I run a freebie trading forum and noticed something quite odd today. There is a user of the forums who has never posted, but has 5 accounts set up with the same email and the same IP address. I have sent the member an email asking about their reasons for doing this, but I have no idea what the point of the logic is or if I should take any kind of action against them. Any thoughts? ***EDIT*** I didn't see the Forum Management topic, if a mod sees this, could they kindly move it if it is more relavent.
Update: I did some research on the IP address and the domain of the email. Turns out it is a known forum spammer or bot. So, I guess I will just delete their accounts.
Why at the first place a person can use same email to register 5 username at your forum? Normally one email can be used once to create once username.
I agree how is it a user can register the same email 5 times, more less register for the same IP address same amount of times.
You should make it that an 1 email address can only be used once to make an account and you should banned that member if he is a known spammer.
Yeah, I didn't check the default setup. Normally I use phpBB or a full CMS, but I went a different route this time. I guess that SMF doesn't have these options available with a default install. Thank you all for your input, I really appreciate it. Off to fix this security problem.
Good thing you caught this and got those accounts deleted. What will happen, those spam bots will create an account. And in a few days, weeks or even months later they will come back and post all kinds of spam. Since that spam bot had 5 accounts, that means you could have had to clean up 5 times the normal amount of spam. I thought that SMF had an option to deny using the same email address over and over. If your using the built in captcha phrase, changing the email problem is not going to stop the bots. The newer bots have broken the captcha system in SMF. Look on the SMF home page - in there downloads sections - and find an ReCaptcha modification. Get that installed. I had to reset my forum back to the default theme, install the modification, then change the default theme back to what I had the forum set to. My sons SMF forum was getting around 3 - 6 spammers a day. And that was with Captcha and email activation turned on. I installed the ReCaptcha mod, and all of the spam stopped.
very true, you need to restrict the use of the same email address on your forum to only one account. it's in the setting of the forum software. Also to prevent the spammers make it harder for them to be able to recognize the image verification. By making the letters bubble letters as well as adding artifacts and such to the image it'll make it much harder for the bots to register on your site. Many people don't realize this all you really need to do for the majority of bots.
You could also add a forum rule to grant you the right to delete users that do not make a post within 7 days of registration as it sounds acceptable to me. Why would someone register without having the intention to participate..
I will look into putting that in there as a clause as well. When I first launched, I ran a contest to see if I could get so many new and active members, but most members never actively contributed. After I replied to these posts earlier today, I started playing around in the admin panel and digging around SMF's website, I can't find a way to limit accounts to one per email or ip. Somebody on their forums said that it was impossible, well, I guess my forum was the oddity that allowed it to happen LoL. Does anybody here know of a way to make SMF 1.1.8 restrict registration to one account per email or IP?
Yeah, I added ReCaptcha right away today as well. I use it on quite a few other sites, but didn't see any need until I started researching all of the accounts that were being setup for spam use. Thankfully I did catch it in time LoL.
I would recommend using www.stopforumspam.com/, it has an up to date list of spammers, emails, usernames and IP addresses. There are some useful lists of names/ips to block and a few utilities that mght help too.
Have you got a security question included in your sign-up form? It could stop this from happening in the first place, worked for one of my forums.