hmm it's not easy to discuss (IMO) at least.

As I see it: Hacked sites/hacking in generel comes often from security holes in code(s) - when it's not the FTP they've hacked into or the host firm itself.

When we talk spam it comes from hackers that write script(s) that can bypass eg; the /register.php, the Captcha, Security Questions and so on. Imo it's not caused security holes. Let's say I write a script that can "see" eg; the Captcha and then register - or that can lay 2+15 together (some anti spam bots security script) I don't think it's hacking nor caused security holes. But maybe Im wrong - Im not a hacker..

There is a difference..

Quote

smokeman wrote:

Hmm it's not easy to discuss (IMO) at least.

As I see it: Hacked sites/hacking in generel comes often from security holes in code(s) - when it's not the FTP they've hacked into or the host firm itself.

When we talk spam it comes from hackers that write script(s) that can bypass eg; the /register.php, the Captcha, Security Questions and so on. Imo it's not caused security holes. Let's say I write a script that can "see" eg; the Captcha and then register - or that can lay 2+15 together (some anti spam bots security script) I don't think it's hacking nor caused security holes. But maybe Im wrong - Im not a hacker..

There is a difference..

If you make a program to see something you are not supposed to see, it is hacking. If you make a software to see someones 4 digit code for his creditcard it's hacking! There are no excuse for what they do and there is not a difference.
No, they are just a stupid bots.
No exceptions, and no spam-holes nowadays.
Just programmes and dummy emails like yopmail etc, etc. No holes in fusion email activation. lol
In my opinion, there is no security holes at PF. Fake accounts cannot be blocked if we activate registration at our website.
I just deleted 14 fake unactivated accounts today,not a big deal,somthing to do in the morning time.Yes I approve accounts manually
Hi,

i am a member at a small community using php-fusion. lately we have been troubled with spam bots. new members have to be activated by an admin, so no spam bot makes it to our site. but atm we have 3000 unactivated members...

So even if legit people register, we will probably delete them by accident because we cant really check 3000 accounts.

what can be done? i activated email verification today, but at least one new bot registered during the last hours.

http://warhammerers-online.co.uk/news.php
There is A LOT of mods. Choose wisely.
I wouldn't even use a pre-created MOD IMO. The more popular a MOD becomes, the higher likelihood of a programmer, programming against it.

The reason why you would use a MOD in the first place, is to separate yourself from common code.

The best way is to write something yourself. You can lead a horse to water, but ultimately it's up to him to drink it.
Hi,

thank you for your replys.

Writing something ourselfs ist not an option i think, as none of us has writing skills.
I would try the addon/infusion method. Maybe it helps to have a security question for registration. e.g. this http://www.phpfusion-mods.net/infusio...mod_id=518

It says its for version 7.00 , our site says its PHP Version 5.2.17 ind the php info... i guess that might be a problem :(

Is it possible to upgrade?
You have 2 separated versions: PHP Version 5.2.17 AND PHP-Fusion version ??.??.?? (check out your admin panel).

And you able to upgrade your PHP-Fusion if needed.
Thread Information
Author
Replies
22 posts
Views
11,048 times
Last Post
Last updated on 7 years ago
You can view all discussion threads in this forum.
You cannot set up a bounty in this discussion thread.
You can start a new discussion thread in this forum.
You cannot reply in this discussion thread.
You cannot start on a poll in this forum.
You cannot upload attachments in this forum.
You can download attachments in this forum.
You cannot up or down-vote on the post in this discussion thread.
Users who participated in discussion: Ken, Craig, smokeman, HobbyMan, PolarFox, MM, icb, Samuel, Gillette, Vyper69, KasteR, Masy, halo_fourteen