YAFLogo

squirrel
  • squirrel
  • 100% (Exalted)
  • YAF Leader Topic Starter
4 years ago
It's been a LONG time since I've been to the YAF forums - but we're due for an upgrade, and have had an old problem rear it's head again.

In the past, this wasn't an option - but does YAF now have a feature/function where admins can enter in a list of email address top-level domains that can be blacklisted on registration?

I would hope it would be a simple feature, if it doesn't exist - and if not, am willing to put some time into it although I'm nowhere near the seasoned .NET developer that this team already has - but it's worth it to me to contribute where I can if this feature can be added. Currently, I'm being hit with almost 100 spam registrations a day. They're getting around the new-user security and have the ability to post in forums that their accounts have not been approved for. We've audited our security and logs and can't find anywhere where an admin is logging in after the account is created and approving them for "regular membership".

Currently, they register and have access to only one forum for new members - from there, we would "approve" an account that allows post access to all other forums on the site. Somehow, they're getting registered and approved for full membership without interaction from our admins or moderators, and access logs verify this. I'm not sure what analysis we can provide to find out where the weakness is. Either way, we need to find a way to stop them at the gate, and even reCaptcha isn't slowing them down at all anymore...

Any advice?


If you can't find it using the forum search, try my signature link -- searches this site using Google: Google is my Friend 
Sponsor

tha_watcha
  • tha_watcha
  • 100% (Exalted)
  • YAF.NET Project Lead 🤴 YAF Version: 3.0.3
4 years ago
Please check my article on how to prevent SPAM

https://github.com/YAFNET/YAFNET/wiki/Protect-YAF.NET-against-Spam-BOTS 

Atleast for the support forum the best solution is to use the StopForumSpam.com and BotScout.com service to detect and block spammers during registration. This detects 98% of all Spammers here. and the rest i report back to the service.

Also checking the content is very effective by using the internal spam words. Or block users if they posts more then x amount of urls in one post

Quote:

In the past, this wasn't an option - but does YAF now have a feature/function where admins can enter in a list of email address top-level domains that can be blacklisted on registration?

Yes it is possbile Black list of email/ip address and user names. And you can use regex syntax something simlar like...

.*@gmail.com