Skip to Content Skip to Menu

🌟 CB Editor Assistant 1.0.0 is here! Discover our new AI Joomla Plugin that wrote its story! (and this banner!)
Start at just $12.50/month* or 💸 save 30% with our 🛍️ Black Friday Intro Offer for your subscription's lifetime
Grab It Now!
🎉 Black Friday sale is here! Great savings on professional and developer memberships! Get 25% off now with code BLACK-FRIDAY-2024!

Lots of fake registrations

9 months 5 days ago #337315 by RobertvanderHulst
Lots of fake registrations was created by RobertvanderHulst
I am seeing lots and lots of fake registrations on our website (xsharp.eu). We use cblogin for the login and registration page and we have enabled recaptcha v3.
Some registrations are with fake email addresses, but many others seem to have real email addresses and get confirmed.
Some of these registrations then start to post messages on our forum.
We have configured our forum to make sure that new posts need to be approved first, so I can block these posts, but it costs a significant amount of time to remove these users and messages.
I have the impression that many of these users come from Russia, but some also use IP addresses from (ghost?) computers elsewhere.

Are others seeing this too?
Is maybe our configuration wrong, so the recaptcha is not working?
Are these people abusing a leak on Joomla (4.4.3) and/or CB (2.9.1) ?

Robert

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48560
  • Thanks: 8292
  • Karma: 1445
9 months 3 days ago #337320 by krileon
Replied by krileon on topic Lots of fake registrations
reCaptcha is pretty easy for a bot to beat these days. Maybe try switching to internal code based captcha or adjusting its "Score Threshold" to be more aggressive? We use internal captcha and have more success with it since we can change it regularly to trip up the bots. In a future release we'll also provide hCaptcha and Cloudflare Turnstile, but honestly I doubt they'll do much better.

Additionally if your forums are Kunena we provide a forum antispam plugin with CB AntiSpam to blocks bots from spamming links on the forums. It will only allow external links after a posting threshold.

I also recommend using mod_security and using an aggressive filter list. That often can catch a lot of bad actors including bots.

CB AntiSpam can IP block. In addition to blocking entire ranges of IP addresses. It's typically best to do that server side to stop them from ever reaching your site, but you can configure it from CB AntiSpam as well if you want to quick test blocking a range of IP addresses if you think there's a range specifically targeting you.

Unfortunately AI bots can basically beat any registration requirements. There isn't much more you can do about it I'm afraid.

Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

9 months 3 days ago #337334 by RobertvanderHulst
Replied by RobertvanderHulst on topic Lots of fake registrations
Kyle,
Thanks. I have added some IP range blocks, and that seems to reduce some of the attacks.

Robert

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48560
  • Thanks: 8292
  • Karma: 1445
6 months 5 days ago #338170 by krileon
Replied by krileon on topic Lots of fake registrations
hCaptcha and Cloudflare Turnstile captcha modes are now available in CB AntiSpam 6.0.0. So we now offer some additional captcha modes you're welcome to try that could help reduce or eliminate the attacks. Both are more privacy focused options.

Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

6 months 5 days ago #338175 by RobertvanderHulst
Replied by RobertvanderHulst on topic Lots of fake registrations
Kyle,
Thanks for the suggestions.
When researching the problems we discovered that our Recaptcha keys were not correct, so there was no real captcha check.
We have corrected that and now the # of fake registrations is almost zero.

Robert
The following user(s) said Thank You: krileon

Please Log in or Create an account to join the conversation.

Moderators: beatnantkrileon
Powered by Kunena Forum